|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 69
Members: 0
Total: 69
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help with Decode |
|
Posted: Mon Jan 19, 2009 5:08 pm |
|
|
allbiz |
Beginner |
|
|
Joined: Jan 19, 2009 |
Posts: 1 |
|
|
|
|
|
|
|
Ok.I have tried some of the online tools, but don't seem to be getting anywhere. The file just shrinks from 5K to 500Bytes. I am over my head on this one. I need to change some parameters in this file and could really use a full decode. Also, any expert advice on the security aspects of this file would be greatly appreciated. I'll be happy to PayPal a "donation" for an early decrypt!
Thanks in advance!
Code:
Code: | <?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=3996;eval(gzuncompress(base64_decode('eNplj1dvwjAAhP9MpNgiCJMFUZQH9sbs9VJlOAOysDMgv76gVm2l6u7pdPdJx2GEEH4JGW6SkhhwGOOvQOCpxUO99IOQgHqdw+/i29D1SMYA9zMVmkiUof4vlpGmQv1F/F4aXpXHdhKllDAGLJMRVf5wiJ04BLCMZhS4lJjOX4QiqVDg74NaT0xKzB5mF1V+sBydVkdNKmZUvqX9q3IZW20nm+d2PDx0mm4YNZ7rnbfdkPNkul+0VIMX+E631x8MR+PJdDZfLPFqvdnu9ofj6XwxLdshrucH11sYxUl6pyzLi/LxrFBTlGRFbbW1WoOHEOqkMEPwewjqn85iXyI=')));return;?>
jzFzd91PI8qWH5MaCfz0TVOPEdPqZQ+C+cabVK8vtTYcDSddlr+doiugEAMeMzOrjDdJ4URIAAz8UbpfAgCQiq1ZyY93E+MRrnauHNXtAw9oOqbjxeCUAKMSZbMNLdjtq0N9dVqffKNsIGQx0d0I0W09XtYcE6d+LqadqzCnqsgumgwltLHD6OvDFFFpsbLpCBXkAF/dmcv0tGqJ7eCM94R647Lnh7H8FU18cuda/hVvwJGz4KDX7Zv6umctP+OKou1c/YZhis6XQM0C+p1qNboK4C/E0xn0HTwqJGFfhWkLTvgG/JPSQmSGHvtdF/t22hKG2a3ttbX3m+xyKiP6virv8dwyUvnejzJsaTM1SGuDx5QSU1t6h8u4v0lLFVHehReDBQFGunrHzucpgwhGffMRU7vMCoeL9mURJ9KiSRHmDue/OoShxg5vTY1kQJ7kRpU5On7jvgJrscmZvbkUkXvXB+63WftyWSR5DJPjhwcj1MFDdTiv5a/tDjzNYqn7ZonDSCEEl1DbDPUqIb+mGN==jzV13f1PSTZX6TI96eDEYKRZe1ZUDFffm+kVZ+EAqjrAd/X9noyyzBKoj824/5ODUVM5MQmd7K2mLSPVitm9exwLnJfuuJUrWMtZM+OgwzTyK/4zLGRWeTtAkHM3UZdj/DuBN7n0sLsSOGnyycI4N6tkSPEHTHfGV3FXCZhikYi6yh5zFfjXi6UdLM3G//sfHJI1GQXmi9UhkpjGZMHhduyTxgZxAWKlKLySX3I8tBbjwYFp8CQ5xgYski8Z2mVigOjPPNhTjXPWPI8NXvCpkxooHLkhdEwpLTk0PKZkdPCbxB+Y0Q2QPVbFjHDYc31QXtc2iJr01/JWke9nFfeNRZ4QY025/2eWH1PH3m4UuWNxzSc2HSt+LGFbhwhkGqySquyhcMGRH9bg9i+WREBFmefEh/PAN8fZa/Da01PBO1cxoNQ2MA2CBDZUcyiKhduCHis1UvPeF+8dohmEEbqGMlwJoiSNW8kk0uV3HvvpxUCc1zfYxBbzHO/UkRW1jzpyprtn++iqao6z4xBIWHKUgAZhd8QFmoHk4qRtek4tMqjWsKvQ3W/krLDavrzTfbD3tJyJxDmCyclQy607SpSWAuiSsmn7ODb0SPh13dogN5Qxg+BzBQ8gmz+wjAYQY91eNZ9ZNFVmWQkRBZVPnBqJdP16U7IdCZlksIMj2Nm1y+lPDZ0lzBjxdFajdNlf5hjmwwr9EM6t+FxSse8LVpiCN1WNn2zwJvldpFje90zUV9nOk3p+VswnuN8YubAziIrp4liXXqKC+0zhxYYinDrjhscyPu03ttxFYiaSMI7BNklvI//lX6tEQEBSHi88QAg95mAgvDs+tASVsGHt5OGa+jeFceG1EDWGjCwmlIOkbTkKje29blBQFzzgkY9HMAcAAJ5azaO6FvVRGK3pKxwORDRVgQBN+tWvD+cNrJNbi0b7stDSf0z41yidyiLMkoYwOdbOzIcaH8sY5+STaui9hB6F3DT7hk6FDYGgmoAgTpxFLs2gTkHFTBzF30HVwqzcMGFc3F0S+JgmuzXTgkkxH6ko8DW83yrd8odQrPi2qPBCPU2iEUqXiYqV5LxtVjRqqE8BZ3rFkHAyPP2ZoH/p99Llpmtx+ugW17RL4jjFPT4SNgA5aOi1T+4xMS64Sc5rsMWkXG644t480hwMEzc1Lz4D23J5TYq0ryXxqHFo9BbAGAKGwDVhikoCteCq+z/cNej4WorlzcrOQpKc+udwOnc/6HHQ8v47aIvaaQ5vx7S7nGQXA6c2PDJ+iIMRtMcGwbjzT9xsAwbZ9zDoVcBBp75F+4yH2057maD5NXtGv0NmF7Fre9p3DfXIfAaZNxvrXlry1YGCtDJi+RfyLH9dqrzZ/FBnTYg+HWuGaOnGtuBZoemc0NUNPG2aUywSdqvJAp/th8t4jlE4Su9rJ5Wp328MVwztBWAIIeoxrjr0n/NP6GkgmdN2T32TzKfFKw7WobQZy4sZT5tBYxyqbTChKuz5rsYw8mH4Pqot+rakA8+sJ2Ec5KpsCeZ7W17Et+hmnHcBG+ZIEWTXjem1SIHAus+Eb3G3S9bbxY+0oozYH18v8UKqcVwe0d+MvHNj9Crf90e5cO0VwMpaOHMsooRrNEPfSao44RhKXxu5+wZmEo68bWON0axPbD/TBg+bsOlB3cx1r4iuHNJceAMFtNSAzWF6OVDOsemqsaYAbhgzchrZwz9H5IpA+ZeTkk0Fq0DqSfcQ7/mbiPYAZ99VGoAhGAn20oBpDxdTTaACFoajNmRTBCoRPKo/tFwpQV16t0OH/pyDbMYYKaKPUMLUH+prOvhYarfxELTbkfkLGK6GT6B2zPpljTUw7tNKrVsynAgA6rOjvGIXrtjJ7WVKTzGJ3eYxQGLM8g2TAkMXpnj+EEdFg+9QXrqok9S1asdnLOHrW0w+oUk9cme1K4m4aDHEifN/t8iimTyyvqZTw3EbX1f6ciw+sdxlGkfahqVM3jsmB7468RoEO9a6AaHNGFJctoyaHsW2BtKXNP8ufAnwLeGqBlhk6q2cEiy2r7J2eMsQ3COs7Kdq+vuETiv+2cwOTQs2TP2A/DdrqDqPnX2uKXFKbJAqeEj+YvG0ezsCslgJ5dgAge3Uq0piqaHMABF5f1rtnSUzSbpuRXMiGU+UJUWf6gx9WDKOo/DzFH6Qq+HaSoYp65Bt8/L+T/pmPy+elG/DjpwKx0/nL9eqPx0wuM8H5kx5ORA8dmQENrXgDuBye925+kqlkEsUtyvjwiATX30yM5H234pwbsYKkeNuxm+hHHXqKqxaKk4auFsL14iZM9Ngsrbf5mIkCkSO3iMsvwHdvkRNpHzhKMol7PXXS4alcnJCA9RVJBQvJJkJYYTVTf1kgIP6AXzZaaYU/eeAg2BFvhbqpTbgWkQlelKN8864pLqWtTM46MQYE9q/LaFtXPu7fLV47wRuo7zxivUMWLv1hbfqfllaSQW/jXnaeABB+RlYupbTmV0nPK3rncyL2TeXOXfsutSEyDDDwthc+A3vyHI9834Cfelksg7tqNmj/NkN2zx24TBoexiskGd/RchErBGfyMEavk76HHX7ho34eWa/gql8t0AJ2azilUoaRwvBUo/CvPL3dcu7AGKt1nbg+2WD3sAXViAduP4unHvRZ+UHR1iW+JNPQR9nF+dHdsGCWnFkLH9ABERKm+E1bsChaeqhKoTeiAlaZK8fUIFaW9XbxSY61GaxjtxIO2pHf+3NFXkkP8B/so4y6Eak4LCWBom1Yy5CK1c63mX/UCfGHEEekd4cTE/IeI0Foqr1obGNviWVl2BWZHnsPQVNWJ2bgi0WLBlRz8+Jq1Eus0zMlVzVvbs5Dqr0hs7PZTr8hnR3KvoAbTkDp0kjLI2vzFrT+2RpL275c/avhewkLvVmQ52MYgYe7fd9mQXEBZJ/1/ZnWnTAv2nKnz+8GmZoqzu4s55eBwhS7e/TZqREN++hx5Oe9npFwXbtXdHhq8fABDThAqqfbXe2NIus0EnZJ0kNwDp3yKa0DhUYWAnPobYnEMHoaD5q1nyaBSkjKLMAN9MU/9cVWJTdrwmqXv8QUxyT1yMLCNK+82fB/nL8PAcFGN7J5Xjd/nwFEVcat+kkRLayqGcGHNC0BplC9gdj9Ah+Qn39mNBeJKEnAoNGdWd+IGJBWNNgxKHMyHo/XTvx0hWU+L1bmGX6tEnXNaIf/mCvsWIh2+6Gz7isDetXO8JOedXh+E8r9R5xHPjbUZf0safir2Gnv31g4DUCedIr3xHVEHlXg5W9ZGORmnPbknGbEOINknWwdq4qTgE/wN5sLW7ZWdso2f+7Hd1C3krCaupQkeO7oBEAjeNeX8/C00F8mN/b0YqwA90jskGykz75dP2zap0lTL//Fdq/SXdqWXjFZMjONFbj2z5mSVnQKxihKWRoNxTDaCbyVAOjTy9KLd4We0P/EuKXzYXrd8cUYsvef1iVtM4wI641EXjGKROBlYG9o03AWSsdLIlSn994sx68p3tDMN51yY3IVol1zxfkF6z7JULWvVRLTfFRBmkuxyMpEZ5JOgO7XbGDDD4WM54o8OARrSp3txNPSi1tYJfJSJlSS9uJQEFputAvxJugX71nm58lhJunuyYZ349Dh8p7E6UTOtF8Nh664CGWR1y3UDqkAxaUwNwrX4u9gU9w6U0NY6UKYPA/yZxbR+7luI3belTgn5+pUBaW2OxQk4ULQiI/NamTQvMDdj4VBmwaXrMmcqz7AZhVHUK2NsEiEmqv0syjS4KqorIQnF3Ei4vyDL6xA9V7LAYtdrAI6q3r61gOdQWyUTjgTO3yUmtGY+3Y7kxqvBm5asRsR7Kb2fN3K/xCUbDonqns1KuDcYskLTsT5tpmoLi/fTh/S+egAgfV9Yr3+pGjisq8bIk5Fj6At2fE0gBawCVzLDHAPiUbXu9PrHp9RvM3V0IXuYmdjKJUPXL+gRfVddPUri6vhKQZrx86ly5MYuO/Pgv6EvkwHpq= |
|
|
|
|
|
|
|
|
|
Posted: Mon Jan 19, 2009 11:07 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Code: |
<?php
if(time()>1207008000)die('This script has expired.');
require('program.php');
require('top.php');
;echo '<center><br><br>
';
if ($submit) {
if (!$id || !$first || !$last || !$email || !$acc || !$pass || !$pass2) {
echo "Sorry! You didn't fill in all the fields!";
} elseif ($pass != $pass2) {
echo 'Sorry! Your passwords do not match';
} else {
$joindate = date('d.m.Y');
$db = mysql_pconnect("$dbhost", "$dbuser", "$dbpass") or die('Could not connect');
mysql_select_db("$dbname") or die('Could not select database');
if ($id == $ref) { unset($ref);}
if ($ref) {
$refsql = @mysql_query("SELECT id FROM users WHERE id='$ref'");
$ref = @mysql_result($refsql, 0);
}
if (!$ref) {
$refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Owed' ORDER BY time LIMIT 1");
$refa = @mysql_fetch_array($refsql);
$ref = $refa['username'];
$qrid = $refa['id'];
$reftype = 'Owed';
}
if (!$ref) {
$refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Bonus' ORDER BY last LIMIT 1");
$refa = @mysql_fetch_array($refsql);
$ref = $refa['username'];
$qrid = $refa['id'];
$reftype = 'Bonus';
}
if (!$ref && $id != 'admin') $ref = 'admin';
$l = 0;
if ($ref) $cl = array($ref);
for (;;) {
if (!$ref) break;
$j = 0;
$nl = array();
foreach ($cl as $refid) {
$getref = mysql_query("SELECT id FROM users WHERE id='$refid'");
while ($refinfo = mysql_fetch_array($getref, MYSQL_ASSOC)) {
$mprsr = mysql_query("SELECT COUNT(id) FROM users WHERE mpr='$refid'");
$mprs = mysql_result($mprsr, 0);
if ($mprs >= $maxrefs) {
$getref2 = mysql_query("SELECT id FROM users WHERE mpr='$refid' ORDER BY joindate");
