function find_news($keyword) { // <START> $preg1 = '/union/i'; $preg2 = '/(SUBSTR|substr|SELECT|select|LENGTH|length|LEFT|left|AND|and|OR|or)/'; if(preg_match($preg1,$keyword)||preg_match($preg2,$keyword)){ die("Hacking!"); } $a = strpos($keyword, "and"); $b = strpos($keyword, "'"); if ($a && $b && ($a - $b) <= 2) { die("Hacked"); } // </START> //Payload: dùng hàm right để quét payload = "cybersecurity' AND '" + try_flag + "' <> (Select rIght(flag," + str(v_len_to_try) + ") From flag_ahihi) %23" $sql = "SELECT id,title,content FROM news WHERE content LIKE '%" . $keyword . "%'"; DEBUG_LOG("SQL: $sql"); return $sql; } function write_log($sql) { if (preg_match("/[;\|&`]/", $sql)) { die("! Hack detected"); } $command = "echo '" . $sql . "' >> /var/log/search.log"; DEBUG_LOG("Command: $command"); shell_exec($command); }