SHARE
TWEET

Untitled

a guest May 22nd, 2017 133 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. $ip = $_SERVER['REMOTE_ADDR'];
  3. $time = date("l dS of F Y h:i:s A");
  4. $script = $_SERVER[PATH_TRANSLATED];
  5. $fp = fopen ("[WEB]SQL_Injection.txt", "a+");
  6. $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
  7. $sql_inject_2 = array("", "","","""); #To wont replace
  8. $GET_KEY = array_keys($_GET); #array keys from $_GET
  9. $POST_KEY = array_keys($_POST); #array keys from $_POST
  10. $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
  11. /*begin clear $_GET */
  12. for($i=0;$i<count($GET_KEY);$i++)
  13. {
  14. $real_get[$i] = $_GET[$GET_KEY[$i]];
  15. $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
  16. if($real_get[$i] != $_GET[$GET_KEY[$i]])
  17. {
  18. fwrite ($fp, "IP: $ip\r\n");
  19. fwrite ($fp, "Method: GET\r\n");
  20. fwrite ($fp, "Value: $real_get[$i]\r\n");
  21. fwrite ($fp, "Script: $script\r\n");
  22. fwrite ($fp, "Time: $time\r\n");
  23. fwrite ($fp, "==================================\r\n");
  24. }
  25. }
  26. /*end clear $_GET */
  27. /*begin clear $_POST */
  28. for($i=0;$i<count($POST_KEY);$i++)
  29. {
  30. $real_post[$i] = $_POST[$POST_KEY[$i]];
  31. $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
  32. if($real_post[$i] != $_POST[$POST_KEY[$i]])
  33. {
  34. fwrite ($fp, "IP: $ip\r\n");
  35. fwrite ($fp, "Method: POST\r\n");
  36. fwrite ($fp, "Value: $real_post[$i]\r\n");
  37. fwrite ($fp, "Script: $script\r\n");
  38. fwrite ($fp, "Time: $time\r\n");
  39. fwrite ($fp, "==================================\r\n");
  40. }
  41. }
  42. /*end clear $_POST */
  43. /*begin clear $_COOKIE */
  44. for($i=0;$i<count($COOKIE_KEY);$i++)
  45. {
  46. $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
  47. $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
  48. if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
  49. {
  50. fwrite ($fp, "IP: $ip\r\n");
  51. fwrite ($fp, "Method: COOKIE\r\n");
  52. fwrite ($fp, "Value: $real_cookie[$i]\r\n");
  53. fwrite ($fp, "Script: $script\r\n");
  54. fwrite ($fp, "Time: $time\r\n");
  55. fwrite ($fp, "==================================\r\n");
  56. }
  57. }
  58.  
  59. /*end clear $_COOKIE */
  60. fclose ($fp);
  61. ?>
  62. <?php
  63.    include "./Secure.php";
  64. ini_set('display_errors', 0);
  65. $connection = mssql_connect('CT33353\SQLEXPRESS', '', '');
  66. if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
  67. {
  68.    die('Konnte keine verbindung zum MSSQL Server herstellen');
  69. }
  70.  
  71. function resafe($key){
  72.  $s = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a", "\"'\"", "'\"'");
  73.   return str_replace($s, "", $key);
  74. }
  75. function __construct(){
  76.   if($_SERVER['REQUEST_METHOD'] == 'GET'){
  77.   $_GET = array_map(array(&$this, 'resafe'), $_GET);
  78.   }
  79.   if($_SERVER['REQUEST_METHOD'] == 'POST'){
  80.   $_POST = array_map(array(&$this, 'resafe'), $_POST);
  81.   }
  82. }
  83.  
  84. $checkusername = $_POST['Username'];
  85. $query = mssql_query("SELECT account FROM ACCOUNT_DBF WHERE account = '$checkusername'");
  86. $result = mssql_fetch_row($query);
  87.  
  88. if(isset($_POST['submit'])){
  89.     if($_POST['Username'] == ""){
  90.         $error = '<font color="red">Bitte gib deinen Accountnamen an.</font>';
  91.     }
  92.     else if($result[0] == $checkusername){
  93.         $error = '<font color="red">Dein Accountsname ist bereits vergeben.</font>';
  94.     }
  95.     else if($_POST['Password'] == ""){
  96.         $error = '<font color="red">Bitte ein Passwort eingeben.</font>';
  97.     }
  98.     else if($_POST['Password2'] == ""){
  99.         $error = '<font color="red">Du hast kein Passwort angegeben.</font>';
  100.     }
  101.     else if($_POST['birthday'] == ""){
  102.         $error = '<font color="red">Bitte gib dein Geburtsdatum an.</font>';
  103.     }
  104.     else if($_POST['mail'] == ""){
  105.         $error = '<font color="red">Bitte gib deine E Mail Adresse an.</font>';
  106.     }
  107.     else{
  108.         $password = md5('kikugalanet' . $_POST['Password']);
  109.         $stmt = mssql_init('webCreateAcc', $connection);
  110.                 mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15);
  111.                 mssql_bind($stmt, '@password', resafe($password), SQLVARCHAR, false, false, 36);
  112.                 mssql_bind($stmt, '@birthday', $_POST['birthday'], SQLVARCHAR, false, false, 120);
  113.                 mssql_bind($stmt, '@email', $_POST['mail'], SQLVARCHAR, false, false, 120);
  114.                 mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
  115.                 mssql_free_statement($stmt);
  116.                 $error = '<font color="green">Dein Account wurde erstellt</font>';
  117.     }
  118. }
  119.  
  120. echo '<form action="register.php" method="post">';
  121. echo 'Account:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="Username" /><br /><br />';
  122. echo 'Passwort:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="Password" /><br /><br />';
  123. echo 'Passwort wiederholen: <input type="password" name="Password2" /><br /><br />';
  124. echo 'Geburtsdatum: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="birthday" /><br /><br />';
  125. echo 'E-mail Adresse: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="mail" /><br />';
  126. echo '<input type="submit" name="submit" value="Registrieren" />';
  127. echo '</form>';
  128. echo $error;
  129.  
  130. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top