3v4l.org

run code in 300+ PHP versions simultaneously
<? $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); function xor_encrypt($in) { //$key = '<censored>'; $key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function xor_with_key($in, $key) { //$key = '<censored>'; //$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function loadData($def) { global $_COOKIE; $mydata = $def; if(array_key_exists("data", $_COOKIE)) { $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true); if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) { $mydata['showpassword'] = $tempdata['showpassword']; $mydata['bgcolor'] = $tempdata['bgcolor']; } } } return $mydata; } function saveData($d) { setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); } // Taken from saveData() function encrypt($d){ return base64_encode(xor_encrypt(json_encode($d))); } function encrypt_step1($d){ return json_encode($d); } function encrypt_step2($d){ return xor_encrypt(json_encode($d)); } //Taken from loadData() function decrypt($d){ return json_decode(xor_encrypt(base64_decode($d)), true); } function decrypt_step1($d){ return base64_decode($d); } function decrypt_step2($d){ return xor_encrypt(base64_decode($d)); } /* $data = loadData($defaultdata); if(array_key_exists("bgcolor",$_REQUEST)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) { $data['bgcolor'] = $_REQUEST['bgcolor']; } } saveData($data); */ /* */ // Show password = NO // bgcolor = #ffffff // XORED with some key $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D"; $data = urldecode($data); echo "\n ENCRYPTED ASS COOKIE: \n"; var_dump($data); $xor_encrypted_json_orig = decrypt_step1($data); $json_orig = encrypt_step1(array( "showpassword"=>"no", "bgcolor"=>"#ffffff")); //$xored_to_get_the_key = xor_with_key($json_orig, $xor_encrypted_json_orig ); echo "\n"; echo "\n"; // echo "\nDecrypt Step 1 -> base64_decode(): \n"; // echo decrypt_step1($data); // echo "\nDecrypt Step 2 -> xor(): \n"; // echo decrypt_step2($data); // echo "\nDecrypt Step FINAL -> json_decode() \n"; // var_dump(decrypt($data)); // echo "\nJust creating the cookie from scratch:\n"; // $injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff"); // var_dump($injected_cookie); // echo "\nIn encyrpted form!\n"; // $encrypted_good = encrypt($injected_cookie); // var_dump($encrypted_good); ?> <? // THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES //if($data["showpassword"] == "yes") { // print "The password for natas12 is <censored><br>"; //} ?>
Output for 7.2.29 - 7.2.33, 7.3.16 - 7.3.31, 7.4.0 - 7.4.4, 7.4.6 - 7.4.32, 8.0.0 - 8.0.12, 8.0.14 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.4, 8.3.6
<? $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); function xor_encrypt($in) { //$key = '<censored>'; $key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function xor_with_key($in, $key) { //$key = '<censored>'; //$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function loadData($def) { global $_COOKIE; $mydata = $def; if(array_key_exists("data", $_COOKIE)) { $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true); if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) { $mydata['showpassword'] = $tempdata['showpassword']; $mydata['bgcolor'] = $tempdata['bgcolor']; } } } return $mydata; } function saveData($d) { setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); } // Taken from saveData() function encrypt($d){ return base64_encode(xor_encrypt(json_encode($d))); } function encrypt_step1($d){ return json_encode($d); } function encrypt_step2($d){ return xor_encrypt(json_encode($d)); } //Taken from loadData() function decrypt($d){ return json_decode(xor_encrypt(base64_decode($d)), true); } function decrypt_step1($d){ return base64_decode($d); } function decrypt_step2($d){ return xor_encrypt(base64_decode($d)); } /* $data = loadData($defaultdata); if(array_key_exists("bgcolor",$_REQUEST)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) { $data['bgcolor'] = $_REQUEST['bgcolor']; } } saveData($data); */ /* */ // Show password = NO // bgcolor = #ffffff // XORED with some key $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D"; $data = urldecode($data); echo "\n ENCRYPTED ASS COOKIE: \n"; var_dump($data); $xor_encrypted_json_orig = decrypt_step1($data); $json_orig = encrypt_step1(array( "showpassword"=>"no", "bgcolor"=>"#ffffff")); //$xored_to_get_the_key = xor_with_key($json_orig, $xor_encrypted_json_orig ); echo "\n"; echo "\n"; // echo "\nDecrypt Step 1 -> base64_decode(): \n"; // echo decrypt_step1($data); // echo "\nDecrypt Step 2 -> xor(): \n"; // echo decrypt_step2($data); // echo "\nDecrypt Step FINAL -> json_decode() \n"; // var_dump(decrypt($data)); // echo "\nJust creating the cookie from scratch:\n"; // $injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff"); // var_dump($injected_cookie); // echo "\nIn encyrpted form!\n"; // $encrypted_good = encrypt($injected_cookie); // var_dump($encrypted_good); ?> <? // THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES //if($data["showpassword"] == "yes") { // print "The password for natas12 is <censored><br>"; //} ?>
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0 <? $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); function xor_encrypt($in) { //$key = '<censored>'; $key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function xor_with_key($in, $key) { //$key = '<censored>'; //$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function loadData($def) { global $_COOKIE; $mydata = $def; if(array_key_exists("data", $_COOKIE)) { $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true); if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) { $mydata['showpassword'] = $tempdata['showpassword']; $mydata['bgcolor'] = $tempdata['bgcolor']; } } } return $mydata; } function saveData($d) { setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); } // Taken from saveData() function encrypt($d){ return base64_encode(xor_encrypt(json_encode($d))); } function encrypt_step1($d){ return json_encode($d); } function encrypt_step2($d){ return xor_encrypt(json_encode($d)); } //Taken from loadData() function decrypt($d){ return json_decode(xor_encrypt(base64_decode($d)), true); } function decrypt_step1($d){ return base64_decode($d); } function decrypt_step2($d){ return xor_encrypt(base64_decode($d)); } /* $data = loadData($defaultdata); if(array_key_exists("bgcolor",$_REQUEST)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) { $data['bgcolor'] = $_REQUEST['bgcolor']; } } saveData($data); */ /* */ // Show password = NO // bgcolor = #ffffff // XORED with some key $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D"; $data = urldecode($data); echo "\n ENCRYPTED ASS COOKIE: \n"; var_dump($data); $xor_encrypted_json_orig = decrypt_step1($data); $json_orig = encrypt_step1(array( "showpassword"=>"no", "bgcolor"=>"#ffffff")); //$xored_to_get_the_key = xor_with_key($json_orig, $xor_encrypted_json_orig ); echo "\n"; echo "\n"; // echo "\nDecrypt Step 1 -> base64_decode(): \n"; // echo decrypt_step1($data); // echo "\nDecrypt Step 2 -> xor(): \n"; // echo decrypt_step2($data); // echo "\nDecrypt Step FINAL -> json_decode() \n"; // var_dump(decrypt($data)); // echo "\nJust creating the cookie from scratch:\n"; // $injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff"); // var_dump($injected_cookie); // echo "\nIn encyrpted form!\n"; // $encrypted_good = encrypt($injected_cookie); // var_dump($encrypted_good); ?> <? // THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES //if($data["showpassword"] == "yes") { // print "The password for natas12 is <censored><br>"; //} ?>
Output for 7.0.0 - 7.0.20, 7.1.0 - 7.1.20, 7.2.6 - 7.2.8, 7.3.32 - 7.3.33, 7.4.33, 8.0.13
ENCRYPTED ASS COOKIE: string(56) "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw="
Output for 7.4.5

Process exited with code 137.
preferences:
176.3 ms | 401 KiB | 172 Q