Anmelden
Benutzerkonto erstellen
bestehend aus einer sql file das man improtieren muss, und einer PHP file in der paat sachen geändert werden müssen
<?php
error_reporting (0);
session_start();
ob_start();
if (file_exists ('import.sql')) {
echo "importiere erst \"import.sql\" in die datenbank und lösche es anschließend!";
exit();
}
$db = mysqli_connect ('localhost', 'root', 'e4f3fac624', 'vulnbase2') or die (mysqli_connect_error ()); mysqli_set_charset ($db, 'utf8');
$vs = "2.0";
$rk = "9Xsß2";
$lm = array ('login' => 'ja', 'pass' => 'passwort'); //Login Module ja/nein = an/aus
if (isset ($_SESSION['ab'])) {
header ('Location: https://www.youtube.com/watch?v=Hdz8k0SZIfk;');
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>VULNBASE - v.<?php echo $vs; ?></title>
<meta charset="utf8 "/>
<style>html {background:#ededed;} body {background:#fff;width:980px;margin:auto;color:#3b3b3b;font:13px verdana;} a {text-decoration:none;} .head {height:70px;line-height:70px;background:#3b3b3b;padding-left:20px;font-size:19px;letter-spacing:3px;text-transform:uppercase;color:#fff;cursor:default;} .head a {font-weight:bold;color:#fff;} .cont {padding:10px 20px;border-right:1px solid #b4b4B4;border-left:1px solid #b4b4B4;border-bottom:1px solid #b4b4B4;} .frig {float:right;} .bord {border-bottom:1px solid #b4b4B4;margin:10px 0px;} form {margin:10px 0px;} input, select, textarea {border: 1px solid #b4b4b4;padding:3px;} select, input[type=submit] {padding:2px;cursor:pointer;} input[type=text] {width:350px;} input[type=submit] {background:#f0f0f0;} .stat {cursor:default;} textarea {resize:none;width:350px;height:100px;} .tabl {display:table-row;height:35px;} .cell {border-right:1px solid #bfbfbf;display:table-cell;width:120px;} .cellu {display:table-cell;width:410px;padding-left:10px;} .cellu a {color:#000;} .cellu input {width:290px;} .cello {display:table-cell;width:30px;color:#000;border-right:1px solid #bfbfbf;} .tm {text-align:center} .srch {display:inline;margin:0px;} .post {margin:auto;} .post textarea {width:99%;height:90px;} .post a {color:#000;}</style>
</head>
<body>
<div class="head">
<a href="index.php">vulnbase</a> - v.<?php echo $vs; ?>
</div>
<div class="cont">
<?php
if ($lm['login'] == "nein" || isset ($_SESSION['lm']) && $_SESSION['lm'] == $lm['pass']) {
?>
<div class="stat">
<?php
$sa = mysqli_num_rows (mysqli_query ($db, 'SELECT * FROM vulns'));
$ss = mysqli_num_rows (mysqli_query ($db, 'SELECT * FROM vulns WHERE `typ` = "1"'));
$sx = mysqli_num_rows (mysqli_query ($db, 'SELECT * FROM vulns WHERE `typ` = "2"'));
$sr = mysqli_num_rows (mysqli_query ($db, 'SELECT * FROM vulns WHERE `typ` = "3"'));
$sp = mysqli_num_rows (mysqli_query ($db, 'SELECT * FROM vulns WHERE `post` != "0"'));
?>
Statistiken: <?php echo $ss; ?> SQLi | <?php echo $sx; ?> XSS | <?php echo $sr; ?> RCE | d.v. <?php echo $sp; ?> POST
<span class="frig"><?php echo $sa; ?> Einträge</span>
</div>
<div class="bord"></div>
Einen neuen Eintrag anlegen:
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="url" placeholder="http://target.com/" />
<select name="typ">
<option value="1">SQLi</option>
<option value="2">XSS</option>
<option value="3">RCE</option>
</select>
<input type="submit" name="ins" value="Eintragen" /><p/>
POST Vulnerability? (Ansonsten leer lassen):<p/>
<textarea name="post" placeholder="¶meter= ..."></textarea>
</form>
<?php
if (isset ($_POST['ins']) && !empty ($_POST['url']) && !empty ($_POST['typ'])) {
$url = mysqli_real_escape_string ($db, htmlspecialchars ($_POST['url'], ENT_QUOTES));
