|
Mostrar Temas
|
Páginas: [1] 2 3 4
|
1
|
Programación / Scripting / Admin Panel Finder [By 2Fac3R]
|
en: 29 Julio 2015, 21:09 pm
|
Les dejo este Admin Panel Finder en Python (acabo de publicar uno en PHP jeje) espero les sea de utilidad. # -----------------------------# # Admin Panel Finder By 2Fac! # # v1.0 2013 # # # # UnderC0de # # -----------------------------# import os, sys, httplib os.system("clear") panel = ["/admin1.php", "/admin1.html", "/admin2.php", "/admin2.html", "/yonetim.php", "/yonetim.html", "/yonetici.php", "/yonetici.html", "/ccms/", "/ccms/login.php", "/ccms/index.php", "/maintenance/", "/webmaster/", "/adm/", "/configuration/", "/configure/", "/websvn/", "/admin/", "/admin/account.php", "/admin/account.html","/admin/index.php","/admin/index.html", "/admin/login.php", "/admin/login.html", "/admin/home.php", "/admin/controlpanel.html", "/admin/controlpanel.php", "/admin.php", "/admin.html", "/admin/cp.php", "/admin/cp.html", "/cp.php", "/cp.html", "/administrator/", "/administrator/index.html", "/administrator/index.php", "/administrator/login.html", "/administrator/login.php", "/administrator/account.html", "/administrator/account.php", "/administrator.php", "/administrator.html", "/login.php", "/login.html", "/modelsearch/login.php", "/moderator.php", "/moderator.html", "/moderator/login.php", "/moderator/login.html", "/moderator/admin.php", "/moderator/admin.html", "/moderator/", "/account.php", "/account.html", "/controlpanel/","/admincontrol.php","/admincontrol.html", "/adminpanel.php","/adminpanel.html","/admin1.asp","/admin2.asp","/yonetim.asp","/yonetici.asp", "/admin/account.asp","/admin/index.asp","/admin/login.asp","/admin/home.asp","/admin/controlpanel.asp", "/admin.asp","/admin/cp.asp","/cp.asp","/administrator/index.asp","/administrator/login.asp", "/administrator/account.asp","/administrator.asp","/login.asp","/modelsearch/login.asp","/moderator.asp", "/moderator/login.asp","/moderator/admin.asp","/account.asp","/controlpanel.asp","/admincontrol.asp", "/adminpanel.asp","/fileadmin/","/fileadmin.php","/fileadmin.asp","/fileadmin.html","/administration/", "/administration.php","/administration.html","/sysadmin.php","/sysadmin.html","/phpmyadmin/","/myadmin/", "/sysadmin.asp","/sysadmin/","/ur-admin.asp","/ur-admin.php","/ur-admin.html","/ur-admin/","/Server.php", "/Server.html","/Server.asp","/Server/","/wp-admin/","/administr8.php","/administr8.html","/administr8/", "/administr8.asp","/webadmin/","/webadmin.php","/webadmin.asp","/webadmin.html","/administratie/","/admins/", "/admins.php","/admins.asp","/admins.html","/administrivia/","/Database_Administration/","/WebAdmin/", "/useradmin/","/sysadmins/","/admin1/","/system-administration/","/administrators/","/pgadmin/","/directadmin/", "/staradmin/","/ServerAdministrator/","/SysAdmin/","/administer/","/LiveUser_Admin/","/sys-admin/","/typo3/", "/panel/","/cpanel/","/cPanel/","/cpanel_file/","/platz_login/","/rcLogin/","/blogindex/","/formslogin/", "/autologin/","/support_login/","/meta_login/","/manuallogin/","/simpleLogin/","/loginflat/","/utility_login/", "/showlogin/","/memlogin/","/members/","/login-redirect/","/sub-login/","/wp-login/","/login1/","/dir-login/", "/login_db/","/xlogin/","/smblogin/","/customer_login/","/UserLogin/","/login-us/","/acct_login/", "/admin_area/","/bigadmin/","/project-admins/","/phppgadmin/","/pureadmin/","/sql-admin/","/radmind/", "/openvpnadmin/","/wizmysqladmin/","/vadmind/","/ezsqliteadmin/","/hpwebjetadmin/","/newsadmin/","/adminpro/", "/Lotus_Domino_Admin/","/bbadmin/","/vmailadmin/","/Indy_admin/","/ccp14admin/","/irc-macadmin/", "/banneradmin/","/sshadmin/","/phpldapadmin/","/macadmin/","/administratoraccounts/","/admin4_account/", "/admin4_colon/","/radmind-1/","/Super-Admin/","/AdminTools/","/cmsadmin/","/SysAdmin2/","/globes_admin/", "/cadmins/","/phpSQLiteAdmin/","/navSiteAdmin/","/server_admin_small/","/logo_sysadmin/","/server/", "/database_administration/","/power_user/","/system_administration/","/ss_vms_admin_sm/","/administrador", "/administracion","/moderacion","/moderador","/phpMyAdmin/","/phpmyadmin/","/PMA/","/admin/","/dbadmin/", "/mysql/","/myadmin/","/phpmyadmin2/","/phpMyAdmin2/","/phpMyAdmin-2/","/php-my-admin/","/phpMyAdmin-2.2.3/", "/phpMyAdmin-2.2.6/","/phpMyAdmin-2.5.1/","/phpMyAdmin-2.5.4/","/phpMyAdmin-2.5.5-rc1/", "/phpMyAdmin-2.5.5-rc2/","/phpMyAdmin-2.5.5/","/phpMyAdmin-2.5.5-pl1/","/phpMyAdmin-2.5.6-rc1/", "/phpMyAdmin-2.5.6-rc2/","/phpMyAdmin-2.5.6/","/phpMyAdmin-2.5.7/","/phpMyAdmin-2.5.7-pl1/", "/phpMyAdmin-2.6.0-alpha/","/phpMyAdmin-2.6.0-alpha2/","/phpMyAdmin-2.6.0-beta1/","/phpMyAdmin-2.6.0-beta2/", "/phpMyAdmin-2.6.0-rc1/","/phpMyAdmin-2.6.0-rc2/","/phpMyAdmin-2.6.0-rc3/","/phpMyAdmin-2.6.0/", "/phpMyAdmin-2.6.0-pl1/","/phpMyAdmin-2.6.0-pl2/","/phpMyAdmin-2.6.0-pl3/","/phpMyAdmin-2.6.1-rc1/", "/phpMyAdmin-2.6.1-rc2/","/phpMyAdmin-2.6.1/","/phpMyAdmin-2.6.1-pl1/","/phpMyAdmin-2.6.1-pl2/", "/phpMyAdmin-2.6.1-pl3/","/phpMyAdmin-2.6.2-rc1/","/phpMyAdmin-2.6.2-beta1/","/phpMyAdmin-2.6.2-rc1/", "/phpMyAdmin-2.6.2/","/phpMyAdmin-2.6.2-pl1/","/phpMyAdmin-2.6.3/","/phpMyAdmin-2.6.3-rc1/", "/phpMyAdmin-2.6.3/","/phpMyAdmin-2.6.3-pl1/","/phpMyAdmin-2.6.4-rc1/","/phpMyAdmin-2.6.4-pl1/", "/phpMyAdmin-2.6.4-pl2/","/phpMyAdmin-2.6.4-pl3/","/phpMyAdmin-2.6.4-pl4/","/phpMyAdmin-2.6.4/", "/phpMyAdmin-2.7.0-beta1/","/phpMyAdmin-2.7.0-rc1/","/phpMyAdmin-2.7.0-pl1/","/phpMyAdmin-2.7.0-pl2/", "/phpMyAdmin-2.7.0/","/phpMyAdmin-2.8.0-beta1/","/phpMyAdmin-2.8.0-rc1/","/phpMyAdmin-2.8.0-rc2/", "/phpMyAdmin-2.8.0/","/phpMyAdmin-2.8.0.1/","/phpMyAdmin-2.8.0.2/","/phpMyAdmin-2.8.0.3/", "/phpMyAdmin-2.8.0.4/","/phpMyAdmin-2.8