liauliau
02.07.2013, 00:19
как сделать SQL INJ ?
PHP:
include"config.php";
include"functions.php";
$connect=mysql_connect($sms_hostname,$sms_username ,$sms_password) or die(mysql_error());
$select=mysql_select_db($sms_database,$connect) o r die(mysql_error());
$ip=$_SERVER['REMOTE_ADDR'];
$c= ($_GET['c']);
$p= ($_GET['p']);
$ingame= ($_GET['ingame']);
if($ingame!=1){
$ingame=0;
}
$page=$_SERVER['QUERY_STRING'];
if($p=="atgauti"){
echo"Paslaugu Grazinimas
table.sarasas {
font-size:12px;
}
Paslaugu Grazinimas
";
echo"Paslaugos susigrazinimo forma pagal savo sena IP (Internet Protocol),
numeri (is kurio paskutini karta uzsisakete paslauga),
data (kada paskutini karta pirkote paslauga).
";
echo"
Senas IP:
Numeris:
Naujas IP:
Kada uzsisakete VIP, ADMIN..:
* Viska butina teisingai uzpildyti - Kitaip neatgausi paslaugos!
";
}else if($p=="unban"){
echo"Unban
Unban
";
$connect=mysql_connect($amxbans_hostname,$amxbans_ username,$amxbans_password) or die(mysql_error() );
$select=mysql_select_db($amxbans_database,$connect ) or die(mysql_error());
$result=mysql_query("SELECT bid FROM amx_bans") or die(mysql_error());
$rows=mysql_num_rows($result);
echo"Bans in database: ".$rows."
IP address - ".$ip."
";
$r=mysql_query("SELECT * FROM amx_bans WHERE player_ip = '$ ip' LIMIT 1");
$row=mysql_fetch_array($r,MYSQL_ASSOC);
if(!$row) {
echo"Status: Not banned.
";
} else {
echo"Status: You have been banned!
Reason: $row[ban_reason]
";
$connect=mysql_connect($sms_hostname,$sms_username ,$sms_password) or die(mysql_error());
$select=mysql_select_db($sms_database,$connect) o r die(mysql_error());
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'unban' LIMIT 1");
$row=mysql_fetch_array($r,MYSQL_ASSOC);
$price[unban]=$row['price']/1000;
echo"Unban Price:$price[unban]LTL
";
}
}else if($p=="specadmin"){
echo"SPECADMIN order on IP
SPECADMIN order on IP
";
echo" ";
$r=mysql_query("SELECT * FROM sms1 WHERE `mod` = 'specadmin ' ORDER BY id");
while ($row=mysql_fetch_assoc($r) )
{
echo" ";
}
$r2=mysql_query("SELECT * FROM sms1 WHERE `mod` = 'specadmin ' AND `country` = '$c'");
$row2=mysql_fetch_array($r2,MYSQL_ASSOC);
$r3=mysql_query("SELECT * FROM amx_amxadmins WHERE `username` = '$ip'");
$row3=mysql_fetch_array($r3,MYSQL_ASSOC);
if(!$row2){
if($row3){
if($row3[access] =="$vip_access"){
echo"
Your VIP end at $row3[timeleft]";
}else if($row3[access] =="$admin_access"){
echo"
Your ADMIN end at $row3[timeleft]";
}else if($row3[access] =="$specadmin_access"){
echo"
Your SPECVIP end at $row3[timeleft]";
}
}
echo"
Choose your country to order SPECADMIN on I P.";
die;
}
echo"
$c";
$price=$row2[price]/100;
if($c=="Lietuva"){
echo"Apmokejimas padidinto tarifo SMS zinutemis:
Siuskite zinute su tekstu: $ro w2[keyword]$ip numeriu: $row2[number] Kaina$price$row2[currency]/$row2[days]Dienu.
Kai nusiusite SMS zinute iskar t po atsakymo SPECADMIN bus automatiskai akt ivuotas!
";
$specadmin_900[price] =$specadmin_900[price]/100;
if($ingame!="1"){
echo"
Ka gauni budamas SPECADMIN?
";
}else{ echo"
"; echo"
Ka gauni budamas SPECADMIN?
"; }
}elseif($c=="Russia"){
echo"Оплата с помощью СМС:
Отправте SMS сообщ ние: $row2[keyword]$ip на номер: $row2[number] цена$price$row2[currency]/$row2[days]дней.
После получения о тветного СМС сообщения SPEC ADMIN будет активирован!";
if($ingame!="1"){
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'specadmi n' ORDER BY price");
echo"
Оплата через индивидуалны е платежные системы:
Выберети SPECADMI N продолжительность:
";
echo"
";
while($row=mysql_f etch_assoc($r))
{
$price=$row['price']/100;
echo' '.$row['days'].' дней. - '.$price.' LTL';
}
echo"";
echo"
";
}else{ echo"
"; }
echo"
Что я получу став SPECADMIN'о м?
";
}else{
echo"Payment using SMS:
Send messages with text: $row2[keyword]$ip to number: $row2[number] Price$price$row2[currency]/$row2[days]Days.
When uploading SMS messages im mediately after the response SPECADMIN will be automatically activated!
";
if($ingame!="1"){
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'specadmi n' ORDER BY price");
echo"
What you get as a SPECADMIN?
";
}else{ echo"
"; echo"
What you get as a SPECADMIN?
