<?
$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
function xor_encrypt($in) {
//$key = '<censored>';
$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK';
$text = $in;
$outText = '';
// Iterate through each character
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
function loadData($def) {
global $_COOKIE;
$mydata = $def;
if(array_key_exists("data", $_COOKIE)) {
$tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true);
if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) {
$mydata['showpassword'] = $tempdata['showpassword'];
$mydata['bgcolor'] = $tempdata['bgcolor'];
}
}
}
return $mydata;
}
function saveData($d) {
setcookie("data", base64_encode(xor_encrypt(json_encode($d))));
}
// Taken from saveData()
function encrypt($d){
return base64_encode(xor_encrypt(json_encode($d)));
}
function encrypt_step1($d){
return json_encode($d);
}
function encrypt_step2($d){
return xor_encrypt(json_encode($d));
}
//Taken from loadData()
function decrypt($d){
return json_decode(xor_encrypt(base64_decode($d)), true);
}
function decrypt_step1($d){
return base64_decode($d);
}
function decrypt_step2($d){
return xor_encrypt(base64_decode($d));
}
/*
$data = loadData($defaultdata);
if(array_key_exists("bgcolor",$_REQUEST)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) {
$data['bgcolor'] = $_REQUEST['bgcolor'];
}
}
saveData($data);
*/
/*
*/
$data = 'ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D';
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw=";
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw";
echo $data;
echo "\nEvaluates to: \n";
$decrypted = decrypt($data);
var_dump($decrypted);
echo "\nDecrypt Step 1: \n";
echo decrypt_step1($data);
// echo "\nDecrypt Step 2: \n";
// echo decrypt_step2($data);
echo "Trying some shit:\n";
$injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
var_dump($injected_cookie);
echo "\nIn encyrpted form!\n";
$encrypted_good = encrypt($injected_cookie);
var_dump($encrypted_good);
?>
<h1>natas11</h1>
<div id="content">
<body style="background:
Warning: Undefined variable $data in /in/FgBRt on line 109
Warning: Trying to access array offset on value of type null in /in/FgBRt on line 109
;">
Cookies are protected with XOR encryption<br/><br/>
<?
// THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES
//if($data["showpassword"] == "yes") {
// print "The password for natas12 is <censored><br>";
//}
?>
Output for 8.0.13
ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw
Evaluates to:
NULL
Decrypt Step 1:
UK" H+O%pSWh]UZ-T%UhR^,^hTrying some shit:
array(2) {
["showpassword"]=>
string(3) "yes"
["bgcolor"]=>
string(7) "#ffffff"
}
In encyrpted form!
string(56) "LhpBGVojMyw+Ik4XByJNcxEdPCsUHVFVKDkrVSU5TXF3G1QXUzIlK28s"
<h1>natas11</h1>
<div id="content">
<body style="background:
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /in/FgBRt:109
Stack trace:
#0 {main}
thrown in /in/FgBRt on line 109
Process exited with code 255.
ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw
Evaluates to:
NULL
Decrypt Step 1:
UK" H+O%pSWh]UZ-T%UhR^,^hTrying some shit:
array(2) {
["showpassword"]=>
string(3) "yes"
["bgcolor"]=>
string(7) "#ffffff"
}
In encyrpted form!
string(56) "LhpBGVojMyw+Ik4XByJNcxEdPCsUHVFVKDkrVSU5TXF3G1QXUzIlK28s"
<h1>natas11</h1>
<div id="content">
<body style="background:
Warning: Illegal string offset 'bgcolor' in /in/FgBRt on line 109
C;">
Cookies are protected with XOR encryption<br/><br/>
Output for 7.4.0 - 7.4.32
<?