.1-rc1/","/phpMyAdmin-2.8.1/","/phpMyAdmin-2.8.2/", "/phpMyAdmin-3.4.6-rc1/","/phpMyAdmin-3.4.5/","/phpMyAdmin-3.4.4/","/phpMyAdmin-3.3.10.4/", "/phpMyAdmin-3.4.3.2/","/phpMyAdmin-3.3.10.3/","/phpMyAdmin-3.4.3.1/","/phpMyAdmin-3.4.3/", "/phpMyAdmin-3.4.2/","/phpMyAdmin-3.4.1/","/phpMyAdmin-3.3.10.1/","/phpMyAdmin-3.4.0/","/phpMyAdmin-3.3.10/", "/phpMyAdmin-2.1.0/","/phpMyAdmin-2.0.5/","/phpMyAdmin-1.3.0/","/phpMyAdmin-1.1.0/","/phpMyAdmin-3.3.9.2/", "/phpMyAdmin-2.11.11.3/","/phpMyAdmin-3.3.9.1/","/phpMyAdmin-3.3.9/","/phpMyAdmin-3.3.8.1/", "/phpMyAdmin-2.11.11.1/","/phpMyAdmin-3.3.8/","/phpMyAdmin-3.3.7/","/phpMyAdmin-2.11.11/", "/phpMyAdmin-3.3.6/","/phpMyAdmin-3.3.5.1/","/phpMyAdmin-2.11.10.1/","/sqlmanager/","/mysqlmanager/","/p/m/a/", "/PMA2005/","/pma2005/","/phpmanager/","/php-myadmin/","/phpmy-admin/","/webadmin/","/sqlweb/","/websql/", "/webdb/","/mysqladmin/","/mysql-admin/"] def h(): print """ # -----------------------------# # Admin Panel Finder By 2Fac! # # v1.0 2013 # # # # UnderC0de.Org # # -----------------------------# """ h() def uso(): print "\n Sintaxis : ",sys.argv[0]," <host> \n" def greets(): print """ \t\tGr33tz to: \nxt3mp, arcangel_nigth, ANTRAX, 11Sep, Kr34t0r, GAMARRA, SkippyCreammy, \nv1c0_h4ck, w4rning, etc, etc . \n\t\t\t Underc0de.Org""" def res(url,path): con = httplib.HTTPConnection(url) con.request("GET",path) return con.getresponse().status def buscar(url): print "\n Searching...\n\n" for path in panel: try: code = res(url,path) if code ==200: print "FOUND --> "+url+path except(KeyboardInterrupt): uso() except: pass if len(sys.argv) != 2 : uso() else: buscar(sys.argv[1]) greets()
Espero que les sea de utilidad Zalu2
|
|
|
2
|
Seguridad Informática / Nivel Web / Form-Tampering PoC
|
en: 29 Julio 2015, 21:06 pm
|
Siguiendo con la práctica y los POC que he estado realizando, me doy cuenta que en esta sección, una de las cosas que falta es este bug llamado " Form Tampering", ya hay bastante información sobre XSS, SQLi, webshells, etc, etc. Así que empecemos. FORM TAMPERING Este metodo consiste en modificar los datos "ocultos" del formulario que use la web victima para algun beneficio, en este ejemplo, veremos un simple (bastante sencillo xD) ejemplo sobre un "carrito de compra", para modificar los precios de los productos. codigo.php<?php // Form tampering bug PoC $presupuesto = 100; function correcto(){ global $compra; echo "Felicidades $compra comprado correctamente"; } if(isset($_POST['producto']) && !empty($_POST['producto'])){ if($presupuesto >= $_POST['v_botella']){ correcto(); }else if ($presupuesto >= $_POST['v_cervesa']){ correcto(); }else{ echo "Lo sentimos, no tienes los fondos suficientes"; } }else{ if(isset($_POST['send'])){ die("Debes seleccionar un producto"); } echo "Tu presupuesto es : $presupuesto"; ?> <form action="" method="POST"> <select name="producto"> <option value="Botella"> Botella </option> <option value="Cerveza"> Cervesa </option> </select> <input type="hidden" name="v_botella" value="500"> <input type="hidden" name="v_cervesa" value="200"> <input type="submit" name="send" value="Comprar!"> </form> <?}?>
Como podemos observar, tenemos los precios de los productos en un atributo "hidden". Bien, ¿Cómo podemos aprovecharnos de eso?. MODIFICANDO CABECERAS HTTP Lo que vamos a hacer, es "sniffear" lo que nuestro navegador manda al servidor (cabeceras http), vamos a hacer esto con el http live headers (Add-on de Firefox). Despues de instalarlo en nuestro navegador, vamos a la página donde tenemos alojado nuestro PoC y abrimos el add-on, hacemos una petición simplemente "tratando" de comprar un producto y nos damos cuenta que en el live headers nos ha salido la petición http que hemos hecho. Algo así: Host: 127.0.0.1 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://127.0.0.1/bugs/formtamp.phpContent-Type: application/x-www-form-urlencode2d Content-Length: 60 Y: producto=Botella&v_botella=500&v_cervesa=200&send=Comprar%21 Ahora vemos que podemos modificar los valores de los productos, cambiamos a 0 y le damos a repetir/replayproducto=Botella&v_botella=00&v_cervesa=00&send=Comprar%21 Y vuala! , hemos comprado el producto Espero les sea de ayuda, cualquier duda, comentario y/o sugerencia publiquen aquí mismo. Zalu2
|
|
|
3
|
Programación / PHP / [PHP] Admin Panel Finder
|
en: 29 Julio 2015, 20:59 pm
|
Creo que un buscador de panel de administración es muy importante a la hora de ya saben así que les dejo este que lo tengo desde hace mucho. <?php $list['front'] ="admin adm admincp admcp cp modcp moderatorcp adminare admins cpanel controlpanel"; $list['end'] = "admin1.php admin1.html admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html ccms/ ccms/login.php ccms/index.php maintenance/ webmaster/ adm/ configuration/ configure/ websvn/ admin/ admin/account.php admin/account.html admin/index.php admin/index.html admin/login.php admin/login.html admin/home.php admin/controlpanel.html admin/controlpanel.php admin.php admin.html admin/cp.php admin/cp.html cp.php cp.html administrator/ administrator/index.html administrator/index.php administrator/login.html administrator/login.php administrator/account.html administrator/account.php administrator.php administrator.html login.php login.html modelsearch/login.php moderator.php moderator.html moderator/login.php moderator/login.html moderator/admin.php moderator/admin.html moderator/ account.php account.html controlpanel/ controlpanel.php controlpanel.html admincontrol.php admincontrol.html adminpanel.php adminpanel.html admin1.asp admin2.asp yonetim.asp yonetici.asp admin/account.asp admin/index.asp admin/login.asp admin/home.asp admin/controlpanel.asp