function tp($fmt, $val)
{
static $index = 1;
echo "[{$index}]: orig : " . sprintf("%d | 0x%02x\n", $val, $val);
$v = pack($fmt, $val);
echo "[{$index}]: pack : " . hexdump($v);
$v = unpack($fmt, $v);
echo "[{$index}]: unpack: " . sprintf("%d | 0x%02x\n", $v[1], $v[1]);
echo "-----------------------\n";
$index++;
}
public function fetch()
{
$rs = $this->_fetch();
$ret = array();
foreach ($rs as $r) {
$match = NULL;
$btih = '';
preg_match('([0-9A-Z]{32})', $r['enclosure'], $match);
if ($match) {
$btih = hexdump(Base32::decode($match[0]));
}
if ($btih == '') {
LOGW("无法解析资源的 BTIH, r = " . var_export($r, TRUE));
}
$ret[] = array('btih' => $btih, 'title' => $r['title'], 'guid' => $r['guid'], 'link' => $r['link'], 'description' => $r['description'], 'pubDate' => strtotime($r['pubDate']), 'magnet' => $r['enclosure']);
}
return $ret;
}
function printVariableInfo(Object $variable)
{
$className = get_class($variable);
$stringValue = nl2br($variable->__toString());
$binaryData = $variable->getBinary();
$base64Binary = chunk_split(base64_encode($binaryData), 24);
echo '<tr>';
echo "<td class='ASNclass'>{$className}</td>";
echo "<td class='toString'>\"<span class='red'>{$stringValue}</span>\"</td>";
echo "<td class='monospace base64'>{$base64Binary}</td>";
echo '<td>' . hexdump($binaryData, true, true, true) . '</td>';
global $openSSLisAvailable;
if ($openSSLisAvailable) {
$openSSLOutput = shell_exec("echo '{$base64Binary}' | openssl asn1parse -inform PEM -dump -i 2>&1");
echo "<td class='openSSL'><pre>{$openSSLOutput}</pre></td>";
}
echo '</tr>';
}
unset($cfg['and_mark']);
// disabling and_mark
$cfg['show_setting'] = 'hlcfg';
$st = microtime();
$out = htmLawed($_POST['text'], $cfg, $_POST['spec']);
$et = microtime();
echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code »</span></a> <span class="help" title="tags estimated as half of total > and < chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', $tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<')) / 2), '</big> tag', $tag > 1 ? 's' : '', '</small> </span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', !isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary » </span></a><div id="inputD" style="display: none;">' . hexdump($_POST['text']) . '</div>' : '', ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings » </span></a> <div id="settingF" style="display: none;">$config: ', str_replace(array(' ', "\t", ' '), array(' ', ' ', ' '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '<br />$spec: ', str_replace(array(' ', "\t", ' '), array(' ', ' ', ' '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['spec'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output »</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(substr($et, 0, 9) + substr($et, -10) - substr($st, 0, 9) - substr($st, -10), 4), '</big> s</small></span>', ($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>' . round(($mem - $pre_mem) / 1048576, 2) . '</big> <small>MB</small>' : '', '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>';
if ($_w3c_validate && $validation) {
?>
<button type="button" title="HTML 4.01 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text2', 'html401'); return false;" onkeypress="javascript: sndValidn('text2', 'html401'); return false;">Check HTML</button>
<button type="button" title="XHTML 1.1 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text2', 'xhtml110'); return false;" onkeypress="javascript: sndValidn('text2', 'xhtml110'); return false;">Check XHTML</button>
<?php
}
echo '</div><br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'outputR\'); return false;"><span class="notice">Output code »</span></a><div id="outputR" style="display: block;">', format($out), '</div><script type="text/javascript">hl(\'outputR\');</script>', !isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'outputD\'); return false;"><span class="notice">Output binary »</span></a><div id="outputD" style="display: none;">' . hexdump($out) . '</div>' : '', ' <a href="htmLawedTest.php" title="[toggle visibility] inline output-input diff; might not be perfectly accurate, semantically or otherwise " onclick="javascript:toggle(\'diff\'); diffLaunch(); return false;"><span class="notice">Diff »</span></a> <div id="diff" style="display: none;"></div><br /><a href="htmLawedTest.php" title="[toggle visibility] XHTML 1 Transitional doctype" onclick="javascript:toggle(\'outputH\'); return false;"><span class="notice">Output rendered »</span></a><div id="outputH" style="display: block;">', $out, '</div>';
} else {
?>
<br />
<div class="help">Use with a Javascript- and cookie-enabled, relatively new version of a common browser. <em>Submitted input will also be HTML-rendered (XHTML 1) after htmLawed-filtering.</em>
<?php
echo file_exists('./htmLawed_TESTCASE.txt') ? '<br /><br />You can use text from <a href="htmLawed_TESTCASE.txt"><span class="notice">this collection of test-cases</span></a> in the input. Set the character encoding of the browser to Unicode/utf-8 before copying.' : '';
?>
<br /><br />For anti-XSS tests, try the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawedSafeModeTest.php"><span class="notice">special test-page</span></a> or see <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm"><span class="notice">these results</span></a>.
