3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<? $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); function xor_encrypt($in) { //$key = '<censored>'; $key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function loadData($def) { global $_COOKIE; $mydata = $def; if(array_key_exists("data", $_COOKIE)) { $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true); if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) { $mydata['showpassword'] = $tempdata['showpassword']; $mydata['bgcolor'] = $tempdata['bgcolor']; } } } return $mydata; } function saveData($d) { setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); } // Taken from saveData() function encrypt($d){ return base64_encode(xor_encrypt(json_encode($d))); } function encrypt_step1($d){ return json_encode($d); } function encrypt_step2($d){ return xor_encrypt(json_encode($d)); } //Taken from loadData() function decrypt($d){ return json_decode(xor_encrypt(base64_decode($d)), true); } function decrypt_step1($d){ return base64_decode($d); } function decrypt_step2($d){ return xor_encrypt(base64_decode($d)); } /* $data = loadData($defaultdata); if(array_key_exists("bgcolor",$_REQUEST)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) { $data['bgcolor'] = $_REQUEST['bgcolor']; } } saveData($data); */ /* */ $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw"; $data = 'ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D'; $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw="; echo $data; echo "\nEvaluates to: \n"; $decrypted = decrypt($data); var_dump($decrypted); echo "\nDecrypt Step 1: \n"; echo decrypt_step1($data); // echo "\nDecrypt Step 2: \n"; // echo decrypt_step2($data); echo "Trying some shit:\n"; $injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff"); var_dump($injected_cookie); echo "\nIn encyrpted form!\n"; $encrypted_good = encrypt($injected_cookie); var_dump($encrypted_good); ?> <h1>natas11</h1> <div id="content"> <body style="background: <?=$data['bgcolor']?>;"> Cookies are protected with XOR encryption<br/><br/> <? // THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES //if($data["showpassword"] == "yes") { // print "The password for natas12 is <censored><br>"; //} ?>
based on FgBRt
Output for 5.6.0 - 5.6.30, 7.0.0 - 7.3.0beta1
ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw= Evaluates to: NULL Decrypt Step 1: UK"H+O%pSWh]UZ-T%UhR^/^h Trying some shit: array(2) { ["showpassword"]=> string(3) "yes" ["bgcolor"]=> string(7) "#ffffff" } In encyrpted form! string(56) "LhpBGVojMyw+Ik4XByJNcxEdPCsUHVFVKDkrVSU5TXF3G1QXUzIlK28s" <h1>natas11</h1> <div id="content"> <body style="background: Warning: Illegal string offset 'bgcolor' in /in/kt2CI on line 110 C;"> Cookies are protected with XOR encryption<br/><br/>
Output for hhvm-3.15.4
ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4vFBFeaAw= Evaluates to: NULL Decrypt Step 1: UK"H+O%pSWh]UZ-T%UhR^/^h Trying some shit: array(2) { ["showpassword"]=> string(3) "yes" ["bgcolor"]=> string(7) "#ffffff" } In encyrpted form! string(56) "LhpBGVojMyw+Ik4XByJNcxEdPCsUHVFVKDkrVSU5TXF3G1QXUzIlK28s" <h1>natas11</h1> <div id="content"> <body style="background: C;"> Cookies are protected with XOR encryption<br/><br/>