admin.asp admin/cp.asp cp.asp administrator/index.asp administrator/login.asp administrator/account.asp administrator.asp login.asp modelsearch/login.asp moderator.asp moderator/login.asp moderator/admin.asp account.asp controlpanel.asp admincontrol.asp adminpanel.asp fileadmin/ fileadmin.php fileadmin.asp fileadmin.html administration/ administration.php administration.html sysadmin.php sysadmin.html phpmyadmin/ myadmin/ sysadmin.asp sysadmin/ ur-admin.asp ur-admin.php ur-admin.html ur-admin/ Server.php Server.html Server.asp Server/ wp-admin/ administr8.php administr8.html administr8/ administr8.asp webadmin/ webadmin.php webadmin.asp webadmin.html administratie/ admins/ admins.php admins.asp admins.html administrivia/ Database_Administration/ WebAdmin/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cPanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ members/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ admin_area/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ server/ database_administration/ power_user/ system_administration/ ss_vms_admin_sm/ adminarea/ bb-admin/ adminLogin/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ admin/admin.php admin_area/admin.php admin_area/login.php siteadmin/login.php siteadmin/index.php siteadmin/login.html admin/admin.html admin_area/index.php bb-admin/index.php bb-admin/login.php bb-admin/admin.php admin_area/login.html admin_area/index.html admincp/index.asp admincp/login.asp admincp/index.html webadmin/index.html webadmin/admin.html webadmin/login.html admin/admin_login.html admin_login.html panel-administracion/login.html nsw/admin/login.php webadmin/login.php admin/admin_login.php admin_login.php admin_area/admin.html pages/admin/admin-login.php admin/admin-login.php admin-login.php bb-admin/index.html bb-admin/login.html bb-admin/admin.html admin/home.html pages/admin/admin-login.html admin/admin-login.html admin-login.html admin/adminLogin.html adminLogin.html home.html rcjakar/admin/login.php adminarea/index.html adminarea/admin.html webadmin/index.php webadmin/admin.php user.html modelsearch/login.html adminarea/login.html panel-administracion/index.html panel-administracion/admin.html modelsearch/index.html modelsearch/admin.html admincontrol/login.html adm/index.html adm.html user.php panel-administracion/login.php wp-login.php adminLogin.php admin/adminLogin.php home.php adminarea/index.php adminarea/admin.php adminarea/login.php panel-administracion/index.php panel-administracion/admin.php modelsearch/index.php modelsearch/admin.php admincontrol/login.php adm/admloginuser.php admloginuser.php admin2/login.php admin2/index.php adm/index.php adm.php affiliate.php adm_auth.php memberadmin.php administratorlogin.php admin/admin.asp admin_area/admin.asp admin_area/login.asp admin_area/index.asp bb-admin/index.asp bb-admin/login.asp bb-admin/admin.asp pages/admin/admin-login.asp admin/admin-login.asp admin-login.asp user.asp webadmin/index.asp webadmin/admin.asp webadmin/login.asp admin/admin_login.asp admin_login.asp panel-administracion/login.asp adminLogin.asp admin/adminLogin.asp home.asp adminarea/index.asp adminarea/admin.asp adminarea/login.asp panel-administracion/index.asp panel-administracion/admin.asp modelsearch/index.asp modelsearch/admin.asp admincontrol/login.asp adm/admloginuser.asp admloginuser.asp admin2/login.asp admin2/index.asp adm/index.asp adm.asp affiliate.asp adm_auth.asp memberadmin.asp administratorlogin.asp siteadmin/login.asp siteadmin/index.asp ADMIN/ paneldecontrol/ login/ cms/ admon/ ADMON/ administrador/ ADMIN/login.php panelc/ ADMIN/login.html"; function template() { echo ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta **********="Content-Type" *********"text/html; charset=utf-8" /> <title>Admin page Finder </title> <style type="text/css"> h1.technique-two { width: 795px; height: 120px; background: url(http://x0rg.org/styles/blackbox_red/imageset/site_logo.gif) no-repeat top center; margin: 0 auto; } body{ background: #070707; margin: 0; padding: 0; padding-top: 10px; color: #FFF; font-family: Calibri; font-size: 13px; } a{ color: #FFF; text-decoration: none; font-weight: bold; } .wrapper{ width: 1000px; margin: 0 auto; } .tube{ padding: 10px; } .red{ width: 998px; border: 1px solid #e52224; background: #191919; color: #e52224 } .red input{ background: #000; border: 1px solid #e52224; color: #FFF; } .blue{ float: left; width: 1000px; border: 1px solid #1d7fc3; background: #191919; color: #1d7fc3; } .green{ float: left; width: 1000px; border: 1px solid #5fd419; background: #191919; color: #5fd419; } </style> <script type="text/javascript"> <!-- function insertcode($text, $place, $replace) { var $this = $text; var logbox = document.getElementById($place); if($replace == 0) document.getElementById($place).innerHTML = logbox.innerHTML+$this; else document.getElementById($place).innerHTML = $this; //document.getElementById("helpbox").innerHTML = $this; } --> </script> </head> <body> <br /> <br /> <h1 class="technique-two"> </h1> <div class="wrapper"> <div class="red"> <div class="tube"> <form action="" method="post" name="xploit_form"> URL:<br /><input type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 100%;" /><br /><br /> 404string:<br /><input type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 100%;" /><br /><br /> <span style="float: right;"><input type="submit" name="xploit_submit" value="go for it" align="right" /></span> </form> <br /> </div> <!-- /tube --> </div> <!-- /red --> <br /> <div class="green"> <div class="tube" id="rightcol"> Verificat: <span id="verified">0</span> / <span id="total">0</span><br /> Found ones:<br /> </div> <!