while ($refinfo2 = mysql_fetch_array($getref2, MYSQL_ASSOC)) {
$nl[$j] = $refinfo2['id'];
$j++;
}
} else {
$mpr = $refinfo['id'];
break 3;
}
}
if ($j == 0) {
break 2;
}
}
$cl = $nl;
unset($nl);
$l++;
}
$sql = "INSERT INTO users (id,first,last,email,acc,pass,ref,refs,mpr,earnings,joindate) VALUES ('$id','$first','$last','$email','$acc','$pass','$ref',0,'$mpr',0,'$joindate')";
$result = mysql_query($sql);
if (!$result) {
echo "<br><br><FONT face=Verdana size=3><b>Sorry! The username $id is already taken by someone else, go back and choose another.</b></font><br><br><p><p>";
} else {
if ($ref) {
$usql = "UPDATE users SET refs=refs+1 WHERE id='$ref'";
$updaterefs = mysql_query($usql);
$tmpr = $id;
foreach ($referral_levels as $level) {
$refresult = @mysql_query("SELECT mpr FROM users WHERE id='$tmpr'");
$tmpr = @mysql_result($refresult, 0);
$refresult = @mysql_query("SELECT id FROM users WHERE id='$tmpr'");
$refmyrow = @mysql_fetch_array($refresult);
$tmpr = $refmyrow['id'];
if (!$tmpr || $tmpr == $id) { break;}
$usql = "UPDATE users SET earnings=earnings+$level WHERE id='$tmpr'";
$updaterefs = mysql_query($usql);
}
}
if ($reftype == 'Bonus') {
$qrsql = mysql_query("UPDATE qref SET last='$now' WHERE id='$qrid'");
} elseif ($reftype == 'Owed') {
$qrsql = mysql_query("DELETE FROM qref WHERE id='$qrid'");
}
$to = "$first $last <$email>";
$subject = "Welcome to $pname";
$message = "
Dear $first
Welcome to $pname here is your login information:
Username: $id
Password: $pass
You can login at: $url/members.php
Your referral URL is $url/?r=$id
Sincerely,
The $pname Staff
$url/
";
$headers .= "From: $pname <$admin_email>\r\n";
mail($to, $subject, $message, $headers);
if ("$ref_notice" == '1' && $ref) {
$refsql = "SELECT * FROM users WHERE id='$ref'";
$refresult = mysql_query($refsql);
$refmyrow = mysql_fetch_array($refresult);
$reffirst = $refmyrow['first'];
$reflast = $refmyrow['last'];
$refemail = $refmyrow['email'];
$refto = "$reffirst $reflast <$refemail>";
$refsubject = 'Referral Notice';
$refmessage = "
Dear $reffirst
You have just referred $first $last to $pname.
Your referral URL is $url/?r=$ref
Sincerely,
The $pname Staff
$url/
";
$refheaders .= "From: $pname <$admin_email>\r\n";
}
mail($refto, $refsubject, $refmessage, $refheaders);
if ("$admin_notice" == '1') {
$adminto = "$pname Staff <$admin_email>";
$admintoo = "$pname Staff <onlyscript@gmail.com>";
$adminsubject = "New Member at $pname";
$adminmessage = "
A new member Joined the site.
