خداییش کشتی ما رو! :چشمک: این از فرم:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html><head>
<title>Zone-H.org - Unrestricted information | Notify Defacements</title>
<link href="singles_files/style.css" rel="stylesheet" type="text/css">
<link rel="canonical" href="http://www.zone-h.org/notify/single">
<meta name="Description" content="Notify defacements">
<meta name="Keywords" content="notify,notify defacements,submit,submission,defacement submit,defacement submission,hacking,hacker,defacer">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="alternate" title="Zone-H News" href="http://www.zone-h.org/rss/news" type="application/rss+xml">
<link rel="alternate" title="Zone-H Defacements" href="http://www.zone-h.org/rss/defacements" type="application/rss+xml">
<link rel="alternate" title="Zone-H Special Defacements" href="http://www.zone-h.org/rss/specialdefacements" type="application/rss+xml">
<script type="text/javascript" src="singles_files/zh.js"></script>
<script type="text/javascript" src="/----/?js"></script>
<?php
@include_once( $_SERVER['DOCUMENT_ROOT'].'/--------/stats_include.php' );
?>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script><script src="singles_files/ga.js" type="text/javascript"></script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-12763010-1");
pageTracker._setDomainName("none");
pageTracker._setAllowLinker(true);
pageTracker._trackPageview();
} catch(err) {}</script>
<meta name="google-site-verification" content="IV27xhD1i2cR9z4XFr_gi8P-0sU6oqAUsOyUlvuD7i0">
<meta name="google-site-verification" content="IRNYr6gINTjEqcnCZQqKShEdzOrwpYS_V4ohXhjNH 8M">
</head>
<body>
<div id="content">
<div id="logo"><a href="http://www.zone-h.com/"><img src="singles_files/logo.gif" border="0"></a></div>
<div id="menu">
<ul>
<li><a href="http://www.zone-h.com/">Home</a></li>
<li><a href="http://www.zone-h.com/listingnews">News</a></li>
<li><a href="http://www.zone-h.com/listingevents">Events</a></li>
<li><a href="http://www.zone-h.com/archive">Archive</a></li>
<li><a href="http://www.zone-h.com/archive/special=1">Archive <img src="singles_files/star.gif" border="0"></a></li>
<li><a href="http://www.zone-h.com/archive/published=0">Onhold</a></li>
<li><a href="http://www.zone-h.com/notify/single">Notify</a></li>
<li><a href="http://www.zone-h.com/stats">Stats</a></li>
<li><a href="http://www.zone-h.com/register">Register</a></li>
<li><a href="http://www.zone-h.com/login">Login</a></li>
<li><a href="http://www.zone-h.com/feeds"><img src="singles_files/feedred14x14.gif" border="0"></a></li>
<li style="float:right;"><form name="sitesearch" action="/search" method="post"><input id="searchinput" name="searchinput" value="search..." style="width: 98px;" onclick="window.document.sitesearch.searchinput.va lue=''" type="text"></form></li>
</ul>
</div>
<div id="bodyy">
<div id="propdeface">
SINGLE | <a href="http://www.zone-h.com/notify/mass">MASS</a>
<h2>Warning</h2>
<p class="warning">
A defacement is considered in all countries an unauthorized computer
access, a denial of service action therefore a CRIME under all means,
even if you don't think so. The activity of defacing to warn the
administrator of a bugged server about its vulnerable status is
considered a crime too and a questionable ethical conduct.
Zone-H accepts your notifications but doesn't support, condone, justify
at all any defacing activity. Instead, we welcome you to stop such
activity or else you might face the same destiny of some notorious
defacers who got arrested and jailed. See the following examples:
http://www.theregister.com/2005/06/28/deceptive_duo_hacker_jailed
http://www.theregister.co.uk/2005/10/27/secfocus_hacker_deport/page2.html
http://www.zone-h.org/content/view/4446/31
You might want to consider instead, the possibility to quit your ILLEGAL
activity before getting jailed (because you will) as other defacers did
before you. See this example:
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=arti cle&sid=12044&mode=thread&order=0& thold=0
If you have any question or if you need any help or advice to convince
you about all of the above, feel free to contact any of the Zone-H staff
members.
<b>DISCLAIMER</b>: all the information
contained in Zone-H's cybercrime archive were either collected online from public sources or directly notified <b>anonymously</b> to us. Zone-H is
neither responsible for the reported computer crimes nor it is directly or indirectly involved with them. You might find some
offensive contents in the mirrored defacements. Zone-H didn't produce them so we cannot be responsible for such contents.