-- /tube --> </div> <!-- /green --> <br clear="all" /><br /> <div class="blue"> <div class="tube" id="logbox"> <br /> <br /> Admin page Finder <br /><br /> </div> <!-- /tube --> </div> <!-- /blue --> </div> <!-- /wrapper --> <br clear="all">'; } function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) { if($br == 1) $msg .= "<br />"; echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>"; } function check($x, $front=0) { global $_POST,$site,$false; if($front == 0) $t = $site.$x; else $t = 'http://'.$x.'.'.$site.'/'; if (!eregi('200', $headers[0])) return 0; if($_POST['xploit_404string'] == "") if($data == $false) return 0; if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0; return 1; } // -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- template(); if($_POST['xploit_url'] == '') die; $site = $_POST['xploit_url']; if ($site[strlen($site)-1] != "/") $site .= "/"; if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html"); $list['front'] = str_replace("\r", "", $list['front']); $pathes = explode("\n", $list['end']); $frontpathes = explode("\n", $list['front']); show (count($pathes)+count($frontpathes), 1, 0, 'total', 1);$verificate = 0; foreach($pathes as $path) { show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($path) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0); } } preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1]; foreach($frontpathes as $frontpath) { show('Checking <!-- m --><a class="postlink" href="http://&#39;.$frontpath.&" onclick="window.open(this.href);return false;">http://&#39;.$frontpath.&</a><!-- m -->#39;.'.$site.'/ : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0); } } ?>
Creditos a http://x0rg.org espero les sirva como a mi. Zalu2
|
|
|
4
|
Programación / PHP / [PHP] Is online? v3.0 (tool)
|
en: 29 Julio 2015, 20:57 pm
|
Con la idea de seguir mejorando los códigos, les comparto otro que he modificado y mejorado. <!DOCTYPE html> <title> Is online? v3.0 By 2Fac3R</title> <style> body,html{ background-color:black; color:green; } #ok{ font-weight:bold; } #bad{ font-weight:bold; color:red; } </style> <center> <pre> .___ ________ .__ .__ _________ | | ______ \_____ \ ____ | | |__| ____ ___\_____ \ | |/ ___/ / | \ / \| | | |/ \_/ __ \ / __/ | |\___ \ / | \ | \ |_| | | \ ___/| | |___/____ > \_______ /___| /____/__|___| /\___ >___| \/ \/ \/ \/ \/<___> </pre> <form action="" method="POST"> URL: <input type="text" name="page" value="http://"> <input type="submit" name="send" value="Comprobar!"> </form> <br> <i>By 2Fac3R</i> <br> <br> <?php /* ¿Is online? 3.0 By 2Fac3R Verificar si un servidor web esta online */ function verificar($url) { echo fopen($url,'r') ? "$url <div id='ok'>Online</div>" : "$url <div id='bad'>Offline</div>"; }else{ echo '<script>alert("URL/IP no valida!");window.location=""</script>'; } } if(!empty($_POST['page'])){ verificar($_POST['page']); } ?> <br><b>Gr33tz to:</b> <br> <br> xt3mp, arcangel_nigth, ANTRAX, 11Sep, Kr34t0r, GAMARRA, SkippyCreammy, v1c0_h4ck <br> w4rning, Snifer, arthusu, Kodeinfect, [Q]3rV[0], WilyXem, m3x1c0h4ck, etc, etc, etc ... <br> <br> <a href="http://www.underc0de.org"><b>Underc0de.Org</b></a> </center>
Espero le den utilidad. Zalu2
|
|
|
5
|
Programación / PHP / [ENG] Validation (Hashphp.org)
|
en: 29 Julio 2015, 20:54 pm
|
Validating User InputAs many of you might be aware, one of the staples of any web application security is to make sure that data passed to you from the user won't break your application or otherwise damage your data. Just like you'd check to see who is at the door of your house before you let them in, you'd check user supplied data to see if it is acceptable for whatever you intend to use it for. Another reason to validate input is simply because you can provide more intuative responses to the user. They may hit a letter by accident while typing in a number. It is far more clear to the user if you inform them that they've made a mistake and allow them to correct it, rather than have the application break, or worse, have the application continue with an unexpected result. In PHP, user input arrives as one of two types: an array, or a string. Since the most common form of validation involves checking to see if the user has provided a valid integer representation inside one of the string values, we will focus on this point. What Could Possibly Happen If I Don't?Well, it largely depends on what your application is doing. It could be as simple as throwing a big ugly error, but it could also be a lot worse. Take the following highly insecure code example: <?php $user_id = 1; $connection = mysql_connect('myserver.com', 'username', 'password'); $query = "SELECT secret_data FROM mytable WHERE string_col = '{$_GET['string_col']}' AND int_col = {$_GET['int_col']} AND user_id={$user_id}"; ?>
This piece of code seems simple enough. Open a connection to 'myserver.com', and select a row from 'mytable'. What could possibly go wrong? As it turns out, quite a lot. This particular piece of code has two very distinct problems which we'll look at. First off, we're not validating the user input at all. This is a problem in cases where the program expects a certain kind of input and we don't explicitly check for that input. I've purposefully labeled the columns "int_col" and "string_col" to let you know what types they are in the table. Notice that one is specifically an integer. Now, if the user enters a non-integer value in to that column, the query will error. What not to doMany people will be tempted to use one or more of the following when faced with validating integers: Cast the input to INT Use ctype_digit() Use is_numeric() These are