$typ = intval ($_POST['typ']);
$datum = date ('d.m.y');
$xml = simplexml_load_file ('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
$rank = isset ($xml->SD[1]->POPULARITY)?$xml->SD[1]->POPULARITY->attributes()->TEXT:0;
$cour = strlen ($rank);
if ($cour > 4) {
$rank = substr ($rank, 0, 4)."+";
}
if (!empty ($_POST['post'])) {
$post = mysqli_real_escape_string ($db, htmlentities ($_POST['post']));
$sql = "INSERT INTO vulns (`typ`, `datum`, `rank`, `system`, `url`, `post`) VALUES ('$typ', '$datum', '$rank', 'linux', '$url', '$post')";
}
else {
$sql = "INSERT INTO vulns (`typ`, `datum`, `rank`, `system`, `url`, `post`) VALUES ('$typ', '$datum', '$rank', 'linux', '$url', '0')";
}
$exe = mysqli_query ($db, $sql) or die (mysqli_error ($db));
header ('Location: index.php');
exit();
}
?>
<div class="bord"></div>
<form action="<?php $_SERVER['PHP_SELF']; ?>" style="width:200px;display:inline;" method="get">
<select name="f">
<option value="0" selected>Neu</option>
<option value="1">Typ</option>
<option value="2">Datum</option>
<option value="3">Rank</option>
<option value="4">System</option>
<option value="5">POST</option>
</select>
<input type="submit" value="Filter anwenden" />
</form>
<?php
if (isset ($_GET['f']) && is_numeric ($_GET['f'])) {
$f = intval($_GET['f']);
switch ($f) {
case "0":
$f = "id DESC";
break;
case "1":
$f = "typ";
break;
case "2":
$f = "datum";
break;
case "3":
$f = "rank";
break;
case "4":
$f = "typ";
break;
case "5":
$f = "post DESC";
break;
default:
$f = "id DESC";
}
}
else {
$f = "id DESC";
}
?>
<form action="" method="post" class="srch frig">
<input type="text" name="sb" placeholder="Suchbegriff eingeben ..." />
<input type="submit" name="s" value="Suchen" />
</form>
<div style="clear:both;"></div>
<div class="bord"></div>
<?php
if (isset ($_POST['sb']) && !empty ($_POST['s'])) {
$sb = mysqli_real_escape_string ($db, htmlspecialchars ($_POST['sb'], ENT_QUOTES));
$sql = "SELECT * FROM vulns WHERE `url` LIKE '%$sb%'";
$exe = mysqli_query ($db, $sql) or die (mysqli_error ($db));
if (mysqli_num_rows ($exe) > 0) {
$row = mysqli_fetch_array ($exe);
switch ($row['typ']) {
case "1":
$typ = "SQLi";
break;
case "2":
$typ = "XSS";
break;
case "3":
$typ = "RCE";
break;
default:
$typ = "???";
}
?>
<div class="tabl">
<a href="?l=<?php echo $row['id']; ?>" onclick="return confirm('Eintrag wirklich entfernen?');" class="cello">[L]</a>
<span class="cell tm">Typ: <?php echo $typ; ?></span>
<span class="cell tm"><?php echo $row['datum']; ?></span>
<span class="cell tm">Rank: <?php echo $row['rank']; ?></span>
<span class="cell tm">System: <?php echo $row['system']; ?></span>
<span class="cellu">
URL: <input type="text" onclick="this.select();" value="<?php echo $row['url']; ?>" />
<?php
if ($row['post'] != "0") {
?>
<a href="?p=<?php echo $row['id']; ?>">POST Data</a>
<?php
}
?>
</span>
</div>
<div class="bord" style="margin-top:0px;"></div>
<?php
}
}
if (isset ($_GET['p']) && is_numeric ($_GET['p'])) {
$pid = intval ($_GET['p']);
$sql = "SELECT * FROM vulns WHERE `id` = '$pid' AND `post` != '0'";
if (mysqli_num_rows (mysqli_query ($db, $sql)) > 0) {
$exe = mysqli_query ($db, $sql) or die (mysqli_error ($db));
$row = mysqli_fetch_array ($exe);
?>
<div class="post">
POST Data von <?php echo $row['url']; ?>
<a href="index.php" class="frig">[CLOSE]</a><p/>
<textarea onclick="this.select();"><?php echo $row['post']; ?></textarea>
<div class="bord"></div>
</div>
<?php
}
else {
header ('Location: index.php');
exit();
}
}
if ($sa > 0) {
$sql = "SELECT * FROM vulns ORDER BY $f";
