facebook facebook twitter rss

PHP HACKBAR

Author: UzunDz , Published: 30-04-2014
<title> PHP HACKBAR </title>
<head><style>
textarea
{
border:1px solid #999999;
width:99%;
}
</style>
</head>
<form method="POST">
<select name='SQLi' onChange="submit();">
<option>SQL INJECTION</option>
<option>UNION SELECT</option>
<option>MYSQL CHAR</option>
<option>MSSQL CHAR</option>
<option>ORACLE CHAR</option>
<option>FILETRING</option>
<option>CONVERT utf8</option>
<option>unhex(hex())</option>
</select>
<select name='XSS' onChange="submit();" >
<option>XSS</option>
<option>StringfromCharCode</option>
<option>HTML ENCODE</option>
<option>HTML DECODE</option>

</select>
<select name='Encod3' onChange="submit();" >
<option>Encode - Decode</option>
<option>BASE64 Encode</option>
<option>BASE64 Decode</option>
<option>Hex Encode</option>
<option>Hex Decode</option>
<option>URL FULL Encode</option>
<option>URL FULL Decode</option>
</select>

<hr>
<pre>
Query :

<textarea rows="13" name="query" placeholder="write something !!" />
<?php

/*
* AUTHOR : UZUNDZ.
* HOME : Sec4ever.Com.
* PHP HACKBAR.
* FUNCTIONS :
    UNION , FILETRING.
* UPDATED : 30/03/2014.
* FUNCTIONS ADDED :
    MYSQL & MSSQL & ORACLE CHAR ,BASE64 Encode & Decode , Hex Encode & Decode , URL FULL Encode & Decode ,  
    HTML Encode & Decode, String.fromCharCode, COVERT , unhex(hex()).
*/
error_reporting(0);
$hackbar = new hackbar();
if(!empty(
$_POST['query'])){
$hack $_POST['query'];
    switch (
$_POST['SQLi'])
    {
        case 
"UNION SELECT" $hackbar->UNION(trim($hack)); break;
        case 
"MYSQL CHAR" $hackbar->CHAR(trim($hack),"",",","MYSQL"); break;
        case 
"MSSQL CHAR" $hackbar->CHAR(trim($hack),"CHAR","+","",1); break;
        case 
"ORACLE CHAR" $hackbar->CHAR(trim($hack),"CHR","||","ORACLE",1); break;
        case 
"FILETRING" $hackbar->FILTER(trim($hack)); break;
        case 
"CONVERT utf8" : echo "CONVERT(".trim($hack)." USING utf8)"; break;
        case 
"unhex(hex())" : echo "unhex(hex(".trim($hack)."))"; break;
    }

    switch (
$_POST['Encod3'])
    {
        case 
"BASE64 Encode" $hackbar->base64(trim($hack),"ENC"); break;
        case 
"BASE64 Decode" $hackbar->base64(trim($hack)); break;
        case 
"Hex Encode" $hackbar->strToHex(trim($hack)); break;
        case 
"Hex Decode" $hackbar->ToStr(trim($hack),"0x"); break;
        case 
"URL FULL Encode" $hackbar->urlencode(trim($hack),"%",""); break;
        case 
"URL FULL Decode" $hackbar->ToStr(trim($hack),"%"); break;
    }

    switch (
$_POST['XSS'])
    {
        case 
"StringfromCharCode" $hackbar->CHAR(trim($hack),"",",","XSS"); break;
        case 
"HTML ENCODE" $hackbar->HTMLENC(trim($hack)); break;
        case 
"HTML DECODE" $hackbar->HTMLDEC(trim($hack)); break;
    }
}
# CLASS START :
class hackbar{

    public function 
UNION($string)
    {
        for(
$i=1;$i<=$string;$i++){
            
$un .= $i.",";
        }
    echo 
"UNION ALL SELECT ".substr($un,0,-1);
    }
    
    public function 
FILTER($string)
    {
    
$filter = array("union","all","select","from","and","where","limit","group","by","schemata","tables","columns","table_schema","schema_name","table_name","column_name","floor","having");
        foreach(
$filter as $fill){
                
$string str_replace(array(strtoupper($fill),$fill) ,"/*!12345".strtoupper($fill)."*/"$string);
            }
    echo 
$string;
    }
    public function 
base64($string,$opt){
    
        if(
$opt == "ENC"){
            echo 
base64_encode($string);
        }else{
            echo 
base64_decode($string);
        }
    }
    public function 
strToHex($string)
    {
        
$hex='';
        for (
$i=0$i strlen($string); $i++)
        {
            
$hex .= dechex(ord($string[$i]));
        }
        echo 
"0x".$hex;
    }
    
    public function 
ToStr($dec,$c)
    {
        if(
eregi($c,$dec)){
            
$dec str_replace($c,"",$dec);
        }
        
$string='';
        for (
$i=0$i strlen($dec)-1$i+=2)
        {
            
$string .= chr(hexdec($dec[$i].$dec[$i+1]));
        }
        echo 
$string;
    }
    
    public function 
urlencode($string,$c,$d)
    {
        
$url='';
        for (
$i=0$i strlen($string); $i++)
        {
            
$url .= htmlentities($c.dechex(ord($string[$i])).$d);
        }
        echo 
$url;
    }
    
    public function 
CHAR($string,$co,$c,$opt,$b)
    {
        
$char='';
        for (
$i=0$i strlen($string); $i++)
        {
            if(
$b == 1){
                
$char .= $co."(".ord($string[$i]).")".$c;
            }else{
                
$char .= ord($string[$i]).$c;
            }
        }
        if(
$opt == ""){
            echo 
substr($char,0,-1);
        }elseif(
$opt == "MYSQL"){
            echo 
"CHAR(".substr($char,0,-1).")";
        }elseif(
$opt == "XSS"){
            echo 
"String.fromCharCode(".substr($char,0,-1).")";
        }elseif(
$opt == "ORACLE"){
            echo 
substr($char,0,-2);
        }
    }
    
    
    public function 
HTMLENC($string)
    {
        return 
$this->urlencode($string,"&#",";");
    }
    
    public function 
HTMLDEC($string)
    {
        
$string $this->StrReplace($string,"&#,;");
        return 
$this->ToStr($string);    
    }
    
    public function 
StrReplace($string,$c)
    {
        
$c explode(",",$c);
        
$string str_replace($c,"",$string);
        return 
$string;
    }
}

?>

</textarea>
</form>
<center> &copy; UZUNDZ , Sec4ever.Com.</center>
</pre>

Like us on Facebook :