$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
function xor_encrypt($in) {
//$key = '<censored>';
$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK';
$text = $in;
$outText = '';
// Iterate through each character
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
function loadData($def) {
global $_COOKIE;
$mydata = $def;
if(array_key_exists("data", $_COOKIE)) {
$tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true);
if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) {
$mydata['showpassword'] = $tempdata['showpassword'];
$mydata['bgcolor'] = $tempdata['bgcolor'];
}
}
}
return $mydata;
}
function saveData($d) {
setcookie("data", base64_encode(xor_encrypt(json_encode($d))));
}
// Taken from saveData()
function encrypt($d){
return base64_encode(xor_encrypt(json_encode($d)));
}
function encrypt_step1($d){
return json_encode($d);
}
function encrypt_step2($d){
return xor_encrypt(json_encode($d));
}
//Taken from loadData()
function decrypt($d){
return json_decode(xor_encrypt(base64_decode($d)), true);
}
function decrypt_step1($d){
return base64_decode($d);
}
function decrypt_step2($d){
return xor_encrypt(base64_decode($d));
}
/*
$data = loadData($defaultdata);
if(array_key_exists("bgcolor",$_REQUEST)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) {
$data['bgcolor'] = $_REQUEST['bgcolor'];
}
}
saveData($data);
*/
/*
*/
$data = 'ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D';
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw=";
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw";
echo $data;
echo "\nEvaluates to: \n";
$decrypted = decrypt($data);
var_dump($decrypted);
echo "\nDecrypt Step 1: \n";
echo decrypt_step1($data);
// echo "\nDecrypt Step 2: \n";
// echo decrypt_step2($data);
echo "Trying some shit:\n";
$injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
var_dump($injected_cookie);
echo "\nIn encyrpted form!\n";
$encrypted_good = encrypt($injected_cookie);
var_dump($encrypted_good);
?>
<h1>natas11</h1>
<div id="content">
<body style="background:
Notice: Undefined variable: data in /in/FgBRt on line 109
Notice: Trying to access array offset on value of type null in /in/FgBRt on line 109
;">
Cookies are protected with XOR encryption<br/><br/>
<?
// THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES
//if($data["showpassword"] == "yes") {
// print "The password for natas12 is <censored><br>";
//}
?>
Output for 7.2.29 - 7.2.33, 7.3.16 - 7.3.31
<?
$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
function xor_encrypt($in) {
//$key = '<censored>';
$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK';
$text = $in;
$outText = '';
// Iterate through each character
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
function loadData($def) {
global $_COOKIE;
$mydata = $def;
if(array_key_exists("data", $_COOKIE)) {
$tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true);
if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) {
$mydata['showpassword'] = $tempdata['showpassword'];
$mydata['bgcolor'] = $tempdata['bgcolor'];
}
}
}
return $mydata;
}
function saveData($d) {
setcookie("data", base64_encode(xor_encrypt(json_encode($d))));
}
// Taken from saveData()
function encrypt($d){
return base64_encode(xor_encrypt(json_encode($d)));
}
function encrypt_step1($d){
return json_encode($d);
}
function encrypt_step2($d){
return xor_encrypt(json_encode($d));
}
//Taken from loadData()
function decrypt($d){
return json_decode(xor_encrypt(base64_decode($d)), true);
}
function decrypt_step1($d){
return base64_decode($d);
}
function decrypt_step2($d){
return xor_encrypt(base64_decode($d));
}
/*
$data = loadData($defaultdata);
if(array_key_exists("bgcolor",$_REQUEST)) {
if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) {
$data['bgcolor'] = $_REQUEST['bgcolor'];
}
}
saveData($data);
*/
/*
*/
$data = 'ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D';
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw=";
$data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw";
echo $data;
echo "\nEvaluates to: \n";
$decrypted = decrypt($data);
var_dump($decrypted);
echo "\nDecrypt Step 1: \n";
echo decrypt_step1($data);
// echo "\nDecrypt Step 2: \n";
// echo decrypt_step2($data);
echo "Trying some shit:\n";
$injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
var_dump($injected_cookie);
echo "\nIn encyrpted form!\n";
$encrypted_good = encrypt($injected_cookie);
var_dump($encrypted_good);
?>
<h1>natas11</h1>
<div id="content">
<body style="background:
Notice: Undefined variable: data in /in/FgBRt on line 109
;">
Cookies are protected with XOR encryption<br/><br/>
<?
// THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES
//if($data["showpassword"] == "yes") {
// print "The password for natas12 is <censored><br>";
//}
?>