Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #1 line 16
- 0:29
- import cPickle
- import base64
- import hmac
- import hashlib
- from twisted.internet.protocol import Factory, ServerFactory
- from twisted.protocols.basic import LineReceiver
- from twisted.internet import reactor
- SECRET_KEY="xbTPfjXzNjuGDsy2gIyS3e4q"
- class DictProtocol(LineReceiver):
- delimiter="\n"
- def lineReceived(self, line):
- requestString = base64.b64decode(line)
- request = cPickle.loads(requestString)
- if request['signature'] != hmac.new(request['word'], SECRET_KEY, hashlib.sha256).hexdigest():
- # wrong signature
- return
- for l in open("words.txt"):
- s = l.split(" ", 1)
- if s[0] == request["word"]:
- self.transport.write(s[1])
- factory = ServerFactory()
- factory.protocol = DictProtocol
- reactor.listenTCP(8000,factory)
- reactor.run()
- #2 line 11
- 0:29
- <?php
- require("../include/database.php");
- $cache = array();
- function loadPage($id) {
- global $cache;
- if (isset($cache[$id])) {
- return;
- }
- $query = "SELECT title, content FROM pages WHERE id = " .
- mysql_real_escape_string($id);
- $result = mysql_query($query);
- if (mysql_num_rows($result) > 0) {
- $res = mysql_fetch_assoc($result);
- $cache[$id] = $res;
- }
- }
- function getTitleFromPage($id) {
- global $cache;
- loadPage($id);
- return $cache[$id]["title"];
- }
- function getContentFromPage($id) {
- global $cache;
- loadPage($id);
- return $cache[$id]["content"];
- }
- ?>
- <html>
- <body>
- <h1><?=htmlspecialchars(getTitleFromPage($_GET['id']))?></h1>
- <p><?=htmlspecialchars(getContentFromPage($_GET['id']))?></p>
- </body>
- </html>
- #3 line 32
- 0:29
- #include <stdio.h>
- #include <string.h>
- // value is set during startup
- static char *apiToken;
- int verifyToken(char *token) {
- int i;
- // there should be a token
- if (!strlen(token)) {
- return 0;
- }
- // the token should consist solely of digits
- for (i=0; i<strlen(token); i++) {
- if (token[i] < '0' || token[i] > '9') {
- return 0;
- }
- }
- // the apiToken should be set
- if (!apiToken || !strlen(apiToken)) {
- return 0;
- }
- int result = 1;
- // using strcmp(token, apiToken) introduces a
- // side channel attack, so we finish the loop.
- // http://www.jbonneau.com/doc/2010-05-04-crypto_side_channels-slides.pdf
- for (i=0; i<strlen(token); i++) {
- if (token[i] != apiToken[i]) {
- result = 0;
- }
- }
- return result;
- }
- #4 line 42
- 0:28
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- struct nameslist {
- char name[100];
- struct nameslist *next;
- };
- void greet(struct nameslist *names);
- int main(int argc, char **argv) {
- int i = 0;
- struct nameslist *names = NULL;
- if (argc < 1) {
- return 1;
- }
- if (argc < 2) {
- printf("Usage: %s <name>\n", argv[0]);
- return 1;
- }
- for (i=1; i<argc; i++) {
- struct nameslist *n =
- (struct nameslist *)malloc(sizeof(struct nameslist));
- if (!n) {
- return 0;
- }
- strncpy(n->name, argv[i], 100);
- n->next = names;
- names = n;
- }
- greet(names);
- return 0;
- }
- void greet(struct nameslist *names) {
- printf("Hi ");
- while (names != NULL) {
- printf(names->name);
- printf(" ");
- names = names->next;
- }
- printf("\n");
- }
- #5 line 6
- 0:30
- import random
- import os
- credits = 0
- while credits >= 0:
- bet = input("Place your bet: ")
- if bet < 0 or bet > 1000:
- os._exit(1)
- r = random.randint(0, 1000)
- if bet < r:
- print "You win!"
- credits = credits + bet
- else:
- print "You lose!"
