Advertisement
vic_npc

Deserialización

May 30th, 2023 (edited)
80
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.85 KB | Cybersecurity | 0 0
  1. <?php
  2.  
  3. class pingTest {
  4.     public $ipAddress = "127.0.0.1";
  5.     public $isValid = False;
  6.     public $output = "";
  7.  
  8.     function validate() {
  9.         if (!$this->isValid) {
  10.             if (filter_var($this->ipAddress, FILTER_VALIDATE_IP))
  11.             {
  12.                 $this->isValid = True;
  13.             }
  14.         }
  15.         $this->ping();
  16.  
  17.     }
  18.  
  19.     public function ping()
  20.         {
  21.         if ($this->isValid) {
  22.             $this->output = shell_exec("ping -c 3 $this->ipAddress");  
  23.         }
  24.         }
  25.  
  26. }
  27.  
  28. if (isset($_POST['obj'])) {
  29.     $pingTest = unserialize(urldecode($_POST['obj']));
  30. } else {
  31.     $pingTest = new pingTest;
  32. }
  33.  
  34. $pingTest->validate();
  35.  
  36. echo "<html>
  37. <head>
  38. <script src=\"http://secure.cereal.ctf:44441/php.js\"></script>
  39. <script>
  40. function submit_form() {
  41.         var object = serialize({ipAddress: document.forms[\"ipform\"].ip.value});
  42.         object = object.substr(object.indexOf(\"{\"),object.length);
  43.         object = \"O:8:\\\"pingTest\\\":1:\" + object;
  44.         document.forms[\"ipform\"].obj.value = object;
  45.         document.getElementById('ipform').submit();
  46. }
  47. </script>
  48. <link rel='stylesheet' href='http://secure.cereal.ctf:44441/style.css' media='all' />
  49. <title>Ping Test</title>
  50. </head>
  51. <body>
  52. <div class=\"form-body\">
  53. <div class=\"row\">
  54.    <div class=\"form-holder\">
  55.     <div class=\"form-content\">
  56.         <div class=\"form-items\">
  57.         <h3>Ping Test</h3>
  58.        
  59.         <form method=\"POST\" action=\"/\" id=\"ipform\" onsubmit=\"submit_form();\" class=\"requires-validation\" novalidate>
  60.  
  61.             <div class=\"col-md-12\">
  62.             <input name=\"obj\" type=\"hidden\" value=\"\">
  63.                <input class=\"form-control\" type=\"text\" name=\"ip\" placeholder=\"IP Address\" required>
  64.             </div>
  65.         <br />
  66.             <div class=\"form-button mt-3\">
  67.             <input type=\"submit\" value=\"Ping!\">
  68.             <br /><br /><textarea>$pingTest->output</textarea>
  69.             </div>
  70.         </form>
  71.         </div>
  72.     </div>
  73.    </div>
  74. </div>
  75. </div>
  76. </body>
  77. </html>";
  78.  
  79. ?>
  80.  
  81.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement