function pre_test() { global $username; // Target URL valid? xecho("Validating target URL"); if (strpos(make_get($GLOBALS['target']), 'search_in_archives') === false) { die('Target URL not valid!'); } xecho("URL is valid"); $un = "^{$username}\$"; if (make_query($un) !== 1) { die('Pretest 1 failed - wrong username?'); } else { xecho("Pretest 1 passed - username OK", 1); } $hp = '^[a-f0-9]{32}$'; if (make_query($un, $hp) !== 1) { die('Pretest 2 failed - target not vulnerable?'); } else { xecho("Pretest 2 passed - regex injection OK", 1); } $hp = '^[a-f0-9]{1337}$'; if (make_query($un, $hp) !== 0) { die('Pretest 3 failed - target not vulnerable?'); } else { xecho("Pretest 3 passed - regex injection OK", 1); } }
<?php $db = new mysqli('localhost', 'root', 'root', 'realestate_db'); // <-- Toggle //$db = new mysqli('localhost','root','','realestate_db'); // <-- Toggle $query = make_query(); $userid = test_input($_POST["userid"]); $result = $db->query($query); $json = '{"properties": ['; $first = True; if ($result) { while ($row = $result->fetch_assoc()) { $photo = get_photo($row['pid']); $favorite = get_favorite($row['pid']); $verified = get_verified($row['sellerID']); if ($first) { $json .= '{"pid": "' . $row['pid'] . '", "addr": "' . $row['addr'] . '", "city": "' . $row['city'] . '", "state": "' . $row['state'] . '", "price": "' . $row['price'] . '", "photo": "' . $photo . '", "favorite": "' . $favorite . '", "verified": "' . $verified . '"}'; $first = False; } else { $json .= ',{"pid": "' . $row['pid'] . '", "addr": "' . $row['addr'] . '", "city": "' . $row['city'] . '", "state": "' . $row['state'] . '", "price": "' . $row['price'] . '", "photo": "' . $photo . '", "favorite": "' . $favorite . '", "verified": "' . $verified . '"}'; } } $result->free(); } $json .= ']}'; echo $json; function make_query() { $params = array(); $query = "SELECT * FROM PROPERTY"; $first = True;
function get_objects($post_title, $meta_keys = false, $sort_by = false, $limit = false) { global $wpdb; $objects = $object = array(); if ($meta_keys) { sort($meta_keys); } $metas = $wpdb->get_results(make_query($post_title, $meta_keys, $limit)); $i = $last_id = 0; foreach ($metas as $meta) { if ($meta->post_id != $last_id && $last_id != 0) { $key = $sort_by ? $object[$sort_by] : $i; $objects[$key] = $object; $i++; } $object['id'] = $last_id = $meta->post_id; $object[$meta->meta_key] = $meta->meta_value; } if (empty($object)) { return array(); } $key = $sort_by ? $object[$sort_by] : $i; $objects[$key] = $object; if ($sort_by) { ksort($objects); } return $objects; }
function do_queue($db, $params) { $qt = db_tablename('quotes', $params); return make_query($db, "SELECT * FROM {$qt} where queue=1"); }