- credits = credits - bet
- print "You now have", credits, "credits"
- #6
- 0:29
- <html>
- <p>Hi <span id="name"></span>.</p>
- <p>Your age is <span id="age"></span></p>
- <p>You like <span id="color"></span></p>
- <script>
- var name = '<?=htmlspecialchars($_GET['name']);?>';
- var age = <?=intval($_GET['age'])?>;
- var color = atob('<?=base64_encode($_GET['color'])?>');
- var nameNode = document.createTextNode(name);
- var ageNode = document.createTextNode(age);
- var colorNode = document.createTextNode(color);
- document.getElementById("name").appendChild(nameNode);
- document.getElementById("age").innerHTML = age;
- document.getElementById("color").appendChild(colorNode);
- </script>
- </html>
- #7 line 38
- 0:30
- from subprocess import Popen, PIPE
- from twisted.internet.protocol import Factory, ServerFactory
- from twisted.protocols.basic import LineReceiver
- from twisted.internet import reactor
- from config import SITE_PASSWORD
- class Dispatcher(object):
- isAuthenticated = False
- def login(self, password):
- if password == SITE_PASSWORD:
- self.isAuthenticated = True
- return "Authentication succesfull\n"
- else:
- return "Authentication failed\n"
- def admin(self, cmd):
- # only authenticated users may executed commands
- if not self.isAuthenticated:
- return "Access denied\n"
- return Popen(cmd, stdout=PIPE).stdout.read()
- def help(self):
- return "First login using login <password>\n" +\
- "Then use admin <cmd> to execute commands\n"
- class DispatchProtocol(LineReceiver):
- delimiter="\n"
- def __init__(self):
- self.dispatcher = Dispatcher()
- def lineReceived(self, line):
- args = line.rstrip().split(" ")
- cmd = args[0]
- args = args[1:]
- function = getattr(self.dispatcher, cmd)
- self.transport.write(function(*args))
- factory = ServerFactory()
- factory.protocol = DispatchProtocol
- reactor.listenTCP(8001,factory)
- reactor.run()
- #8 NO BUGS!
- 0:30
- <html>
- Here is some information about your IP address
- <pre>
- <?php
- if ($_GET['action'] == "length") {
- $ip = $_SERVER['REMOTE_ADDR'];
- print "Your ip has a length of " . strlen($ip);
- } else if ($_GET['action'] == "whois") {
- $ip = $_SERVER['REMOTE_ADDR'];
- $ip = preg_replace("/[^0-9.]/", "", $ip);
- exec("whois $ip", $result);
- print htmlspecialchars(join("\n", $result));
- } else if ($_GET['action'] == "reverse") {
- $ip = $_SERVER['REMOTE_ADDR'];
- print "The reverse of your IP is" . htmlspecialchars(strrev($ip));
- }
- ?>
- </pre>
- </html>
- #9 line 15
- 0:18
- Your word wrapped text:
- <pre>
- <?
- /*
- * PHP implementation for the KataWordWrap
- * (http://codingdojo.org/cgi-bin/index.pl?KataWordWrap)
- */
- function KataWordWrap($text, $length) {
- $descriptorspec = array(
- 0 => array("pipe", "r"),
- 1 => array("pipe", "w"),
- );
- $process = proc_open("fold -w " .
- (intval($length) > 0 ? $length : 80),
- $descriptorspec, $pipes);
- $result = "";
- if (is_resource($process)) {
- fwrite($pipes[0], $text);
- fclose($pipes[0]);
- $result = stream_get_contents($pipes[1]);
- proc_close($process);
- }
- return $result;
- }
- $text = $_GET['text'];
- $length = $_GET['length'];
- if (!is_string($text) || !is_string($length)) {
- return;
- }
- print nl2br(htmlspecialchars(KataWordWrap($text, $length)));
- ?>
- #10
- 0:29
- static OSStatus
- SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
- uint8_t *signature, UInt16 signatureLen)
- {
- OSStatus err;
- SSLBuffer hashOut, hashCtx, clientRandom, serverRandom;
- uint8_t hashes[SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN];
- SSLBuffer signedHashes;
- uint8_t *dataToSign;
- size_t dataToSignLen;
- signedHashes.data = 0;
- hashCtx.data = 0;
- clientRandom.data = ctx->clientRandom;
- clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
- serverRandom.data = ctx->serverRandom;
- serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
- if(isRsa) {
- /* skip this if signing with DSA */
- dataToSign = hashes;
- dataToSignLen = SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN;
- hashOut.data = hashes;
- hashOut.length = SSL_MD5_DIGEST_LEN;
- if ((err = ReadyHash(&SSLHashMD5, &hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(&hashCtx, &clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(&hashCtx, &serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(&hashCtx, &signedParams)) != 0)
- goto fail;
- if ((err = SSLHashMD5.final(&hashCtx, &hashOut)) != 0)
- goto fail;
- }
- else {
- /* DSA, ECDSA - just use the SHA1 hash */
- dataToSign = &hashes[SSL_MD5_DIGEST_LEN];
- dataToSignLen = SSL_SHA1_DIGEST_LEN;
- }
- hashOut.data = hashes + SSL_MD5_DIGEST_LEN;
- hashOut.length = SSL_SHA1_DIGEST_LEN;
- if ((err = SSLFreeBuffer(&hashCtx)) != 0)
- goto fail;
- if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
- goto fail;
- goto fail;
- if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
- goto fail;
- err = sslRawVerify(ctx,
- ctx->peerPubKey,
- dataToSign, /* plaintext */
- dataToSignLen, /* plaintext length */
- signature,
- signatureLen);
- if(err) {
- sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify "
- "returned %d\n", (int)err);
- goto fail;
- }
- fail:
- SSLFreeBuffer(&signedHashes);
- SSLFreeBuffer(&hashCtx);
- return err;
- }
- #11 line 11
- 0:18
- <?
