Yo Leute!
Ich suche code von jeglicher Art von Sicherheitslücke in PHP die ihr finden könnt. So bringen wir mal etwas schwung rein.
Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.
<?php $db_host = "localhost"; $db_name = "vuln"; $db_user = "root"; $db_pass = ""; try { $dbc = new PDO("mysql:host={$db_host};dbname={$db_name}", $db_user, $db_pass); $dbc->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $dbc->prepare("SET NAMES gbk"); $stmt->execute(); } catch (PDOException $e) { die("<div id=\"error\">Error connecting: ".$e->getMessage()."</div>"); } function db_query($sql) { $args = func_get_args(); $stmt = $GLOBALS['dbc']->prepare($sql); for ($i = 1; $i < func_num_args(); $i++) $stmt->bindParam(":$i", $args[$i]); try { $stmt->execute(); } catch (PDOException $e) { echo "<div id=\"error\">Database error: ".$e->getMessage()."</div>"; } return $stmt; } if ($_POST && isset($_POST['user']) && isset($_POST['pwd'])) { $stmt = db_query("SELECT `id` FROM `users` WHERE `user` = :1 AND `pass` = :2", $_POST['user'], $_POST['pwd']); if ($stmt->rowCount() > 0) { echo "♥"; } else { echo "Yeah... You definitly got it..."; } } else if (!$_POST) { echo '<form method="POST"> Username: <input type="text" name="user" placeholder="username"><br> Password: <input type="password" name="pwd" placeholder="password"><br> <input type="submit" value="Login"> </form>'; } else { echo "No, there is no magic vuln here. Get back into the form."; } ?>
<?php $db_host = "localhost"; $db_name = "vuln"; $db_user = "root"; $db_pass = ""; try { $dbc = new PDO("mysql:host={$db_host};dbname={$db_name}", $db_user, $db_pass); $dbc->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $dbc->prepare("SET NAMES gbk"); $stmt->execute(); } catch (PDOException $e) { die("<div id=\"error\">Error connecting: ".$e->getMessage()."</div>"); } function db_query($sql) { $args = func_get_args(); $stmt = $GLOBALS['dbc']->prepare($sql); for ($i = 1; $i < func_num_args(); $i++) $stmt->bindParam(":$i", $args[$i]); try { $stmt->execute(); } catch (PDOException $e) { echo "<div id=\"error\">Database error: ".$e->getMessage()."</div>"; } return $stmt; } if ($_POST && isset($_POST['user']) && isset($_POST['pwd'])) { $stmt = db_query("SELECT `id` FROM `users` WHERE `user` = :1 AND `pass` = :2", $_POST['user'], $_POST['pwd']); if ($stmt->rowCount() > 0) { echo "♥"; } else { echo "Yeah... You definitly got it..."; } } else if (!$_POST) { echo '<form method="POST"> Username: <input type="text" name="user" placeholder="username"><br> Password: <input type="password" name="pwd" placeholder="password"><br> <input type="submit" value="Login"> </form>'; } else { echo "No, there is no magic vuln here. Get back into the form."; } ?>
Brainfuck
,,Der blaue Baum" von Prohex (2020)
Wer bekommts raus (CVE)?
if (!empty($meta['dao']) ) { if (!$wpdb->get_row( $wpdb->prepare( "SELECT id FROM $wpdb->postmeta WHERE key = '_wp_attachment' AND val LIKE %s AND id <> %d", '%' . $wpdb->esc_like( $meta['dao'] ) . '%', $post_id)) ) { $tf = str_replace(basename($file), $meta['dao'], $file); $tf = apply_filters( 'wp_delete_file', $tf ); @unlink( path_join($uploadpath['basedir'], $tf) ); } }
Die Variablen/Arrays wurden umbenannt damit das hier auch ne Challenge wird ;- )
Thema | Forum | Themenstarter | Statistik | Letzter Beitrag | |
---|---|---|---|---|---|
Suche fähigen Hacker sehr gute Bezahlung |
Suchanfragen | Island |
|
|
|
Riesige Sammlung von Marketing Tools |
Tutorials | White-Warti |
|
|
|
Suche Android Rat |
Suchanfragen | Avni |
|
|