..more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* Creates attack url
Poisons an attack url with exploits
PARAMETERS:
$sUrl: full url
$aExploitsData: exploit array in inject.php
$sExploit: exploit to use
$mVars:
ARRAY: variables to attack
BOOLEAN: poison all variables
RETURNS:
STRING: filtered data
*/
function ExploitUrl($sUrl,$aExploitsData,$sExploit,$mVars=false){
$aUrl = @parse_url($sUrl);
if(!isset($aUrl['query']) || !isset($aUrl['host']) || !isset($aUrl['path'])){
// invalid url
return(false);
}
if(!isset($aExploitsData[$sExploit])){
// unknown exploit
return(false);
}
if(strpos($aUrl['query'],"=")===false){
// no values, no luck
return(false);
}
$aVarValues = @explode("&",$aUrl['query']);
if(!$iVarValues = @count($aVarValues)){
return(false);
}
$sUrl2 = "http://".$aUrl['host'].$aUrl['path']."?";
for($x=0;$x<$iVarValues;$x++){
$aValues = explode("=",$aVarValues[$x]);
if(is_array($mVars)){
if(!in_array($aValues[0],$mVars)){
$sUrl2 .= $aVarValues[$x];
continue;
}
}
if($x>0){
$sUrl .= "&";
}
$sUrl2 .= $aValues[0]."=".$aExploitsData[$sExploit]['trigger'];
}
if($sUrl2==$sUrl){
// failed to create url
return(false);
}
return($sUrl2);
}
?>