-
Content count
26 -
Joined
-
Last visited
Posts posted by Zaseth
-
-
Something I created when I was bored. Don't even take it serious though.
<?php // By Zaseth. FTP not tested. $ftp_server = "ftp.example.com"; $conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server"); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { echo 'Seems to be Windows.'; echo exec('dir'); } else { echo 'Seems to be a distribution of Linux.'; $output = shell_exec('ls -lart'); echo "<pre>$output</pre>"; echo exec('whoami'); } echo "------------------------"; $filename = 'Kitsune.sql'; if (file_exists($filename)) { echo "Seems to be Kitsune."; } else { echo "This doesnt seem to be $filename"; } $myfile = fopen("Login.xml", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile,filesize("Login.xml")); fclose($myfile); $myfile3 = fopen("Database.xml", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile3,filesize("Database.xml")); fclose($myfile3); $myfile2 = fopen("Kitsune\Logging\Logs\Warn.txt", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile2,filesize("Kitsune\Logging\Logs\Warn.txt")); fclose($myfile2); ?>
-
It would be cool if there would be userbars under your name. Just a little more customization!
As example:
- 2
-
This Python script will find for any webshell. It uses a wordlist for that.
You need:
Python 3x
Hope you enjoy!
-
I will list some Javascript frameworks that are worth looking at.
The list:
Meteor
Vue
Knockout.
Angular
React
Head.
MustacheEmber
Backbone
Lodash and Underscore
jQuery
RxJS
Mobx
-
So SWFObject & SWFAddress are both used in the CP play page.
These ''Javascript'' frameworks are for prettifying (and importing) SWF files into a homepage.
Now this is a format of SWFObject's usage:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="swfobject.js"></script> <script type="text/javascript"> swfobject.registerObject("myFlashContent", "9.0.0"); </script> </head> <body> <div> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="800" height="600" id="myFlashContent"> <param name="movie" value="untitled.swf" /> <!--[if !IE]>--> <object type="application/x-shockwave-flash" data="untitled.swf" width="800" height="600"> <!--<![endif]--> <a href="http://www.adobe.com/go/getflashplayer"> <img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" /> </a> <!--[if !IE]>--> </object> <!--<![endif]--> </object> </div> </body> </html>
So now you are thinking probably: It's a large piece of code. Is there any way to actually generate this with a ton of options?
Well yes, there is and you can find that here: https://raw.githubusercontent.com/swfobject/swfobject/master/swfobject_generator/html/index.html
SWFAddress is there for using hyperlinks. Basically adding #xdd into your URL.
These are both pretty small projects and frameworks, but CP always used them.
You can find SWFAddress here: http://www.asual.com/swfaddress/
- 1
-
You can also use Sweetalert. I think it looks pretty nice and it is very stylish.
You can find it here: http://t4t5.github.io/sweetalert/
-
Just now, Jamie said:Thanks my love
Ssssh let's not make our love public.
-
Hey all.
There's a free program to check your own PHP code for vulnerabilities.
You can run this program on XAMPP.
The PHP checker: https://sourceforge.net/projects/rips-scanner/
The SQL query checker is site-based.
You can find it here: http://www.sqlparser.com/sql-injection-detector/
-
Someone gave this to me. It has a ton of CPPS sources.
Download:
https://drive.google.com/uc?id=0B7VzJNrahSLsclM5dmNZaXd6YlE&export=download
- 1
-
I ripped some stuff together and eventually created this.
You can find it here: https://pastebin.com/raw/N7h0u7MD
-
-
Something that I created when I was bored.
This could be used for serious trolling.
*NOTE*: THIS IS NOT REAL.
Download:
-
I still had this somewhere.
Download:
https://mega.nz/#!t4YwUDYD!NRJLlxeVSqpqyHk6e2NrB2VL3lUKrOwMkGgqLHqIX_o
-
-
-
-
Some cool custom .SWF
Download:
https://mega.nz/#!Z1JRRCgJ!la2Pnf2aPd8g4wD4hYS-GtDB_Qp-lf9ww_LsHLE2VPo
-
Hey guys.
So I have the CP Play Page of Feb 2012.
I cleaned it and updated the JavaScript.
Download:
- 1
-
Some SWF files, webpages and sources from those old days. I hope you enjoy!
Download:https://mega.nz/#!cwJ1wQ7Y!2ghZJDBgvXHdIP-zDBmrqDpkK_Q3DXoYUG-nPigOdQA
-
Looks great. I also have some SWF's stored on a place:
-
2 minutes ago, Kevin said:I edited your topic to put your code inside the code tags, make sure you do so whenever you post code.
Nice topic Zaseth, I am sure this will help a lot of users who want to make their own registration/login form.
I'm on a phone so Lmao. Dropping a lot of my stuff in content releases tomorrow.
-
I've seen a lot of people also using insecure crossdomain.xml configs. This file is for domains that can connect etc. When it's insecure, an attacker can upload malicious SWF content.
Insecure crossdomain.xml:
<?
xml
version
=
"1.0"
?>
<
cross-domain-policy
>
<
allow-access-from
domain
=
"*"
/>
</
cross-domain-policy
>
The following is a correct crossdomain.xml:
<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.xdd.com" /> <allow-access-from domain="xdd.com" /> </cross-domain-policy>
-
Really simple small 'tutorial'
Now as an example, I've seen people use this:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- form contents --> </form>
Please NEVER use this. This is vulnerable to XSS because there's no htmlentities. The xss code gets reflected and executed.
What you should do:
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
What happens is that the htmlentities breaks the <script> part of a xss injection. The injection then will not work.
You can also use strip_tags.
Example of mysql real escaping:
$xdd = $_POST["xdd"]; $xdd = mysqli_real_escape_string($xdd); $xdd = htmlentities($xdd);
You can also add some javascript stuff to your register. I created some javascript register here: https://pastebin.com/EWs5RgSS
This includes:
Disallow special characters
Max length
Password generator
Email can only contain regex
These also make xss impossible
- 1
-
Don't even try to help this person. She will keep bugging you and she will eventually insult you. Many people told her 'no'
- 1
How to check for vulnerabilities in your PHP code and SQL queries.
in Releases
Posted · Report reply
Look, If you don't like this thread then just don't comment on it. There's a paid version that is upto date.