3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<? $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); function xor_encrypt($in) { //$key = '<censored>'; $key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function xor_with_key($in, $key) { //$key = '<censored>'; //$key = 'U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK'; $text = $in; $outText = ''; // Iterate through each character for($i=0;$i<strlen($text);$i++) { $outText .= $text[$i] ^ $key[$i % strlen($key)]; } return $outText; } function loadData($def) { global $_COOKIE; $mydata = $def; if(array_key_exists("data", $_COOKIE)) { $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true); if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) { $mydata['showpassword'] = $tempdata['showpassword']; $mydata['bgcolor'] = $tempdata['bgcolor']; } } } return $mydata; } function saveData($d) { setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); } // Taken from saveData() function encrypt($d){ return base64_encode(xor_encrypt(json_encode($d))); } function encrypt_step1($d){ return json_encode($d); } function encrypt_step2($d){ return xor_encrypt(json_encode($d)); } //Taken from loadData() function decrypt($d){ return json_decode(xor_encrypt(base64_decode($d)), true); } function decrypt_step1($d){ return base64_decode($d); } function decrypt_step2($d){ return xor_encrypt(base64_decode($d)); } /* $data = loadData($defaultdata); if(array_key_exists("bgcolor",$_REQUEST)) { if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) { $data['bgcolor'] = $_REQUEST['bgcolor']; } } saveData($data); */ /* */ // Show password = NO // bgcolor = #ffffff // XORED with some key $data = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D"; $data = urldecode($data); echo "\n ENCRYPTED ASS COOKIE: \n"; var_dump($data); $xor_encrypted_json_orig = decrypt_step1($data); $json_orig = encrypt_step1(array( "showpassword"=>"no", "bgcolor"=>"#ffffff")); $xored_to_get_the_key = xor_with_key($json_orig, $xor_encrypted_json_orig ); echo "\nxor_encrypted_json_orig\n"; var_dump ($xor_encrypted_json_orig); echo "\njson_orig\n"; var_dump ($json_orig); echo "\nxored_to_get_the_key\n"; var_dump ($xored_to_get_the_key); echo "\n"; // echo "\nDecrypt Step 1 -> base64_decode(): \n"; // echo decrypt_step1($data); // echo "\nDecrypt Step 2 -> xor(): \n"; // echo decrypt_step2($data); // echo "\nDecrypt Step FINAL -> json_decode() \n"; // var_dump(decrypt($data)); // echo "\nJust creating the cookie from scratch:\n"; // $injected_cookie = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff"); // var_dump($injected_cookie); // echo "\nIn encyrpted form!\n"; // $encrypted_good = encrypt($injected_cookie); // var_dump($encrypted_good); ?> <? // THIS RIGH HERE IS THE KEY. YOU NEED TO MAKE SHOW PASSWORD = YES //if($data["showpassword"] == "yes") { // print "The password for natas12 is <censored><br>"; //} ?>
based on lgYtG
Output for 5.6.0 - 5.6.30, hhvm-3.15.4, 7.0.0 - 7.3.0beta1
ENCRYPTED ASS COOKIE: string(56) "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw=" xor_encrypted_json_orig string(41) " UK"H+O%pSWh]UZ-T%UhR^,^h " json_orig string(41) "{"showpassword":"no","bgcolor":"#ffffff"}" xored_to_get_the_key string(41) "qw8Jqw8Jqw8Jqw8Jqw8Jqw8Jqw8Jqw8Jqw8Jqw8Jq"