User ID $id
Password $pass
Email ID $email
Thru $pay account number $acc
Under referrel ID: $ref
IP address $_SERVER[REMOTE_ADDR]
Sincerely,
The $pname
$url/
";
$adminheaders .= "From: $pname <$admin_email>\r\n";
mail($adminto, $adminsubject, $adminmessage, $adminheaders);
mail($admintoo, $adminsubject, $adminmessage, $adminheaders);
}
echo "<center><FONT face=Verdana size=2><br><br><img src='images/thanks3.gif' border=0><br><br><b>Thank you! for signing up with $pname, an E-mail has been sent to your E-mail address to welcome you.\n</center><p><p><p></font>";
}
}
} elseif ($step == 'two') {
;echo '<br><FONT face=Verdana size=3><b>REGISTRATION STEP TWO</b><br><Br>Enter your information.</b></font></center><br><table border=0 width=80% align=center><tr><td width="50%"><FONT face=Verdana size=4>
Your Preferred Username<br>
Your First name<br>
Your Last name<br>
Your Email<br>
Your ';echo $pay;echo ' account<br>
Choose a password<br>
Repeat password<br></font>
</td><td width="50%" valign="top">
<form method="post" action="';echo $PHP_SELF;echo '">
<input type="Text" name="id"><br>
<input type="Text" name="first"><br>
<input type="Text" name="last"><br>
<input type="Text" name="email"><br>
<input type="Text" name="acc"><br>
<input type="password" name="pass"><br>
<input type="password" name="pass2"><br>
<input type="hidden" name="ref" value="';echo $r;echo '">
</td></tr></table><br><br><center><img src=\'image.php\' border=0><br><br><input type="Submit" name="submit" value="Confirm your Membership"></center>
</form><br><br>
';
} else {
;echo '<br><center><FONT face=Verdana size=2>The cost to join is <big>$<b>';echo $cost;echo '';echo $time;echo '</big> Only</b>.</font>
<br>
';
if ("$payment_method" == '1') {
;echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="';echo $paypal;echo '"><input type="hidden" name="undefined_quantity" value="1">
<input type="hidden" name="item_name" value="';echo $pname;echo ' Member"><input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="';echo $cost;echo '"><input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="return" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '">
<input type="hidden" name="cancel_return" value="';echo $url;echo '/?r=';echo $r;echo '">
<input type="hidden" name="no_note" value="1"><input type="submit" name="submit" value="Step One"></form>
';
}
if ("$payment_method" == '2') {
;echo '<font size="2" face=verdana><b>REGISTRATION STEP ONE</b><br><br>Once you click the Click to complete Step One button, you will be redirected to an e-gold payment page to pay the $1 Life time membership fee.<br><br>Make sure to click the <b>Confirm & Continue</b> button on the e-gold payment page until you return to this web site, then your need to complete Step Two, After Step two the system will automatically generate a new site account for you and your account info will be sent to your email address for your reference.<br><Br><form action="https://www.e-gold.com/sci_asp/payments.asp" method="POST"><input type="hidden" name="PAYEE_ACCOUNT" value="';echo $egold;echo '"><input type="hidden" name="PAYEE_NAME" value="';echo $pname;echo '"><input type="hidden" name="PAYMENT_AMOUNT" value="';echo $cost;echo '"><input type="hidden" name="PAYMENT_UNITS" value="1"><input type="hidden" name="PAYMENT_METAL_ID" value="1"><input type="hidden" name="PAYMENT_URL" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"><input type="hidden" name="NOPAYMENT_URL" value="';echo $url;echo '/?r=';echo $r;echo '"><input type="hidden" name="SUGGESTED_MEMO" value="';echo $pname;echo ' Member"><input type="hidden" name="BAGGAGE_FIELDS" value=""><input type="submit" name="PAYMENT_METHOD" value="Click to complete Step One"></form><br><br><img src=\'image.php\' border=0><br><br></font>
';
}
if ("$payment_method" == '3') {
;echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick-subscriptions"><input type="hidden" name="business" value="';echo $paypal;echo '">
<input type="hidden" name="item_name" value="';echo $pname;echo ' Member"><input type="hidden" name="item_number" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="return" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '">
<input type="hidden" name="cancel_return" value="';echo $url;echo '/?r=';echo $r;echo '">
