source: pwntcha/web/test.html @ 998

Last change on this file since 998 was 998, checked in by Sam Hocevar, 14 years ago
  • added stuff to get a working site.
File size: 3.3 KB
Line 
1<html>
2<body>
3
4<?
5function list_recent() {
6   $dh = opendir("upload/");
7   while(($file = readdir($dh)) != false) {
8      if(substr($file,0,1)==".") {
9         continue;
10      }
11      $files[] = $file;
12   }
13
14   rsort($files);
15   $files = array_slice($files, 0, 10);
16
17   return $files;
18}
19
20function save_upload() {
21   if(count($_FILES) <= 0) {
22      return false;
23   }
24
25   $size = $_FILES['userfile']['size'];
26   $name = $_FILES['userfile']['tmp_name'];
27
28   $fd = fopen($name, "r");
29   $start = fread($fd, 20);
30   fclose($fd);
31
32   if(substr($start, 0, 4) == "\x89PNG") {
33      $suffix = ".png";
34   } else if (substr($start, 6, 4) == "JFIF") {
35      $suffix = ".jpeg";
36   } else if (substr($start, 0, 4) == "GIF8") {
37      $suffix = ".gif";
38   } else if (substr($start, 0, 2) == "BM") {
39      $suffix = ".bmp";
40   } else {
41      $suffix = "";
42   }
43
44   $file = strftime("%Y%m%d%H%M%S") . substr(basename($name), 3) . $suffix;
45
46   if(!move_uploaded_file($name, "upload/" . $file)) {
47      ?> <p> Error uploading file. </p> <?
48      return false;
49   }
50
51   return $file;
52}
53
54function decode($file) {
55   ?> <h2> PWNtcha results </h2> <?
56
57   $file = ereg_replace("[^0-9a-zA-Z.]", "", $file);
58
59   ?> <p> Running PWNtcha... </p>
60
61   <table cellpadding="5" cellspacing="0" border="0">
62     <tr>
63       <td><img src="upload/<? echo $file; ?>" /></td>
64       <td><pre><? passthru("cd .. ; ./pwntcha www/upload/" . $file . " 2>&1"); ?> </pre></td>
65     </tr>
66   </table> <?
67}
68?>
69
70<h1> PWNtcha <a href="test.html">proof of concept</a> </h1>
71
72<p> This page is dedicated to everyone who thinks PWNtcha is a hoax, and
73even managed to <i>prove</i> it. Wow, amazing job! </p>
74
75<?
76$recent = list_recent();
77$upload = save_upload();
78$get = $_GET['file'];
79if($upload) {
80   decode($upload);
81} else if($get) {
82   decode($get);
83}
84?>
85
86<h2> File upload </h2>
87
88<p> Upload a Captcha file to test PWNtcha: </p>
89
90<form enctype="multipart/form-data" action="test.html" method="POST">
91    <!-- MAX_FILE_SIZE must precede the file input field -->
92    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
93    <!-- Name of input element determines name in $_FILES array -->
94    Send file: <input name="userfile" type="file" />
95    <input type="submit" value="Send" />
96</form>
97
98<h2> Latest uploaded captchas </h2>
99
100<p><?
101foreach($recent as $file) {
102   ?><a href="test.html?file=<? echo $file ?>"><img width="64" height="32" src="upload/<? echo $file ?>" /></a> <?
103}
104?></p>
105
106<h2> About PWNtcha </h2>
107
108<p> See <a
109href="http://sam.zoy.org/pwntcha/">http://sam.zoy.org/pwntcha/</a> for
110a list of Captchas that PWNtcha can defeat. Download captchas from the
111vulnerable list and feed them to the above form. </p>
112
113<p> You can also download vulnerable captchas from the following
114locations: </p>
115
116<ul>
117   <li> linuxfr.org: <a href="http://linuxfr.org/user_new.html">http://linuxfr.org/user_new.html</a> </li>
118   <li> Gandi whois service: <a href="http://www.gandi.net/whois?l=en">http://www.gandi.net/whois?l=en</a> </li>
119   <li> phpBB.com: <a href="http://www.phpbb.com/phpBB/profile.php?mode=register&agreed=true">http://www.phpbb.com/phpBB/profile.php?mode=register&agreed=true</a> </li>
120</ul>
121
122<p> <b>Warning</b>: abuse of this system will, of course, cause it to be
123shut down. Do not even remotely imagine that you could use it as part
124of any malicious scheme involving captcha decoding. Eat some bricks
125instead. </p>
126
127</body>
128</html>
129
Note: See TracBrowser for help on using the repository browser.