<br /><br /><small>Change <em>Encoding</em> to reflect the character encoding of the input text. Even then, it may not work or some characters may not display properly because of variable browser support and because of the form interface. Developers can write some PHP code to capture the filtered input to a file if this is important.
<br /><br />Refer to the htmLawed documentation (<a href="htmLawed_README.htm"><span class="notice">htm</span></a>/<a href="htmLawed_README.txt"><span class="notice">txt</span></a>) for details about <em>Settings</em>, and htmLawed's behavior and limitations. For <em>Settings</em>, incorrectly-specified values like regular expressions are silently ignored. One or more settings form-fields may have been disabled. Some characters are not allowed in the <em>Spec</em> field.
function process_diff(&$client, $payload)
{
$a = explode("\t", $payload);
if (sizeof($a) < 2) {
logger(sprintf("%s(): payload too short: '%s'", __FUNCTION__, $payload));
return;
}
if (sizeof($a) < 8) {
if (strpos($a[1], '-')) {
list($r0, $r1) = explode('-', $a[1]);
$client->range[0] = intval($r0);
$client->range[1] = intval($r1);
} else {
$client->range[0] = $client->range[1] = intval($a[1]);
}
$jranges = $this->calc_jranges();
$s = "R\t" . implode("\t", $jranges);
$this->send($s);
return;
}
$offset = intval($a[2]);
$prelen = intval($a[3]);
$oldlen = intval($a[4]);
$newlen = intval($a[5]);
$postlen = intval($a[6]);
$newpretext = $prelen <= 0 ? '' : utf8_substr($a[7], 0, $prelen);
$newtext = $newlen <= 0 ? '' : utf8_substr($a[7], $prelen, $newlen);
$newpostext = $postlen <= 0 ? '' : utf8_substr($a[7], $prelen + $newlen, $postlen);
$mismatch = FALSE;
$oldpretext = utf8_substr($this->text, $offset, $prelen);
if ($prelen > 0 && $oldpretext != $newpretext) {
$mismatch = TRUE;
logger(sprintf("%s(): pre-context is different: '%s' != '%s'", __FUNCTION__, hexdump($oldpretext, TRUE), hexdump($newpretext, TRUE)), WLOG_DEBUG);
}
$oldpostext = utf8_substr($this->text, $offset + $prelen + $oldlen, $postlen);
if ($postlen > 0 && $oldpostext != $newpostext) {
$mismatch = TRUE;
logger(sprintf("%s(): post-context is different: '%s' != '%s'", __FUNCTION__, hexdump($oldpostext, TRUE), hexdump($newpostext, TRUE)), WLOG_DEBUG);
}
if ($mismatch) {
logger(sprintf('no match for diff context; dropping diff from client #%d', $client->cid));
return;
}
$oldtext = $oldlen <= 0 ? '' : utf8_substr($this->text, $offset + $prelen, $oldlen);
$pivot = $offset + $prelen;
$offsetext = utf8_substr($this->text, 0, $offset);
$this->text = $offsetext . $a[7] . utf8_substr($this->text, $pivot + $oldlen + $postlen);
$this->attr = substr($this->attr, 0, $pivot) . str_repeat($client->attr, $newlen) . substr($this->attr, $pivot + $oldlen);
if ($newlen != $oldlen) {
$delta = $newlen - $oldlen;
foreach ($this->clients as $cid => $worker) {
for ($i = 0; $i < 2; ++$i) {
if (($c = $worker->range[$i]) >= $pivot) {
$this->clients[$cid]->range[$i] = max($c + $delta, $pivot);