all the wrong ways to approach this problem. Why casting to INT is badCasting to INT is often not a good idea from the standpoint that the behaviour is confusing to the user. For example if they accidentally enter the value "123r5" casting to INT will make this value "123". This could lead to results that simply don't make sense from the user's perspective. It is a much better idea to reject the input and ask them to enter a whole number. Why ctype_digit() is badctype_digit() has two main flaws when dealing with integer validation: It is incapable of dealing with signed numbers, so we can't validate negative values If the number is cast to an INT, it will treat the values from 0 - 255 as a character rather than a number Why is_numeric() is badMany people reach for is_numeric() thinking this is a good approach, and it will seem to work just fine. However the problem with is_numeric() isn't that it can't detect an integer, it is that it detects a lot more than just integers. All of the following are valid numbers to is_numeric(): 1 1.123 0xFF +0123.45e6 See the problem? If we really want just an integer, this function is too broad. So, how do I fix it?The best way to fix this sort of validation issue is to use php's filter library. This library is designed to help you check and sanitize user input. For example, we could change our application to use filter_var() and it might look like this: <?php // do some validation first! if (filter_var($_GET['int_col'], FILTER_VALIDATE_INT ) === false) { die('You must enter a valid integer!'); } $user_id = 1; $connection = mysql_connect('myserver.com', 'username', 'password'); $query = "SELECT secret_data FROM mytable WHERE string_col = '{$_GET['string_col']}' AND int_col = {$_GET['int_col']} AND user_id={$user_id}"; ?>
Now if we try to enter anything but a number for $_GET['int_col'] it won't get to the point where it asks MySQL for data. These kinds of validations are perfect for form data, and can allow you to decide to render the form again with errors to inform the user that they have made a mistake, and to try again. However, we're not quite finished here just yet. There is a remaining problem. The dreaded SQL injection. What Is an SQL Injection Attack?An SQL injection attack is when a user injects SQL commands in to an unprotected SQL query. This can lead to a number of issues, including modifying rows you didn't intend for the user to modify, dropped tables, deleted rows, and access to possibly sensitive data. It is critical that you learn and understand how these attacks work. SQL injection attacks are arguably the most common way PHP websites get exploited. The importance can not be overstated. Initially, in code, the part where we build our query looks like this: <? $query = "SELECT secret_data FROM mytable WHERE string_col = '{$_GET['string_col']}' AND int_col = {$_GET['int_col']} AND user_id={$user_id}"; ?>
If I call: http://mysite.com/my_vulnerable_file.php?string_col=some_data%27+OR+1%3D1+--+&int_col=1 then: $_GET['string_col'] has a value of "some_data' OR 1=1 -- " $_GET['int_col'] has a value of "1" $user_id has a value of "1" (we set this in code, it is not a user supplied value) When the code gets to the point where it builds the query, it winds up looking something like this: SELECT secret_data FROM mytable WHERE string_col = 'some_data' OR 1=1 -- ' and int_col = 1 and user_id = 1
Notice the double dash. This is a mysql comment token, and it will cause everything after it to be ignored. To MySQL, the query now looks like this: SELECT secret_data FROM mytable WHERE string_col = 'some_data' OR 1=1
Which is clearly now ignoring our $user_id variable, and the int_col clause in favour of what the attacker has chosen. You can probably imagine how bad this could get if instead of a SELECT the query happens to be an UPDATE or DELETE. Depending on the database library, it may also allow multiple queries to be specified in the same string, meaning the innocent SELECT could also have an entirely new query piggy-backed on to it. How to Deal With Injection AttacksSo, we started off protecting our integer value, but what about the string value? Technically, a string could be any sequence of characters. If your program needs to allow them to be anything, we still have to protect our code. So how do we do this? As with many things, there are several ways to deal with this problem depending on what database library you're using. To start off, we'll look at the standard mysql library used in the previous examples. The best way to avoid injection attacks when dealing with the standard mysql library, is to escape your parameters. We can do this with mysql_real_escape_string(). For example: <?php // do some validation first! if (filter_var($_GET['int_col'], FILTER_VALIDATE_INT ) === false) { die('You must enter a valid integer!'); } $user_id = 1; $connection = mysql_connect('myserver.com', 'username', 'password'); // escape parameters after the database connection is open because it asks the database how to escape things $query = "SELECT secret_data FROM mytable WHERE string_col = '{$escaped_string_col}' AND int_col = {$escaped_int_col} AND user_id={$user_id}"; ?>