"; }
}
if($c=="Lietuva"){
echo$specadmin_web_access_lt;
}elseif($c=="Russia"){
echo$specadmin_web_access_ru;
}else{
echo$specadmin_web_access;
}
PHP:
include"config.php";
include"functions.php";
$connect=mysql_connect($sms_hostname,$sms_username ,$sms_password) or die(mysql_error());
$select=mysql_select_db($sms_database,$connect) o r die(mysql_error());
$ip=$_SERVER['REMOTE_ADDR'];
$c= ($_GET['c']);
$p= ($_GET['p']);
$ingame= ($_GET['ingame']);
if($ingame!=1){
$ingame=0;
}
$page=$_SERVER['QUERY_STRING'];
if($p=="atgauti"){
echo"Paslaugu Grazinimas
table.sarasas {
font-size:12px;
}
Paslaugu Grazinimas
";
echo"Paslaugos susigrazinimo forma pagal savo sena IP (Internet Protocol),
numeri (is kurio paskutini karta uzsisakete paslauga),
data (kada paskutini karta pirkote paslauga).
";
echo"
Senas IP:
Numeris:
Naujas IP:
Kada uzsisakete VIP, ADMIN..:
* Viska butina teisingai uzpildyti - Kitaip neatgausi paslaugos!
";
}else if($p=="unban"){
echo"Unban
Unban
";
$connect=mysql_connect($amxbans_hostname,$amxbans_ username,$amxbans_password) or die(mysql_error() );
$select=mysql_select_db($amxbans_database,$connect ) or die(mysql_error());
$result=mysql_query("SELECT bid FROM amx_bans") or die(mysql_error());
$rows=mysql_num_rows($result);
echo"Bans in database: ".$rows."
IP address - ".$ip."
";
$r=mysql_query("SELECT * FROM amx_bans WHERE player_ip = '$ ip' LIMIT 1");
$row=mysql_fetch_array($r,MYSQL_ASSOC);
if(!$row) {
echo"Status: Not banned.
";
} else {
echo"Status: You have been banned!
Reason: $row[ban_reason]
";
$connect=mysql_connect($sms_hostname,$sms_username ,$sms_password) or die(mysql_error());
$select=mysql_select_db($sms_database,$connect) o r die(mysql_error());
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'unban' LIMIT 1");
$row=mysql_fetch_array($r,MYSQL_ASSOC);
$price[unban]=$row['price']/1000;
echo"Unban Price:$price[unban]LTL
";
}
}else if($p=="specadmin"){
echo"SPECADMIN order on IP
SPECADMIN order on IP
";
echo" ";
$r=mysql_query("SELECT * FROM sms1 WHERE `mod` = 'specadmin ' ORDER BY id");
while ($row=mysql_fetch_assoc($r) )
{
echo" ";
}
$r2=mysql_query("SELECT * FROM sms1 WHERE `mod` = 'specadmin ' AND `country` = '$c'");
$row2=mysql_fetch_array($r2,MYSQL_ASSOC);
$r3=mysql_query("SELECT * FROM amx_amxadmins WHERE `username` = '$ip'");
$row3=mysql_fetch_array($r3,MYSQL_ASSOC);
if(!$row2){
if($row3){
if($row3[access] =="$vip_access"){
echo"
Your VIP end at $row3[timeleft]";
}else if($row3[access] =="$admin_access"){
echo"
Your ADMIN end at $row3[timeleft]";
}else if($row3[access] =="$specadmin_access"){
echo"
Your SPECVIP end at $row3[timeleft]";
}
}
echo"
Choose your country to order SPECADMIN on I P.";
die;
}
echo"
$c";
$price=$row2[price]/100;
if($c=="Lietuva"){
echo"Apmokejimas padidinto tarifo SMS zinutemis:
Siuskite zinute su tekstu: $ro w2[keyword]$ip numeriu: $row2[number] Kaina$price$row2[currency]/$row2[days]Dienu.
Kai nusiusite SMS zinute iskar t po atsakymo SPECADMIN bus automatiskai akt ivuotas!
";
$specadmin_900[price] =$specadmin_900[price]/100;
if($ingame!="1"){
echo"
Ka gauni budamas SPECADMIN?
";
}else{ echo"
"; echo"
Ka gauni budamas SPECADMIN?
"; }
}elseif($c=="Russia"){
echo"Оплата с помощью СМС:
Отправте SMS сообщ ние: $row2[keyword]$ip на номер: $row2[number] цена$price$row2[currency]/$row2[days]дней.
После получения о тветного СМС сообщения SPEC ADMIN будет активирован!";
if($ingame!="1"){
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'specadmi n' ORDER BY price");
echo"
Оплата через индивидуалны е платежные системы:
Выберети SPECADMI N продолжительность:
";
echo"
";
while($row=mysql_f etch_assoc($r))
{
$price=$row['price']/100;
echo' '.$row['days'].' дней. - '.$price.' LTL';
}
echo"";
echo"
";
}else{ echo"
"; }
echo"
Что я получу став SPECADMIN'о м?
";
}else{
echo"Payment using SMS:
Send messages with text: $row2[keyword]$ip to number: $row2[number] Price$price$row2[currency]/$row2[days]Days.
When uploading SMS messages im mediately after the response SPECADMIN will be automatically activated!
";
if($ingame!="1"){
$r=mysql_query("SELECT * FROM ebank WHERE `mod` = 'specadmi n' ORDER BY price");
echo"
What you get as a SPECADMIN?
";
}else{ echo"
"; echo"
What you get as a SPECADMIN?
"; }
}
if($c=="Lietuva"){
echo$specadmin_web_access_lt;
}elseif($c=="Russia"){
echo$specadmin_web_access_ru;
}else{
echo$specadmin_web_access;
}