..is to create a different index page for the suite. It's very easy because the only thing you need to do is change the content of default.php. I don't want to create something like hello..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* HackSuite debug script
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 14-11-2014
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Debugger";
// no need to go on if there's no debug options file
$sDest = $_PATHS['data_root']."/debug_options.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_POST['sOption'])){
/* form submitted.. */
if($_POST['sOption']!=""){
// not that you'd care about a directory traversal bug or xss in a hacking kit, but let's clean the input anyway
$sDest = $_PATHS['includes_root']."/".str_replace(" ","_",strip_tags(str_replace("%","",str_replace("/","",$_POST['sOption'])))).".php";
// include the handler for this page
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
}
}
else{
/* wrong submission button or nothing submitted at all */
$sCode = (isset($sCode) ? $sCode : "");
$sSelect = "<select name=\"sOption\" onchange=\"this.form.submit();\">\n";
$sSelect .= "<option value=\"\" selected>select an option</option>\n";
foreach($_DEBUG_OPT as $sKey=>$sValue){
// make the text of the key a bit more readable
$sKey = str_replace("_"," ",$sKey);
$sSelect .= "<option value=\"".$sKey."\">".$sKey."</option>\n";
}
$sSelect .= "</select>\n";
// setup configuration file selection form
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Debug Environment</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">select an action:</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"send\" value=\"Send\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
?>