So what's happening here? Consider our previous example where the attacker was sending a malicious string. some_data' OR 1=1 -- now becomes some_data\' OR 1=1 -- See the subtle difference? The "\" character makes it so that the quote in the string is now harmless, and instead of closing the value prematurely it will just be a part of the string. This is just one of the many bad characters mysql_real_escape_string() will fix for you. Using Prepared Statements to Stop Injection AttacksWe've stopped the injection attack! Hurray! But what if there were an easier, better way to do all this? The good news is, there is! PHP comes with another database library to deal with MySQL. It is called PHP Data Objects or PDO for short. This library can use drivers for many different database types, and supports a very important feature known as prepared statements, sometimes also known as parametrized queries. So what do these prepared statements do? Well, quite a lot. They allow us to design our query ahead of time and to put placeholders in the areas where our user supplied data will go. Then when we ask the library to inject the values, it automatically escapes them for us. Consider this example: <?php // do some validation first! if (filter_var($_GET['int_col'], FILTER_VALIDATE_INT ) === false) { die('You must enter a valid integer!'); } $dsn = 'mysql:dbname=my_database;host=myserver.com'; $username = 'username'; $password = 'password'; $user_id = 1; // Set up PDO $pdo = new PDO($dsn, $username, $password); // Our parametrized query using placeholders. No need for quotes around values, it will do this for us. $query = "SELECT secret_data FROM mytable WHERE string_col = ? AND int_col = ? AND user_id = ?"; // our input values in order for the place holders. No need to escape, it will do it for us! $parameters = array($_GET['string_col'], $_GET['int_col'], $user_id); // Prepare the query $statement = $pdo->prepare($query); // execute the query with our parameters $statement->execute($parameters); // Get the first returned row $row = $statement->fetch(PDO::FETCH_ASSOC); ?>
Not only is this method much cleaner, but we can't forget to escape our parameters because PDO is kind enough to do it for us. Another advantage of prepared statements is that you can use the prepared statement over and over by simply replacing the parameters and executing it again. Many servers detect that you're doing this, and even make the query faster by performing server-side optimizations. Fuente/Source: http://wiki.hashphp.org/Validation
|
|
|
6
|
Programación / Programación C/C++ / [ESTRUCTURA DE DATOS] Listas doblemente ligadas [C++]
|
en: 29 Julio 2015, 20:50 pm
|
Buenas! Resulta que he estado estudiando en la universidad las estructuras de datos en C++, y me gustaría compartirles algunos códigos que he estado haciendo en este tiempo, son códigos más que nada de la escuela. He buscado información al respecto en internet, y la mayoria (por no decir todos) están hechos en C (los que he visto en español), utilizan estructuras con struct y no objetos en C++, así que sirve que alimentamos el internet y el foro . No les voy a mostrar teoría sobre el tema, eso se los dejo a su búsqueda. listas.h#include <iostream> using namespace std; #ifndef __LISTAS_H_INCLUDED__ #define __LISTAS_H_INCLUDED__ class Nodo{ private: int dato; Nodo *sig; Nodo *ant; public: Nodo(void) { sig = ant = NULL; } Nodo( int x , Nodo* s = NULL , Nodo* a = NULL ) { dato = x; sig = s; ant = a; } // SETTERS void setDato(int x) { dato = x; } void setAnt(Nodo *a) { ant = a; } void setSig(Nodo *s) { sig = s; } // GETTERS int getDato() { return dato;} Nodo *getAnt() { return ant; } Nodo *getSig() { return sig; } }; class Lista { private: Nodo *lista; // ancla public: Lista(void) { Inicializar(); } // CONSTRUCTOR // METODOS BASICOS Nodo *Primero() { return lista; } Nodo *Siguiente(Nodo *pos) { return pos->getSig(); } Nodo *Anterior(Nodo *pos) { return pos->getAnt(); } Nodo *Ultimo() { Nodo *aux = lista; if ( !Vacia() ) { while ( aux->getSig() ) { aux = aux->getSig(); } } return aux; } // METODOS DE LA LISTA void Inicializar() { lista = NULL; } bool Vacia() { return lista==NULL; } void Mostrar(); void Insertar(int x, Nodo* pos = NULL); }; void Lista::Insertar(int x, Nodo* pos) { Nodo* aux; Nodo* temp_n = new Nodo(x); if ( Vacia() ){ lista = temp_n; }else{ if ( pos == Primero() ){ aux = Primero(); aux->setAnt(temp_n); temp_n->setSig(aux); lista = temp_n; }else if ( pos == NULL ){ aux = Ultimo(); aux->setSig(temp_n); temp_n->setAnt(aux); }else{ aux = Primero(); while ( aux ){ if ( aux == pos ){ Anterior(aux)->setSig( temp_n ); temp_n->setAnt( Anterior(aux) ); temp_n->setSig( aux ); aux->setAnt( temp_n ); }else { aux = aux->getSig(); } } } } } void Lista::Mostrar() { Nodo* aux; Primero(); aux = lista; if ( !Vacia() ){ while ( aux ){ cout << aux ->getDato(); cout << "\n"; aux = aux ->getSig(); } } } #endif
main.cpp#include <iostream> #include "listas.h" using namespace std; int main(void) { Lista numeros; // Mi lista char opc; // Opcion del menu int n; // dato a insertar do{ cout << "\n \n LISTAS DOBLEMENTE LIGADAS: "; cout << "\n *- MENU -* "; cout << "\n 1. AGREGAR A LA LISTA . "; cout << "\n 2. MOSTRAR LOS DATOS . "; cout << "\n 3. SALIR . "; cout << "\n _> "; cin >> opc; switch(opc){ case '1': cout << "\n AGREGANDO DATOS A LA LISTA . "; cout << "\n INGRESE EL VALOR NUMERICO . "; cout << "\n _> "; cin >> n; numeros.Insertar(n); cout << " --> < Guardado correctamente > " << endl; break; case '2': if(numeros.Vacia()) { cout << "\n < No hay registros!. > "; break; } cout << "\n \n DATOS GUARDADOS EN LA LISTA: \n "; numeros.Mostrar(); break; case '3': cout << " - < Saliendo!...... >" << endl; break; default: cout << " - < Opcion incorrecta!, intente de nuevo. >" << endl; break; } }while(opc!='3'); cin.ignore(); return 0; }
Espero que les sea de utilidad, y son bienvenidas sus criticas y/o comentarios 8) Zalu2!
Buenas! Hace poco cree un tema sobre un en C++, pues quería compartirles otro código que no lo hice para la escuela y por lo tanto me dió más tiempo de currarmelo más y agregarle más métodos .
