<?php // ultimate goal...inject command into $upacked that will read a text file in the same dir as php file $post_seeds = "1154731896 "; $hard_coded_algo = "5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929"; $uPacked = unpack("H*", "ShA1(dATe('')) "); $test = $uPacked[1]; //abcdefghi pqrstuvwxy // allowed chars echo pack("H*", $test); echo "<br />"; echo pack("H*", $hard_coded_algo); echo "<br />"; if(comp($hard_coded_algo, $test)){ // ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI()))))))))) // magical execution printf(preg_replace("#\b(\d+)\b#se", pack("H*", $test), $post_seeds)); } else { echo "<br /> Hacker Detected "; } echo "<br />"; echo sha1(date('')); function comp($numOne, $numTwo){ // Show that php doesn't correctly compare numeric strings echo "<br />"; echo "<br />"; echo "Comparing the numbers"; echo "<br />"; echo $numOne; echo "<br />"; echo $numTwo; echo "<br />"; echo floatval($numOne); echo "<br />"; echo floatval($numTwo); echo "<br />"; if($numOne != $numTwo){ echo "Not Matching <br />"; return false; } else { echo "Matching </br>"; return true; } } ?>
You have javascript disabled. You will not be able to edit any code.