Guest User

brokensql3

a guest
Jul 27th, 2017
129
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Br0kenMySQL
  2.  
  3.  
  4. <title>Br0kenMySQL</title><h1><pre>
  5. <p style='color:Red'>Br0kenMySQL</p>
  6. <?php
  7.  
  8. if($_GET['debug']=='🕵') die(highlight_file(__FILE__));
  9.  
  10. require '../config.php';
  11.  
  12. $link = mysqli_connect('localhost', MYSQL_USER, MYSQL_PASSWORD);
  13.  
  14. if (!$link) {
  15.     die('Could not connect: ' . mysql_error());
  16. }
  17.  
  18. if (!mysqli_select_db($link,MYSQL_USER)) {
  19.     die('Could not select database: ' . mysql_error());
  20. }
  21.     $id = $_GET['id'];
  22.     if(preg_match('#sleep|benchmark|floor|rand|count|select|from|\(|\)|time|date|sec|day#is',$id))
  23.         die('Don\'t hurt me :-(');
  24.     $query = mysqli_query($link,"SELECT username FROM users WHERE id = ". $id);
  25.     $row = mysqli_fetch_array($query);
  26.     $username = $row['username'];
  27.    
  28.     if($username === 'guest'){
  29.         sleep(5); // wait
  30.         $ip = @$_SERVER['HTTP_X_FORWARDED_FOR']!="" ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
  31.         if(preg_match('#sleep|benchmark|floor|rand|count|select|from|\(|\)|time|date|sec|day#is',$ip))
  32.             die('Don\'t hurt me :-(');
  33.         var_dump($ip);
  34.         if(!empty($ip))
  35.             mysqli_query($link,"INSERT INTO logs VALUES('{$ip}')");
  36.  
  37.         $query = mysqli_query($link,"SELECT username FROM users WHERE id = ". $id);
  38.         $row = mysqli_fetch_array($query);
  39.         $username = $row['username'];
  40.         if($username === 'admin'){
  41.             echo "What, again ???????!@#$!@#$!@#$\n";
  42.             echo "Last one, promise!\n";
  43.             die(FLAG_3);
  44.         }
  45.         echo "Nothing here";
  46.     } else {
  47.         echo "Hello ".$username;
  48.     }
  49.  
  50.  
  51.  
  52.  
  53. ?>
  54. </h1>
  55. </pre>
  56.  
  57. 1
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×