function getrandomstring($length) { global $template; settype($template, "string"); $template = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; settype($length, "integer"); settype($rndstring, "string"); settype($a, "integer"); settype($b, "integer"); for ($a = 0; $a <= $length; $a++) { $b = rand(0, strlen($template) – 1); $rndstring .= $template[$b]; } return $rndstring; }… Continuar leyendo →
O:12:"casino_debug":1:{s:3:"var";s:3:"bet";}array(2) { ["path"]=> string(23) "/var/www/html/index.php" ["bet"]=> string(27) "ÄÊB8 ¹# ÌPou/secret.php" }
$_SESSION[‘path’] = __FILE__; $_SESSION[‘bet’] = md5($_POST[‘guess’], TRUE) . "/". $_POST[‘bet’];
class casino_debug { public $var = "path"; public function __wakeup(){ var_dump($_SESSION); echo file_get_contents($_SESSION[$this->var]); } }
unserialize(base64_decode($_COOKIE[‘debug’]));
// Unfair 🙁 if (rand() === $_POST[‘guess’]) { echo "You win:" . file_get_contents("secret.php"); } else { echo "You lose :)"; }
<?php session_start(); if ($_GET[‘source’]){ highlight_file(__FILE__); exit(); } class casino_debug { public $var = "path"; public function __wakeup(){ var_dump($_SESSION); echo file_get_contents($_SESSION[$this->var]); } } if (!empty($_GET[‘action’]) && $_GET[‘action’] == "debug") { echo base64_decode($_COOKIE[‘debug’]); unserialize(base64_decode($_COOKIE[‘debug’])); exit(); } if (!empty($_GET[‘action’]) && $_GET[‘action’] == "bet"… Continuar leyendo →
<?php $res = ‘<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">’ . ‘<html><head>’ . ‘<script type="text/javascript"> function OnLoadEvent() { document.form.submit(); }</script>’ . ‘<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />’ . ‘<title>3D-Secure Redirect</title></head>’ . ‘<body OnLoad="OnLoadEvent();">’ . ‘<form name="form" action="’. urldecode($_GET["page"]) . ‘" method="POST"… Continuar leyendo →
<?php class ZLinkPreview { var $description; var $title; var $image = array(); var $url; var $html; var $parsemode; var $curlerrno; var $curlerr; var $curlinf = array(); var $htmlblank; function __construct($url) { if (!preg_match("~^(?:f|ht)tps?://~i", $url)) { $url = "http://" . $url… Continuar leyendo →
<div id="wbinterior" > <div id="wunderbarlogo" > <a class=’wblogobutton thickbox’ title=’Wunderbar Help’ href='<?php echo $_REQUEST[‘home’]?>help.html?width=500&height=300&TB_iframe=true’ target=’_blank’> <img src="<?php echo $_REQUEST[‘home’]?>images/wb-logo-rev.png" alt="The Wunderbar" /> <span id=’wbcmds’> HELP / UPGRADE</span> </a> </div> <div id="fakeeditarea" style=’display:none’></div>