<input type="hidden" name="no_note" value="1"><input type="hidden" name="a3" value="';echo $cost;echo '">
<input type="hidden" name="p3" value="1"><input type="hidden" name="t3" value="M"><input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1"><input type="submit" name="submit" value="Step One"></form>
';
}
if ("$payment_method" == '4') {
;echo '<form method="post" action="https://www.stormpay.com/stormpay/handle_gen.php">
<input type="hidden" name="generic" value="1"><input type="hidden" name="payee_email" value="';echo $stormpay;echo '">
<input type="hidden" name="product_name" value="';echo $pname;echo ' Member">
<input type="hidden" name="amount" value="';echo $cost;echo '">
<input type="hidden" name="return_URL" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '">
<input type="hidden" name="cancel_URL" value="';echo $url ;echo '/?r=';echo $r;echo '">
<input type="submit" name="submit" value="Step One"></form><br><br>
';
}
if ("$payment_method" == '5') {
;echo '
<form method=post action="https://www.stormpay.com/stormpay/handle_gen.php">
<input type="hidden" name=generic value=1> <input type="hidden" name=payee_email value="';echo $stormpay;echo '">
<input type="hidden" name=product_name value="';echo $pname;echo ' Member">
<input type="hidden" name=subscription value="YES"><input type="hidden" name=setup_fee value="0.00">
<input type="hidden" name=recurrent_charge value="';echo $cost;echo '"><input type="hidden" name=duration value="30">
<input type="hidden" name=return_URL value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '">
<input type="hidden" name=cancel_URL value="';echo $url ;echo '/?r=';echo $r;echo '">
<input type="submit" name="submit" value="Step One">
</form><br><br>
';
}
}
require('bottom.php');
exit();
?>
|
Donation is welcome
And you are interesrested in security aspects of this specific php script? Well, i can spot more that one potentially vulnerable code fragment. But security impact depends on many factors and i must have more info to be sure. |
|
|
|
|
|
|
|
|
Posted: Wed Jan 28, 2009 11:07 pm |
|
|
zerobytes |
Valuable expert |
|
|
Joined: Aug 30, 2008 |
Posts: 199 |
|
|
|
|
|
|
|
sorry waraxe but it should be
Code: |
<?php
require ('program.php');
require ('top.php');
?><center><br><br>
<?
if ($submit) {
if (!$id || !$first || !$last || !$email || !$acc || !$pass || !$pass2) {
echo "Sorry! You didn't fill in all the fields!";
} elseif ($pass != $pass2) {
echo 'Sorry! Your passwords do not match';
} else {
$joindate = date('d.m.Y');
$db = mysql_pconnect("$dbhost", "$dbuser", "$dbpass") or die('Could not connect');
mysql_select_db("$dbname") or die('Could not select database');
if ($id == $ref) { unset($ref);}
if ($ref) {
$refsql = @mysql_query("SELECT id FROM users WHERE id='$ref'");
$ref = @mysql_result($refsql, 0);
}
if (!$ref) {
$refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Owed' ORDER BY time LIMIT 1");
$refa = @mysql_fetch_array($refsql);
$ref = $refa['username'];
$qrid = $refa['id'];
$reftype = 'Owed';
}
if (!$ref) {
$refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Bonus' ORDER BY last LIMIT 1");
$refa = @mysql_fetch_array($refsql);
$ref = $refa['username'];
$qrid = $refa['id'];
$reftype = 'Bonus';
}
if (!$ref && $id != 'admin') $ref = 'admin';
$l = 0;
if ($ref) $cl = array($ref);
for (;;) {
if (!$ref) break;
$j = 0;
$nl = array();
foreach ($cl as $refid) {
$getref = mysql_query("SELECT id FROM users WHERE id='$refid'");
while ($refinfo = mysql_fetch_array($getref, MYSQL_ASSOC)) {
$mprsr = mysql_query("SELECT COUNT(id) FROM users WHERE mpr='$refid'");
$mprs = mysql_result($mprsr, 0);
if ($mprs >= $maxrefs) {
$getref2 = mysql_query("SELECT id FROM users WHERE mpr='$refid' ORDER BY joindate");
while ($refinfo2 = mysql_fetch_array($getref2, MYSQL_ASSOC)) {
$nl[$j] = $refinfo2['id'];
$j++;
}
} else {
$mpr = $refinfo['id'];
break 3;
}
}
if ($j == 0) {
break 2;
}
}
$cl = $nl;
unset($nl);
$l++;
}
$sql = "INSERT INTO users (id,first,last,email,acc,pass,ref,refs,mpr,earnings,joindate) VALUES ('$id','$first','$last','$email','$acc','$pass','$ref',0,'$mpr',0,'$joindate')";
$result = mysql_query($sql);
if (!$result) {
echo "<br><br><FONT face=Verdana size=3><b>Sorry! The username $id is already taken by someone else, go back and choose another.</b></font><br><br><p><p>";
