Your IP : 172.28.240.42
/**
RIPS - A static source code analyser for vulnerabilities in PHP scripts
by Johannes Dahse (johannes.dahse@rub.de)
**/
function editExploit()
{
document.getElementById('exploitcode').style.display = "none";
document.getElementById('exploitbuild').style.display = "block";
}
function deleteMethod(method)
{
document.getElementById(method+'box').style.display = "none";
}
function getQuery(method)
{
var query = "";
var elements = document.getElementById(method).elements;
for(var i=0;i<elements.length;i++)
{
query = query + elements[i].name + '=' + encodeURIComponent(elements[i].value);
if(i != elements.length-1)
query = query + '&';
}
return query;
}
function createExploit()
{
var name = "";
if(document.getElementById('$_GET') != undefined)
name = name + 'GET, ';
if(document.getElementById('$_POST') != undefined)
name = name + 'POST, ';
if(document.getElementById('$_FILES') != undefined)
name = name + 'FILES, ';
if(document.getElementById('$_COOKIE') != undefined)
name = name + 'COOKIE, ';
if(document.getElementById('$_SERVER') != undefined)
name = name + 'SERVER, ';
var output = "//<br>// HTTP "+name+" <input type=button class='Button' value='edit' onClick='editExploit()'>";
output = output + "<br>//<br><br>$target = $argv[1];<br><br>";
var target = document.getElementById('target').value;
var cookiejar = document.getElementById('cookiejar').value;
var exectime = document.getElementById('exectime').value;
var ssl = document.getElementById('ssl').checked
var auth = document.getElementById('auth').checked
if(document.getElementById('$_FILES') != undefined)
output = output + "$postData = array();<br>$postData[ 'file' ] = \"@" + document.getElementById('$_FILES').elements[0].value + "\";<br><br>";
if(auth)
{
output = output + "$username = \"\";<br>$password = \"\";<br><br>";
}
output = output + "$ch = curl_init();<br>curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);<br>";
if(document.getElementById('$_GET') != undefined)
{
var getquery = getQuery('$_GET');
output = output + "curl_setopt($ch, CURLOPT_URL, \"" + target + '?' + getquery + "\");<br>";
output = output + "curl_setopt($ch, CURLOPT_HTTPGET, 1);<br>";
}
else
{
output = output + "curl_setopt($ch, CURLOPT_URL, \"" + target + "\");<br>";
}
output = output + "curl_setopt($ch, CURLOPT_USERAGENT, \"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\");<br>";
if(document.getElementById('$_POST') != undefined || document.getElementById('$_FILES') != undefined)
output = output + "curl_setopt($ch, CURLOPT_POST, 1);<br>";
if(document.getElementById('$_POST') != undefined)
{
var postquery = getQuery('$_POST');
output = output + "curl_setopt($ch, CURLOPT_POSTFIELDS, \"" + postquery + "\");<br>";
}
if(document.getElementById('$_FILES') != undefined)
output = output + "curl_setopt($ch, CURLOPT_POSTFIELDS, $postData );<br>";
if(document.getElementById('$_COOKIE') != undefined)
{
var cookie = getQuery('$_COOKIE');
output = output + "curl_setopt($ch, CURLOPT_COOKIE, \"" + cookie + "\");<br>";
}
if(document.getElementById('$_SERVER') != undefined)
{
var elements = document.getElementById('$_SERVER').elements;
for(var i=0;i<elements.length;i++)
{
if(elements[i].name == 'HTTP_USER_AGENT')
output = output + "curl_setopt($ch, CURLOPT_USERAGENT, \""+elements[i].value+"\");<br>";
else if(elements[i].name == 'HTTP_ACCEPT')
output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept: "+elements[i].value+"\");<br>";
else if(elements[i].name == 'HTTP_ACCEPT_LANGUAGE')
output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept-Language: "+elements[i].value+"\");<br>";
else if(elements[i].name == 'HTTP_ACCEPT_ENCODING')
output = output + "curl_setopt($ch, CURLOPT_ENCODING, \""+elements[i].value+"\");<br>";
else if(elements[i].name == 'HTTP_ACCEPT_CHARSET')
output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept-Charset: "+elements[i].value+"\");<br>";
else if(elements[i].name == 'HTTP_KEEP_ALIVE')
output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, array(\"Connection: keep-alive\", \"Keep-Alive: "+elements[i].value+"\"));<br>";
else if(elements[i].name == 'HTTP_CONNECTION')
output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Connection: "+elements[i].value+"\");<br>";
}
}
if(exectime != "")
output = output + "curl_setopt($ch, CURLOPT_TIMEOUT, " + exectime + ");<br>curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, " + exectime + ");<br>curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, " + exectime + ");<br>";
if(cookiejar != "")
output = output + "curl_setopt($ch, CURLOPT_COOKIEJAR, \"" + cookiejar + "\");<br>";
if(ssl)
{
output = output + "curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);<br>";
output = output + "curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);<br>";
output = output + "curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);<br>";
}
if(auth)
{
output = output + "curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);<br>";
output = output + "curl_setopt($ch, CURLOPT_USERPWD, \"$username:$password\");<br>";
}
output = output + "$buf = curl_exec ($ch);<br>curl_close($ch);<br>unset($ch);<br>";
output = output + "<br>echo $buf;<br>";
var exploitdiv = document.getElementById('exploitcode');
exploitdiv.innerHTML = output;
exploitdiv.style.display = "block";
document.getElementById('exploitbuild').style.display = "none";
}
function setssl()
{
var targetelement = document.getElementById('target');
var newset;
var oldset = targetelement.value;
if(document.getElementById('ssl').checked)
{
oldset = oldset.replace(/https:/, "http:");
newset = oldset.replace(/http:/, "https:");
} else
{
newset = oldset.replace(/https/, "http");
}
targetelement.value = newset;
}