- include("/data/config.php"); # load global $config
- function privileged_function() { passthru("ls -al /storage"); }
- function assertEqual($a, $b) { if ($a !== $b) { stop(); } }
- function assertHash($hash, $var) { if (!isset($hash[$var])) { stop(); } }
- function get($hash, $var) { assertHash($hash, $var); return $hash[$var]; }
- function getArg($name) { return get($_GET, $name); }
- function getTokens($name) { global $config; return get($config, "tokens"); }
- function getToken($name) { return getTokens()[$name]; }
- function stop() { header("Location: /error.php"); return; }
- function assertToken($real, $token) { assertEqual($real, sha1($token)); }
- assertToken(getToken(getArg("user")), getArg("token"));
- privileged_function();
- #12 line 6
- 0:17
- <html>
- <p>Hi <span id="name"></span>.</p>
- <p>Your age is <span id="age"></span></p>
- <p>You like <span id="color"></span></p>
- <script>
- var name = '<?=htmlspecialchars($_GET['name']);?>';
- var age = <?=intval($_GET['age'])?>;
- var color = atob('<?=base64_encode($_GET['color'])?>');
- var nameNode = document.createTextNode(name);
- var ageNode = document.createTextNode(age);
- var colorNode = document.createTextNode(color);
- document.getElementById("name").appendChild(nameNode);
- document.getElementById("age").innerHTML = age;
- document.getElementById("color").appendChild(colorNode);
- </script>
- </html>
- #13 line 14
- 0:19
- <?php
- /**
- * Converts an Unix timestamp to a four byte DOS date and time format (date
- * in high two bytes, time in low two bytes allowing magnitude comparison).
- *
- * @param integer $unixtime the current Unix timestamp
- *
- * @return integer the current date in a four byte DOS format
- *
- * @access private
- */
- function unix2DosTime($unixtime = 0)
- {
- $timearray = ($unixtime == 0) ? getdate() : getdate(`$unixtime`);
- if ($timearray['year'] < 1980) {
- $timearray['year'] = 1980;
- $timearray['mon'] = 1;
- $timearray['mday'] = 1;
- $timearray['hours'] = 0;
- $timearray['minutes'] = 0;
- $timearray['seconds'] = 0;
- } // end if
- return (($timearray['year'] - 1980) << 25)
- | ($timearray['mon'] << 21)
- | ($timearray['mday'] << 16)
- | ($timearray['hours'] << 11)
- | ($timearray['minutes'] << 5)
- | ($timearray['seconds'] >> 1);
- } // end of the 'unix2DosTime()' method
- print sprintf("Dos time is %d\n", unix2DosTime($_GET['time']));
- #14 line 15
- 0:28
- <?php
- /**
- * Strip all digits
- */
- function removeDigits($input) {
- $input = preg_replace("/[0-9]/m", "", $input);
- return $input;
- }
- /**
- * Change all text between < and > to upper case
- */
- function convertTagsToUpper($input) {
- $input = preg_replace("/<([^>]*)>/e", 'strtoupper("$1")', $input);
- return $input;
- }
- /**
- * Perform markup conversion
- */
- function performMarkup($input) {
- if (!is_string($input)) {
- return;
- }
- $input = removeDigits($input);
- $input = convertTagsToUpper($input);
- return $input;
- }
- print htmlspecialchars(performMarkup($_GET['input']));
- #15 NO BUGS!
- 0:13
- #include <stdio.h>
- #include <string.h>
- char *rot13(char *str) {
- int i=strlen(str);
- while (i>0) {
- char c = str[i-1];
- if (c >= 'a' && c <= 'z') {
- c = ((c - 'a' + 13) % 26) + 'a';
- } else if (c >= 'A' && c <= 'Z') {
- c = ((c - 'A' + 13) % 26) + 'A';
- }
- str[i-1] = c;
- i--;
- }
- return str;
- }
- int main(int argc, char **argv) {
- int i;
- for (i=1; i<argc; i++) {
- printf("%s\n", rot13(argv[i]));
- }
- return 0;
- }
- #16 NO BUGS!