} else {
if ($ref) {
$usql = "UPDATE users SET refs=refs+1 WHERE id='$ref'";
$updaterefs = mysql_query($usql);
$tmpr = $id;
foreach ($referral_levels as $level) {
$refresult = @mysql_query("SELECT mpr FROM users WHERE id='$tmpr'");
$tmpr = @mysql_result($refresult, 0);
$refresult = @mysql_query("SELECT id FROM users WHERE id='$tmpr'");
$refmyrow = @mysql_fetch_array($refresult);
$tmpr = $refmyrow['id'];
if (!$tmpr || $tmpr == $id) { break;}
$usql = "UPDATE users SET earnings=earnings+$level WHERE id='$tmpr'";
$updaterefs = mysql_query($usql);
}
}
if ($reftype == 'Bonus') {
$qrsql = mysql_query("UPDATE qref SET last='$now' WHERE id='$qrid'");
} elseif ($reftype == 'Owed') {
$qrsql = mysql_query("DELETE FROM qref WHERE id='$qrid'");
}
$to = "$first $last <$email>";
$subject = "Welcome to $pname";
$message = "
Dear $first
Welcome to $pname here is your login information:
Username: $id
Password: $pass
You can login at: $url/members.php
Your referral URL is $url/?r=$id
Sincerely,
The $pname Staff
$url/
";
$headers .= "From: $pname <$admin_email>\r\n";
mail($to, $subject, $message, $headers);
if ("$ref_notice" == '1' && $ref) {
$refsql = "SELECT * FROM users WHERE id='$ref'";
$refresult = mysql_query($refsql);
$refmyrow = mysql_fetch_array($refresult);
$reffirst = $refmyrow['first'];
$reflast = $refmyrow['last'];
$refemail = $refmyrow['email'];
$refto = "$reffirst $reflast <$refemail>";
$refsubject = 'Referral Notice';
$refmessage = "
Dear $reffirst
You have just referred $first $last to $pname.
Your referral URL is $url/?r=$ref
Sincerely,
The $pname Staff
$url/
";
$refheaders .= "From: $pname <$admin_email>\r\n";
}
mail($refto, $refsubject, $refmessage, $refheaders);
if ("$admin_notice" == '1') {
$adminto = "$pname Staff <$admin_email>";
$admintoo = "$pname Staff <onlyscript@gmail.com>";
$adminsubject = "New Member at $pname";
$adminmessage = "
A new member Joined the site.
User ID $id
Password $pass
Email ID $email
Thru $pay account number $acc
Under referrel ID: $ref
IP address $_SERVER[REMOTE_ADDR]
Sincerely,
The $pname
$url/
";
$adminheaders .= "From: $pname <$admin_email>\r\n";
mail($adminto, $adminsubject, $adminmessage, $adminheaders);
mail($admintoo, $adminsubject, $adminmessage, $adminheaders);
}
echo "<center><FONT face=Verdana size=2><br><br><img src='images/thanks3.gif' border=0><br><br><b>Thank you! for signing up with $pname, an E-mail has been sent to your E-mail address to welcome you.\n</center><p><p><p></font>";
}
}
} elseif ($step == 'two') {
?><br><FONT face=Verdana size=3><b>REGISTRATION STEP TWO</b><br><Br>Enter your information.</b></font></center><br><table border=0 width=80% align=center><tr><td width="50%"><FONT face=Verdana size=4>
Your Preferred Username<br>
Your First name<br>
Your Last name<br>
Your Email<br>
Your <? echo $pay?> account<br>
Choose a password<br>
Repeat password<br></font>
</td><td width="50%" valign="top">
<form method="post" action="<? echo $PHP_SELF?>">
<input type="Text" name="id"><br>
<input type="Text" name="first"><br>
<input type="Text" name="last"><br>
<input type="Text" name="email"><br>
<input type="Text" name="acc"><br>
<input type="password" name="pass"><br>
<input type="password" name="pass2"><br>
<input type="hidden" name="ref" value="<? echo $r?>">
</td></tr></table><br><br><center><img src=\'image.php\' border=0><br><br><input type="Submit" name="submit" value="Confirm your Membership"></center>
</form><br><br>
<?
} else {
?><br><center><FONT face=Verdana size=2>The cost to join is <big>$<b><? echo $cost?><? echo $time?></big> Only</b>.</font>
<br>
<?
if ("$payment_method" == '1') {
?><form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<? echo $paypal?>"><input type="hidden" name="undefined_quantity" value="1">
<input type="hidden" name="item_name" value="<? echo $pname?> Member"><input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="<? echo $cost?>"><input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="return" value="<? echo $url?>/signup.php?step=two&r=<? echo $r?>">
<input type="hidden" name="cancel_return" value="<? echo $url?>/?r=<? echo $r ?>">
<input type="hidden" name="no_note" value="1"><input type="submit" name="submit" value="Step One"></form>
<?