}
}
}
}
if (strpos($a[1], '-')) {
list($r0, $r1) = explode('-', $a[1]);
$client->range[0] = intval($r0);
$client->range[1] = intval($r1);
} else {
$client->range[0] = $client->range[1] = intval($a[1]);
}
$jranges = $this->calc_jranges();
$s = sprintf("P\t%s\t%d\t%d\t%d\t%d\t%d\t%s\t", $client->attr, utf16_strlen($offsetext), utf16_strlen($newpretext), utf16_strlen($oldtext), utf16_strlen($newtext), utf16_strlen($newpostext), $a[7]) . implode("\t", $jranges);
$this->send($s);
return;
}
<td valign="top" style="padding:5"><pre>
<?
if (!strcmp($tab,"hexdump")) {
print str_replace("strings",
"<a href=\"?offset=$offset&tab=strings\">strings</a>",
str_replace("disasm",
"<a href=\"?offset=$offset\">disasm</a>",
str_replace("notes",
"<a href=\"?offset=$offset&tab=notes\">notes</a>",
str_replace("comment",
"<a href=\"?offset=$offset&tab=comment\">comment</a>",
str_replace("plain",
"<a href=\"?offset=$offset&tab=plain\">plain</a>",
"; disasm hexdump strings comment notes plain\n")))));
?> <div class="hexdump"><pre><? hexdump(); ?></pre></div> <?
} else
if (!strcmp($tab,"strings")) {
print str_replace("hexdump",
"<a href=\"?offset=$offset&tab=hexdump\">hexdump</a>",
str_replace("disasm",
"<a href=\"?offset=$offset\">disasm</a>",
str_replace("comment",
"<a href=\"?offset=$offset&tab=comment\">comment</a>",
str_replace("notes",
"<a href=\"?offset=$offset&tab=notes\">notes</a>",
str_replace("plain",
"<a href=\"?offset=$offset&tab=plain\">plain</a>",
"; disasm hexdump strings comment notes plain\n")))));
?> <div class="hexdump"><pre><? strings(); ?></pre></div> <?
} else
protected function write($data)
{
if ($this->debug) {
debug_msg("< [hex]:\n" . hexdump($data, $htmloutput = false, $uppercase = true, $return = true));
}
$len = strlen($data);
while (true) {
if (false === ($written = fwrite($this->sock, $data))) {
throw new Exception("Error sending data");
}
$len = $len - $written;
if ($len > 0) {
$data = substr($data, 0 - $len);
} else {
break;
}
}
}
<?php
/* include('test.inc'); */
/* charset=EUC-JP */
function hexdump($str)
{
$len = strlen($str);
for ($i = 0; $i < $len; ++$i) {
printf("%02x", ord($str[$i]));
}
print "\n";
}
$str = str_repeat("日本語テキストと English text", 30);
$str .= "日本語";
echo hexdump(iconv("EUC-JP", "ISO-2022-JP", $str));
}
if ($_GET['enc']) {
$s = mb_convert_encoding($s, 'UTF-8', $_GET['enc']);
}
$a[] = $s;
if (count($a) > 9) {
break;
}
}
fclose($f);
respond($a);
case 'binview':
require __INC__ . '/common.php';
$s = file_get_contents($fn, false, NULL, 0, 1048560);
if (@$_GET['hex']) {
echo '<html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"></head>' . '<body style="margin:5px;font-size:13px;font-family:monospace">' . hexdump($s) . '</body></html>';
} else {
header('Content-Type: text/plain');
echo $s;
}
break;
}
exit;
}
//////////
if ($req = file_get_contents('php://input')) {
if (substr($req, 0, 2) == '!:') {
$s = substr($req, 2);
if (($req = json_decode(rc4($_SESSION['key1'], pack('H*', $s)), TRUE)) === NULL && isset($_SESSION['key2'])) {
