-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathexploit.php
More file actions
121 lines (99 loc) · 3.35 KB
/
exploit.php
File metadata and controls
121 lines (99 loc) · 3.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
RIPS - A static source code analyser for vulnerabilities in PHP scripts
by Johannes Dahse (johannesdahse@gmx.de)
Copyright (C) 2010 Johannes Dahse
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>.
**/
if(!empty($_GET['file']))
{
$file = $_GET['file'];
?>
<div style="padding: 20px; width: 400px">
<div style='width: 300px'>
#!/usr/bin/php -f<br>
<?php<br>
#<br>
# <?php echo basename($file); ?> curl exploit<br>
#<br><br>
</div>
<div id="exploitbuild">
<div class="exploitbox">
<div class="exploittitlebox">
<div class="exploittitle">general settings:</div>
<div style="clear: left;"></div>
</div>
<div class="exploitcontentbox">
<table>
<tr>
<td>URL:</td>
<td><input type="text" size="40" id="target" name="target" value="http://$target/<?php echo basename($file); ?>" /></td>
</tr>
<tr>
<td>COOKIEJAR:</td>
<td><input type="text" id="cookiejar" name="cookiejar" value="/tmp/cookie_$target" /></td>
</tr>
<tr>
<td>Max Exec Time:</td>
<td><input type="text" id="exectime" size=2 name="exectime" value="3" /> (s)</td>
</tr>
<tr>
<td>SSL: <input type="checkbox" id="ssl" name="ssl" value="1" onChange="setssl()" /></td>
<td>BasicAuth: <input type="checkbox" id="auth" name="auth" value="1" /></td>
</tr>
</table>
</div>
</div>
<?php
function creatediv($method, $name)
{
if(!empty($method))
{
$method = htmlentities($method, ENT_QUOTES, 'utf-8');
?>
<div id="<?php echo $name.'box'; ?>" class="exploitbox">
<div class="exploittitlebox">
<div class="exploittitle"><?php echo $name ?> parameter:</div>
<input type="button" class="closebutton" value="x" onClick="deleteMethod('<?php echo $name; ?>')" />
<div style="clear: left;"></div>
</div>
<div class="exploitcontentbox" id="<?php echo $name.$param; ?>">
<form id="<?php echo $name; ?>">
<table cellspacing=0px cellpadding=2px>
<?php
$params = explode(',', $method);
foreach($params as $param)
{
$param = htmlentities($param, ENT_QUOTES, 'utf-8');
echo "\n<tr><td>$param:</td>\n",
"\t<td colspan='2'><input type='text' name='$param' value=''></td>\n",
'</tr>';
}
?>
</table>
</form>
</div>
</div>
<?php
}
}
if(isset($_GET['get'])) creatediv($_GET['get'], '$_GET');
if(isset($_GET['post'])) creatediv($_GET['post'], '$_POST');
if(isset($_GET['cookie'])) creatediv($_GET['cookie'], '$_COOKIE');
if(isset($_GET['files'])) creatediv($_GET['files'], '$_FILES');
if(isset($_GET['server'])) creatediv($_GET['server'], '$_SERVER');
?>
<input type="button" class="Button" value="create" onClick="createExploit()" />
<br /><br />
</div>
<div id="exploitcode" style="display:none;"></div>
?>
</div>
<?php
} else
{
echo 'No file loaded';
}
?>