$exe = mysqli_query ($db, $sql) or die (mysqli_error ($db));
while ($row = mysqli_fetch_array ($exe)) {
switch ($row['typ']) {
case "1":
$typ = "SQLi";
break;
case "2":
$typ = "XSS";
break;
case "3":
$typ = "RCE";
break;
default:
$typ = "???";
}
?>
<div class="tabl">
<a href="?l=<?php echo $row['id']; ?>" onclick="return confirm('Eintrag wirklich entfernen?');" class="cello">[L]</a>
<span class="cell tm">Typ: <?php echo $typ; ?></span>
<span class="cell tm"><?php echo $row['datum']; ?></span>
<span class="cell tm">Rank: <?php echo $row['rank']; ?></span>
<span class="cell tm">System: <?php echo $row['system']; ?></span>
<span class="cellu">
URL: <input type="text" onclick="this.select();" value="<?php echo $row['url']; ?>" />
<?php
if ($row['post'] != "0") {
?>
<a href="?p=<?php echo $row['id']; ?>">POST Data</a>
<?php
}
?>
</span>
</div>
<?php
}
if (isset ($_GET['l']) && is_numeric ($_GET['l'])) {
$id = intval ($_GET['l']);
if (mysqli_num_rows (mysqli_query ($db, "SELECT * FROM vulns WHERE `id` = '$id'")) > 0) {
$sql = "DELETE FROM vulns WHERE `id` = '$id'";
$exe = mysqli_query ($db, $sql) or die (mysqli_error ($db));
header ('Location: index.php');
exit();
}
else {
header ('Location: index.php');
exit();
}
}
}
else {
echo "Keine Einträge vorhanden.";
}
}
elseif ($lm['login'] == "ja") {
?>
<div class="stat">
[LM] Bitte anmelden:
<span class="frig">Hallo: <?php echo php_uname('n'); ?> | <?php echo $_SERVER['REMOTE_ADDR']; ?></span>
</div>
<div class="bord"></div>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="pass" placeholder="Passwort eingeben ..." />
<input type="submit" name="l" value="Login" />
</form>
<?php
if (isset ($_POST['l']) && !empty ($_POST['pass'])) {
$pass = mysqli_real_escape_string ($db, htmlspecialchars ($_POST['pass'], ENT_QUOTES));
if ($pass == $lm['pass']) {
$_SESSION['lm'] = $pass;
header ('Location: index.php');
exit();
}
else {
$_SESSION['ab'] = "kid";
header ('Location: https://www.youtube.com/watch?v=Hdz8k0SZIfk;');
exit();
}
}
}
else {
exit ('error: login modul');
}
?>
<div class="bord"></div>
<?php
if ($lm['login'] == "ja") {
echo "SAFE MODE = on";
if (isset ($_SESSION['lm']) && $_SESSION['lm'] == $lm['pass']) {
echo " | <a href=\"?out\" style=\"color:#000;\">Abmelden</a>";
if (isset ($_GET['out'])) {
session_destroy();
session_unset();
header ('Location: index.php');
exit();
}
}
}
elseif ($lm['login'] == "nein") {
echo "SAFE MODE = off";
}
?>
<span class="frig">made with ⤠by 404</span>
</div>
</body>
</html>
-- phpMyAdmin SQL Dump -- version 4.2.11 -- http://www.phpmyadmin.net -- -- Host: 127.0.0.1 -- Erstellungszeit: 28. Jan 2015 um 20:52 -- Server Version: 5.6.21 -- PHP-Version: 5.6.3 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Datenbank: `vulnbase2` -- -- -------------------------------------------------------- -- -- Tabellenstruktur für Tabelle `vulns` -- CREATE TABLE IF NOT EXISTS `vulns` ( `id` int(4) NOT NULL, `typ` int(1) NOT NULL, `datum` varchar(8) NOT NULL, `rank` varchar(5) NOT NULL, `system` varchar(30) NOT NULL, `url` varchar(65) NOT NULL, `post` text NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; -- -- Indizes der exportierten Tabellen -- -- -- Indizes für die Tabelle `vulns` -- ALTER TABLE `vulns` ADD PRIMARY KEY (`id`); -- -- AUTO_INCREMENT für exportierte Tabellen -- -- -- AUTO_INCREMENT für Tabelle `vulns` -- ALTER TABLE `vulns` MODIFY `id` int(4) NOT NULL AUTO_INCREMENT; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
grüße gehen raus an 404
Nach oben
Melden
Coding
Web Coding
