..modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* HackSuite debug script
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 14-11-2014
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Debugger";
// no need to go on if there's no debug options file
$sDest = $_PATHS['data_root']."/debug_options.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_POST['sOption'])){
/* form submitted.. */
if($_POST['sOption']!=""){
// not that you'd care about a directory traversal bug or xss in a hacking kit, but let's clean the input anyway
$sDest = $_PATHS['includes_root']."/".str_replace(" ","_",strip_tags(str_replace("%","",str_replace("/","",$_POST['sOption'])))).".php";
// include the handler for this page
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
}
}
else{
/* wrong submission button or nothing submitted at all */
$sCode = (isset($sCode) ? $sCode : "");
$sSelect = "<select name=\"sOption\" onchange=\"this.form.submit();\">\n";
$sSelect .= "<option value=\"\" selected>select an option</option>\n";
foreach($_DEBUG_OPT as $sKey=>$sValue){
// make the text of the key a bit more readable
$sKey = str_replace("_"," ",$sKey);
$sSelect .= "<option value=\"".$sKey."\">".$sKey."</option>\n";
}
$sSelect .= "</select>\n";
// setup configuration file selection form
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Debug Environment</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">select an action:</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"send\" value=\"Send\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
?>