@ 2012-10-16T19:50:49Z <?php
// ultimate goal...inject command into $upacked that will read a text file in the same dir as php file
$post_seeds = "1154731896 ";
$hard_coded_algo = "5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929";
$uPacked = unpack("H*", "ShA1(dATe('')) ");
$test = $uPacked[1];
//abcdefghi pqrstuvwxy // allowed chars
echo pack("H*", $test);
echo "<br />";
echo pack("H*", $hard_coded_algo);
echo "<br />";
if(comp($hard_coded_algo, $test)){
// ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))
// magical execution
printf(preg_replace("#\b(\d+)\b#se", pack("H*", $test), $post_seeds));
} else {
echo "<br /> Hacker Detected ";
}
echo "<br />";
echo sha1(date(''));
function comp($numOne, $numTwo){
// Show that php doesn't correctly compare numeric strings
echo "<br />";
echo "<br />";
echo "Comparing the numbers";
echo "<br />";
echo $numOne;
echo "<br />";
echo $numTwo;
echo "<br />";
echo floatval($numOne);
echo "<br />";
echo floatval($numTwo);
echo "<br />";
if($numOne != $numTwo){
echo "Not Matching <br />";
return false;
} else {
echo "Matching </br>";
return true;
}
}
?>
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 5.4.4 - 5.4.45 , 5.5.0 - 5.5.38 , 5.6.0 - 5.6.40 , 7.0.0 - 7.0.33 , 7.1.0 - 7.1.33 , 7.2.0 - 7.2.33 , 7.3.0 - 7.3.33 , 7.4.0 - 7.4.33 , 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.6 ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709 Output for 4.3.5 - 4.3.9 , 4.3.11 , 4.4.0 - 4.4.1 , 4.4.3 - 4.4.9 , 5.0.0 - 5.0.2 , 5.0.5 , 5.1.0 - 5.1.1 , 5.1.3 - 5.1.6 , 5.2.0 - 5.2.17 , 5.3.0 - 5.3.29 , 5.4.0 - 5.4.3 ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Matching </br>da39a3ee5e6b4b0d3255bfef95601890afd80709 <br />da39a3ee5e6b4b0d3255bfef95601890afd80709 Output for 4.4.2 , 5.1.2 ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />53684131286441546528272729292020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020200<br />5.3684131286442E+123<br />5.3684131286442E+124<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709 Output for 4.3.10 , 5.0.3 - 5.0.4 Warning: unpack(): Type H: outside of string in /in/16in5 on line 9
ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Matching </br>da39a3ee5e6b4b0d3255bfef95601890afd80709 <br />da39a3ee5e6b4b0d3255bfef95601890afd80709 Output for 4.3.0 - 4.3.4 Notice: Undefined offset: 1 in /in/16in5 on line 10
<br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br /><br />5.3684131286442E+123<br />0<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709 preferences:dark mode live preview
304.32 ms | 402 KiB | 460 Q