#include <iostream> using namespace std; #define ASCENDENTE 1 #define DESCENDENTE 0 class nodo { private: int valor; nodo *siguiente; nodo *anterior; friend class lista; public: nodo(int v, nodo *sig = NULL, nodo *ant = NULL) // CONSTRUCTOR { valor = v; siguiente = sig; anterior = ant; } // SETTERS void setAnterior(nodo *ant) { anterior = ant; } void setSiguiente(nodo *sig) { siguiente = sig; } // GETTERS int getValor() { return valor; } nodo *getSiguiente() { return siguiente; } nodo *getAnterior() { return anterior; } }; class lista { private: nodo *plista; // ANCLA public: lista(){ plista = NULL; } // CONSTRUCTOR ~lista(); // DESTRUCTOR // METODOS DE LA LISTA void Insertar(int v); void Borrar(int v); bool ListaVacia() { return plista == NULL; } void Mostrar(int); // METODOS DE POSICION void Siguiente() { if(plista) plista = plista->getSiguiente(); } void Anterior() { if(plista) plista = plista->getAnterior(); } void Primero() { while(plista && plista->getAnterior()) plista = plista->getAnterior(); } void Ultimo() { while(plista && plista->getSiguiente()) plista = plista->getSiguiente(); } int ValorActual() { return plista->valor; } }; lista::~lista() // VACIAMOS LA LISTA { nodo *aux; Primero(); while(plista) { aux = plista; plista = plista->getSiguiente(); delete aux; } } void lista::Insertar(int v) { nodo *nuevo; Primero(); // Si la lista está vacía if(ListaVacia() || plista->getValor() > v) { nuevo = new nodo(v, plista); if(!plista) plista = nuevo; else plista->setAnterior(nuevo); } else { while(plista->getSiguiente() && plista->getSiguiente()->getValor() <= v) Siguiente(); // Creamos un nuevo nodo después del nodo actual nuevo = new nodo(v, plista->getSiguiente(), plista); plista->setSiguiente(nuevo); if(nuevo->getSiguiente()) nuevo->getSiguiente()->setAnterior(nuevo); } } void lista::Borrar(int v) { nodo *nodo; nodo = plista; while(nodo && nodo->getValor() < v) nodo = nodo->getSiguiente(); while(nodo && nodo->getValor() > v) nodo = nodo->getAnterior(); if(!nodo || nodo->getValor() != v) return; // Borrar el nodo if(nodo->getAnterior()) // no es el primer elemento nodo->getAnterior()->setSiguiente(nodo->getSiguiente()); if(nodo->getSiguiente()) // no el el último nodo nodo->getSiguiente()->setAnterior(nodo->getAnterior()); delete nodo; } void lista::Mostrar(int orden) { nodo *nodo; if(orden == ASCENDENTE) { Primero(); nodo = plista; while(nodo) { cout << nodo->getValor() << "-> "; nodo = nodo->getSiguiente(); } } else { Ultimo(); nodo = plista; while(nodo) { cout << nodo->getValor() << "-> "; nodo = nodo->getAnterior(); } } cout << endl; } int main(void) { lista Lista; Lista.Insertar(20); Lista.Insertar(10); Lista.Insertar(40); Lista.Insertar(30); Lista.Mostrar(ASCENDENTE); Lista.Mostrar(DESCENDENTE); Lista.Primero(); cout << "Primero: " << Lista.ValorActual() << endl; Lista.Ultimo(); cout << "Ultimo: " << Lista.ValorActual() << endl; Lista.Borrar(10); Lista.Borrar(15); Lista.Borrar(45); Lista.Borrar(40); Lista.Mostrar(ASCENDENTE); Lista.Mostrar(DESCENDENTE); return 0; }
Espero que les guste y les sirva, cualquier duda y/o comentario me lo hacen saber . Zalu2!
|
|
|
7
|
Programación / Programación C/C++ / [ESTRUCTURA DE DATOS] Árbol binario [C++]
|
en: 29 Julio 2015, 20:48 pm
|
Buenas!. Otro tema muy importante en la estructura de datos son el manejo de árboles binarios, les comparto un ejemplo que hice para la escuela del tema, está hecho para un sistema de vuelos, por lo tanto uso la clase Pasajeros , pero ustedes pueden usar el tipo de dato que quieran almacenar en el árbol. #include <iostream> using namespace std; #include "Pasajero.h" #ifndef __arbolbinario_H_INCLUDED__ #define __arbolbinario_H_INCLUDED__ class Nodo { private: Pasajero *dato; Nodo *izq; //enlace izquierdo Nodo *der; //enlace derecho public: Nodo(Pasajero *info); // CONSTRUCTOR ~Nodo(); // DESTRUCTOR // METODOS GET Pasajero *getPasajero() { return dato;} Nodo *getIzq() { return izq;} Nodo *getDer() { return der;} // METODOS SET void setIzq(Nodo *i) { izq = i;} void setDer(Nodo *d) { der = d;} }; Nodo::Nodo(Pasajero *info) { dato = info; izq = NULL; der = NULL; } Nodo::~Nodo() { } class ArbolBinario { private: Nodo *raiz; Nodo *Insertar(Nodo*,Pasajero*); Nodo *Borrar(Nodo*, Pasajero*); void preOrden(Nodo*); void inOrden(Nodo*); void postOrden(Nodo*); public: ArbolBinario(); Nodo *getRaiz() { return raiz;} // testing method void Crear(Pasajero*); void Recorridos(int); void Eliminar(int); Pasajero *Buscar(string, Nodo*); ~ArbolBinario(); }; ArbolBinario::ArbolBinario(){ raiz = NULL; } Nodo* ArbolBinario::Insertar(Nodo *p, Pasajero *q){ if(p == NULL){ p = new Nodo(q); } else{ string a = p -> getPasajero()-> getApellido(); // Primera letra del apellido que esta en la raiz if(q->getApellido()[0] <= a[0]) { p->setIzq( Insertar(p->getIzq(),q) ); } else{ p->setDer( Insertar(p->getDer(),q) ); } } return p; } void ArbolBinario::Crear(Pasajero *q) { raiz = Insertar(raiz,q); } void ArbolBinario::preOrden(Nodo *p){ if(p != NULL){ cout << "\n " << p->getPasajero()->getApellido(); preOrden(p->getIzq()); preOrden(p->getDer()); } } void ArbolBinario::inOrden(Nodo *p){ if(p != NULL){ inOrden(p->getIzq()); cout << "\n " << p->getPasajero()->getApellido(); inOrden(p->getDer()); } } void ArbolBinario::postOrden(Nodo *p){ if(p != NULL){ cout << " \n " << p->getPasajero()->getApellido(); postOrden(p->getIzq()); postOrden(p->getDer()); } } void ArbolBinario::Recorridos(int tipo){ switch(tipo){ case 1: preOrden(raiz); break; case 2: inOrden(raiz); break; case 3: postOrden(raiz); break; default: cout << " - Error! opcion invalida!. -" << endl; break; } }
Espero que les sea de utilidad!. Para más información véase -> Árbol binario de búsqueda Zalu2!