if (($req = json_decode(rc4($_SESSION['key2'], pack('H*', $s)), TRUE)) === NULL) {
respondError('session', FALSE, FALSE);
function foo($str, $offset, $len, $charset)
{
hexdump(substr($str, $offset, $len));
hexdump(iconv_substr($str, $offset, $len, $charset));
}
do {
/* blocking read from server (UDP) socket */
$pkt = stream_socket_recvfrom($socket, 64, 0, $peer);
/* non blocking read from client socket */
while (stream_select(&$csarray, $nullref, $nullref, 0) > 0) {
/* empty LIRC output -> we don't need the output yet */
$buffer = fgets($clientsocket, 4096);
}
/* is the received packet the same like the last one? */
if (strcmp($pkt, $lastpkt) == 0) {
$sequencenum++;
} else {
$sequencenum = 0;
/* no, reset sequence counter */
}
debug("{$peer}\n");
debug(hexdump($pkt, false, false, true));
/* decode the RC5 lstring */
$output = get_lirc_cmd($pkt, $sequencenum);
debug($output);
/* send the converted string to LIRC */
fwrite($clientsocket, $output);
/* save the packet for the next run */
$lastpkt = $pkt;
/* empty LIRC input again, only to be sure */
while (stream_select(&$csarray, $nullref, $nullref, 0) > 0) {
$buffer = fgets($clientsocket, 4096);
}
} while ($pkt !== false && $_DOEXIT == 0);
fclose($clientsocket);
fclose($socket);
$dump .= "\n";
}
}
}
// Finish dump
$dump .= $htmloutput === true ? '</pre>' : '';
$dump .= "\n";
// Output method
if ($return === false) {
echo $dump;
} else {
return $dump;
}
}
if (!empty($_GET['payload'])) {
echo "escaped payload: " . htmlentities($_GET['payload']) . "<br>";
echo "HEX payload: " . hexdump($_GET['payload']) . "<br>";
echo "HEX htmlentities(payload): " . hexdump(htmlentities($_GET['payload'])) . "<br>";
} else {
echo "[!] Payload lost in transit! (possibly '=' in URL was swallowed)<br>";
echo "GET: ";
var_dump($_GET);
echo "<br>REQUEST_URI: ";
var_dump($_SERVER['REQUEST_URI']);
}
?>
<br><a href="start.php">return</a>
CHARSET: <pre id=charset></pre>
<script>document.getElementById('charset').innerHTML = document.characterSet ? document.characterSet : document.charset;
</script>
/**
* Produce a hex dump of the generated HTML
*
* @param string $content
*/
function trac_29608_dump($content)
{
oik_require("includes/hexdump.php", "trac29608");
$dump = hexdump($content);
stag("code");
e($dump);
etag("code");
}
function hit_hb()
{
global $hb, $s;
socket_send($s, $hb, strlen($hb), 0);
while (true) {
list($typ, $ver, $pay) = recvmsg();
if (null === $typ) {
exit('No heartbeat response received, server likely not vulnerable');
}
if (24 == $typ) {
echo "Received heartbeat response:\n";
hexdump($pay);
if (strlen($pay) > 3) {
echo 'WARNING: server returned more data than it should - server is vulnerable!';
} else {
echo 'Server processed malformed heartbeat, but did not return any extra data.';
}
return true;
}
if (21 == $typ) {
echo "Received alert:\n";
hexdump($pay);
echo 'Server returned error, likely not vulnerable';
return false;
}
}
}