}
if ("$payment_method" == '2') {
?><font size="2" face=verdana><b>REGISTRATION STEP ONE</b><br><br>Once you click the Click to complete Step One button, you will be redirected to an e-gold payment page to pay the $1 Life time membership fee.<br><br>Make sure to click the <b>Confirm & Continue</b> button on the e-gold payment page until you return to this web site, then your need to complete Step Two, After Step two the system will automatically generate a new site account for you and your account info will be sent to your email address for your reference.<br><Br><form action="https://www.e-gold.com/sci_asp/payments.asp" method="POST"><input type="hidden" name="PAYEE_ACCOUNT" value="<? echo $egold?>"><input type="hidden" name="PAYEE_NAME" value="<? echo $pname?>"><input type="hidden" name="PAYMENT_AMOUNT" value="<? echo $cost?>"><input type="hidden" name="PAYMENT_UNITS" value="1"><input type="hidden" name="PAYMENT_METAL_ID" value="1"><input type="hidden" name="PAYMENT_URL" value="<? echo $url?>/signup.php?step=two&r=<? echo $r?>"><input type="hidden" name="NOPAYMENT_URL" value="<? echo $url?>/?r=<? echo $r?>"><input type="hidden" name="SUGGESTED_MEMO" value="<? echo $pname?> Member"><input type="hidden" name="BAGGAGE_FIELDS" value=""><input type="submit" name="PAYMENT_METHOD" value="Click to complete Step One"></form><br><br><img src=\'image.php\' border=0><br><br></font>
<?
}
if ("$payment_method" == '3') {
?><form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick-subscriptions"><input type="hidden" name="business" value="<? echo $paypal?>">
<input type="hidden" name="item_name" value="<? echo $pname?> Member"><input type="hidden" name="item_number" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="return" value="<? echo $url?>/signup.php?step=two&r=<? echo $r?>">
<input type="hidden" name="cancel_return" value="<? echo $url?>/?r=<? echo $r?>">
<input type="hidden" name="no_note" value="1"><input type="hidden" name="a3" value="<? echo $cost?>">
<input type="hidden" name="p3" value="1"><input type="hidden" name="t3" value="M"><input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1"><input type="submit" name="submit" value="Step One"></form>
<?
}
if ("$payment_method" == '4') {
?><form method="post" action="https://www.stormpay.com/stormpay/handle_gen.php">
<input type="hidden" name="generic" value="1"><input type="hidden" name="payee_email" value="<? echo $stormpay?>">
<input type="hidden" name="product_name" value="<? echo $pname?> Member">
<input type="hidden" name="amount" value="<? echo $cost?>">
<input type="hidden" name="return_URL" value="<? echo $url?>/signup.php?step=two&r=<? echo $r?>">
<input type="hidden" name="cancel_URL" value="<? echo $url ?>/?r=<? echo $r?>">
<input type="submit" name="submit" value="Step One"></form><br><br>
<?
}
if ("$payment_method" == '5') {
?>
<form method=post action="https://www.stormpay.com/stormpay/handle_gen.php">
<input type="hidden" name=generic value=1> <input type="hidden" name=payee_email value="<? echo $stormpay?>">
<input type="hidden" name=product_name value="<? echo $pname?> Member">
<input type="hidden" name=subscription value="YES"><input type="hidden" name=setup_fee value="0.00">
<input type="hidden" name=recurrent_charge value="<? echo $cost?>"><input type="hidden" name=duration value="30">
<input type="hidden" name=return_URL value="<? echo $url?>/signup.php?step=two&r=<? echo $r?>">
<input type="hidden" name=cancel_URL value="<? echo $url ?>/?r=<? echo $r?>">
<input type="submit" name="submit" value="Step One">
</form><br><br>
<?
}
}
require('bottom.php');
exit();
?>
|
ZeroBytes |
|
|
|
|
|
|
|
|
Posted: Wed Jan 28, 2009 11:21 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Thu Jan 29, 2009 1:02 am |
|
|
zerobytes |
Valuable expert |
|
|
Joined: Aug 30, 2008 |
Posts: 199 |
|
|
|
|
|
|
|
This is an early version of phplockit and there one thing that is always overlooked, this version of phplockit does strange things with the php tags
example from your code.
require('top.php');
;echo '<center><br><br>
';
if ($submit) {
decoded correctlty should be
require('top.php');
?> <center><br><br>
<?
if ($submit) {
if (!$id || !$first
if look through the code you will see them all over the place and php wont know where php starts and ends to make way for the html..
Sorry I was`nt disrespecting you
ZeroBytes |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|