|
|
|
8
|
Programación / Programación C/C++ / [Métodos de ordenamiento] QuickSort [C++]
|
en: 29 Julio 2015, 20:47 pm
|
Buenas!. El método de ordenamiento quicksort es un método muy eficaz a la hora de ordenar datos, les comparto un código que implemente en un proyecto escolar, está basado para ordenar fechas de salida de vuelos, pero ustedes pueden implementarlo para ordenar cualquier otro tipo de dato. void QuickSortF( N_Vuelo** arr, int izq, int der ){ int g, h, medio; N_Vuelo *pivote, *aux; medio = ( izq + der )/2; pivote = arr[medio]; g = izq; h = der; while( g <= h ){ while ( arr[g]->getDato()->getFS(1) < pivote->getDato()->getFS(1) ) { g++; } while ( pivote->getDato()->getFS(1) < arr[h]->getDato()->getFS(1) ) { h--; } if( g <= h ){ aux = arr[g]; arr[g] = arr[h]; arr[h] = aux; g++; h--; } } if ( izq < h ) { QuickSortF(arr, izq, h); } if ( g < der ) { QuickSortF(arr, g, der); } }
En los condicionales if iría la condición de ordenamiento de el tipo de dato que quieras implementar, cualquier duda y/o comentario hazmelo saber!. Zalu2
|
|
|
9
|
Programación / PHP / Conversor de textos By 2Fac3R v4.0
|
en: 29 Julio 2015, 20:46 pm
|
Buenas! He estado dandole vueltas a mis códigos (más que nada para no oxidarme) y creo que se pueden seguir mejorando los códigos, lo comparto con ustedes por si a alguien le es de utilidad. <title> Conversor de textos By 2Fac3R v4.0</title> <form action="" method="POST"> <select name="convertir"> <option value="bin2hex"> BinToHex </option> <option value="encode"> Encode </option> <option value="decode"> Decode </option> <option value="gzinflate"> gzinflate </option> <option value="utf-7"> Encode UTF-7</option> <option value="ASCII"> ASCII </option> <option value="MD5"> MD5 </option> <option value="SHA1"> SHA1 </option> <option value="Base64_encode"> Base64 encode</option> <option value="Base64_decode"> Base64 decode</option> <option value="bindec"> Binario To Decimal</option> <option value="mcrypt">mcrypt</option> </select> <input type="text" name="str"> <input type="submit" name="enviado" value="Convertir!"> </form> <?php /* * Conversor de textos * .- Underc0de.org -. * v4.0 2015 * Autor: 2Fac3R * * Gr33tz to: * * xt3mp, arcangel_nigth, EddyW, ANTRAX, 11Sep, Kr34t0r, GAMARRA, SkippyCreammy, v1c0_h4ck, w4rning, Snifer, * arthusu, Kodeinfect, [Q]3rV[0], WilyXem, m3x1c0h4ck, etc, etc... * * */ function convertir($a, $string){ // a : eleccion, string:texto switch($a){ case 'bin2hex': break; case 'encode': break; case 'gzinflate': case 'decode': break; case 'utf-7': break; case 'ASCII': for($i=0;$i<strlen($string);$i++){ $ascii=$obt.','; } $res = $ascii; break; case 'MD5': break; case 'SHA1': break; case 'Base64_encode': break; case 'Base64_decode': break; case 'bindec': break; case 'mcrypt': break; default: die("Ha habido un error <a href=''> Regresar! </a>"); break; } return $res; } if(!empty($_POST['enviado']) && isset($_POST['str'])) { echo '<b>Original:</b> '.htmlentities($_POST['str']).' </br></br>'; echo '<textarea rows=4 cols=50>' .convertir($_POST['convertir'],$_POST['str']).'</textarea>'; } ?>
Comentarios, criticas, consejos son bienvenidos. Zalu2!
|
|
|
10
|
Programación / PHP / [Tool] Convertidor de textos By 2Fac3R v2.0
|
en: 14 Marzo 2012, 04:40 am
|
Bueno, pues he hecho una segunda version de esta tool, la cual me ha servido en bastantes cosas que he hido haciendo y decido compartirla. La version 1 la pueden encontrar en este misma web/foro. <title> Conversor de string By 2Fac3R v2.0 </title> <?php /* Conversor de string By 2Fac3R v2.0 http://breaksecurity.blogspot.com/ */ $string = $_POST['str']; $conv = $_POST['convertir']; function res($func){ global $string; echo "Resultado: <br> <textarea cols='80' rows='5'>".$func."</textarea><br>"; echo "<a href=''> Regresar! </a>"; } switch($conv){ case 'bin2hex': break; case 'encode': break; case 'decode': break; case 'utf-7': break; case 'ASCII': echo "Resultado: <br><textarea>"; for($i=0;$i<strlen($string);$i++){ $ascii=$obt.','; echo $ascii; } echo "</textarea><br> Normal: <b>".htmlentities($string)."</b><br><a href=''> Regresar! </a>"; break; case 'MD5': break; case 'SHA1': break; case 'Base64_encode': break; case 'Base64_decode': break; case 'bindec': break; default: die("Ha habido un error <a href=''> Regresar! </a>"); break; } }else{ if(isset($_POST['send'])){?> <script>alert("Campo de texto vacio");</script> <noscript>Campo de texto vacio <br> <font color="RED"> Activa el javascript para una mejor visualizacion </font></noscript> <?}?> <!-- Conversor de string By 2Fac3R v2.0 --> <form action="" method="POST"> <select name="convertir"> <option value="bin2hex"> BinToHex </option> <option value="encode"> Encode </option> <option value="decode"> Decode </option> <option value="utf-7"> Encode UTF-7</option> <option value="ASCII"> ASCII </option> <option value="MD5"> MD5 </option> <option value="SHA1"> SHA1 </option> <option value="Base64_encode"> Base64 encode</option> <option value="Base64_decode"> Base64 decode</option> <option value="bindec"> Binario To Decimal</option> </select> <input type="text" name="str"> <input type="submit" name="send" value="Convertir!"> </form> <?}?>
Espero les sirva, cualquier bug, comentario y/o critica son bienvenidos Zalu2
|
|
|
|
|
|
|