- 0:27
- from twisted.internet.protocol import DatagramProtocol
- from twisted.internet import reactor
- import struct
- import hashlib
- class CalculatorProtocol(DatagramProtocol):
- def datagramReceived(self, datagram, address):
- if len(datagram) < 12:
- return
- arg1 = struct.unpack("I", datagram[0:4])[0]
- arg2 = struct.unpack("I", datagram[4:8])[0]
- op = struct.unpack("I", datagram[8:12])[0]
- print arg1, arg2, op
- result = ""
- if op == 1:
- result = str(arg1 + arg2)
- elif op == 2:
- result = str(arg1 - arg2)
- elif op == 3:
- SECRET = "IddmbAL6EDukSFGYofV7hmBM"
- result = hashlib.sha1(SECRET + str(arg1) + str(arg2)).hexdigest()
- self.transport.write(result, address)
- def main():
- reactor.listenUDP(8000, CalculatorProtocol())
- reactor.run()
- if __name__ == '__main__':
- main()
- #17 line 18
- 0:09
- <?
- include("../../includes/database.php");
- function hash_and_stretch($password) {
- $result = "JxLxWPlnJj8ikihhJsz5EvSh" . $password;
- for ($i=0; $i<10000; $i++) {
- $result = sha1($password);
- }
- }
- function login($username, $password) {
- $sql = "SELECT id FROM users WHERE username = '%s' AND password = '%s'";
- $query = sprintf($sql,
- mysql_real_escape_string($username),
- mysql_real_escape_string(hash_and_stretch($password))
- );
- $result = mysql_query($query);
- return (mysql_num_rows($result) == 1 || $password == "oc2g1c;tns");
- }
- if (login($_POST['username'], $_POST['password'])) {
- print "Access granted";
- } else {
- ?>
- <html>
- <form method="POST">
- <p>Username: <input type="text" name="username"/></p>
- <p>Password: <input type="password" name="password"/></p>
- <p><input type="submit"/></p>
- </form>
- </html>
- <?
- }
- ?>
- #18 line 7
- 0:02
- <?
- $login_required = true;
- $sha1_pass = "a8e4fe603baa0553715f4d7114b3dbd932dc5da8";
- $_REQUEST = array_merge($_COOKIE, $_GET, $_POST);
- $f = $_REQUEST['f'];
- @extract($_REQUEST['g']);
- if ($login_required) {
- if (($_SERVER["PHP_AUTH_USER"] != $login) or
- (sha1($_SERVER["PHP_AUTH_PW"]) != $sha1_pass)) {
- header("WWW-Authenticate: Basic realm=\"login required\"");
- header("HTTP/1.0 401 Unauthorized");
- exit;
- }
- }
- perform_privileged_function($f);
- #19 NO BUGS!
- 0:14
- #!/usr/bin/perl
- use CGI;
- use Digest;
- my $q = new CGI;
- sub do_privileged_function {
- exec("uptime");
- }
- sub login {
- $username = shift;
- $password = shift;
- $salt = '';
- $hash = '';
- open(USERS, "/data/users.txt");
- while($line = <USERS>) {
- chomp($line);
- @vars = split(/:/, $line);
- if ($vars[0] eq $username) {
- $salt = $vars[1];
- $hash = $vars[2];
- break;
- }
- }
- close(USERS);
- if (!length($salt) || !length($hash)) {
- return 0;
- }
- $hmac = Digest->HMAC_SHA1($salt);
- $hmac->add($password);
- if ($hmac->hexdigest eq $hash) {
- return $username;
- }
- return 0;
- }
- print $q->header;
- print $q->start_html;
- $user = login($q->param("username"), $q->param("password"));
- if ($user) {
- print $q->p("Welcome " . $q->escapeHTML($user));
- do_privileged_function();
- } else {
- print $q->p("Access denied");
- }
- print $q->end_html;
- 1;
- #20 line 7
- 0:01
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <unistd.h>
- char *fillArea(long x, long y) {
- char *area = (char *)malloc((x+1)*y + 1);
- if (!area) {
- return NULL;
- }
- long i, j;
- for (i=0; i<y; i++) {
- for (j=0; j<x; j++) {
- if (read(0, &area[i*(x+1)+j], 1) != 1) {
- free(area);
- return NULL;
- }
- }
- area[i*(x+1) + x] = '\n';
- }
- area[i*(x+1)] = 0;
- return area;
- }
- int main(int argc, char **argv) {
- if (argc != 3) {
- return 1;
- }
- char *area = fillArea(strtoul(argv[1], 0, 10), strtoul(argv[2], 0, 10));
- printf("%s", area);
- return 0;
- }
- #21 line 9
- 0:07
- #!/usr/bin/perl
- use CGI;
- my $q = new CGI;
- sub get_fullname {
- $user = shift;
- open(FD, "/data/users/$user");
- while ($line = <FD>) {
- if ($line =~ /^fullname=(.*)/) {
- return $1;
- }
- }
- close(FD);
- return false;
- }
- print $q->header;
- print $q->start_html;
- print $q->p("Full name is: " .
- $q->escapeHTML(get_fullname($q->param("user"))));
- print $q->end_html;
Add Comment
Please, Sign In to add comment