If you are the administrator of an hacked site which is mirrored
in Zone-H, please note that Zone-H is not related at all with the
defacements itself.
<b>Don't ask us to remove the mirror</b> of your defaced website, as a cybercrime archive Zone-H's mission is to keep the entries in the database.
All the self-produced material belongs to Zone-H. You are free
to use it as long as proper credits to Zone-H are reported as by the CC
license reported below.
Zone-H is not responsible for the use/misuse of the published information, you can use it at your own risk.
<b>We don't accept notifications through email, IP address
notifications, notifications with fake and/or created subdomains by
notifier or with wrong attack methods selected.
</b>
</p>
<form action="http://localhost/single/singles.php" method="POST">
<table align="left" border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="75%">
<li>
<ul style="list-style:none;">
<li>Notifier :</li>
<li><input name="text" type="text"" class="styled"value="" size="20" maxlength="200 name="hacker /></li>
</ul>
</li>
<li>
<ul style="list-style:none;">
<li>Domain 1</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 2</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 3</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 4</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 5</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 6</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 7</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 8</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 9</li>
<li> <input type="text" maxlength="100" name="site[]" class="styled" size="20" value="http://" /> </li>
<li>Domain 10</li>
<li> <input type="text" maxlength="100" name="site" class="styled" size="20" value="http://" /> </li>
<input type="hidden" name="sunucu" value="<? echo getenv('REMOTE_ADDR'); ?>">
<input type="hidden" name="zgkod" value="123456">
<input type="hidden" name="gkodumuz" value="123456"></font></li>
</ul>
</li>
<li>
<ul>
<select name="hackmode">
<option selected="selected" value="">--------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option value="2">undisclosed (new) vulnerability</option>
<option value="3">configuration / admin. mistake</option>
<option value="4">brute force attack</option>
<option value="5">social engineering</option>
<option value="6">Web Server intrusion</option>
<option value="7">Web Server external module intrusion</option>
<option value="8">Mail Server intrusion</option>
<option value="9">FTP Server intrusion</option>
<option value="10">SSH Server intrusion</option>
<option value="11">Telnet Server intrusion</option>
<option value="12">RPC Server intrusion</option>
<option value="13">Shares misconfiguration</option>
<option value="14">Other Server intrusion</option>
<option value="15">SQL Injection</option>
<option value="16">URL Poisoning</option>
<option value="17">File Inclusion</option>
<option value="18">Other Web Application bug</option>
<option value="19">Remote administrative panel access through bruteforcing</option>
<option value="20">Remote administrative panel access through password guessing</option>
<option value="21">Remote administrative panel access through social engineering</option>
<option value="22">Attack against the administrator/user (password stealing/sniffing)</option>
<option value="23">Access credentials through Man In the Middle attack</option>
<option value="24">Remote service password guessing</option>
<option value="25">Remote service password bruteforce</option>
<option value="26">Rerouting after attacking the Firewall</option>
<option value="27">Rerouting after attacking the Router</option>
<option value="28">DNS attack through social engineering</option>
<option value="29">DNS attack through cache poisoning</option>
<option value="30">Not available</option>
</select> </ul>
</li>
<li>
<ul>
<select name="reason">
<option selected="selected" value="">--------SELECT--------</option>
<option value="1">Heh...just for fun!</option>
<option value="2">Revenge against that website</option>
<option value="3">Political reasons</option>
<option value="4">As a challenge</option>
<option value="5">I just want to be the best defacer</option>
<option value="6">Patriotism</option>
<option value="7">Not available</option>
</select> </ul>
</li>
<li>
<input name="submit" type="submit" style="font-family: Tahoma; font-size: 10pt;" onClick="javascript<b></b>:this.form.submit();this.disabl ed=true;this.value='Kaydediliyor...';" value=" Append ">
</li>
</ul>
</form>
</div>
</div>
<div id="footer">
<p align="center"> <a href="http://www.zone-h.com/"><font color="ffffffff">Home</a> <a href="http://www.zone-h.com/listingnews"><font color="ffffffff">News</a> <a href="http://www.zone-h.com/listingevents"><font color="ffffffff">Events</a> <a href="http://www.zone-h.com/archive"><font color="ffffffff">Archive</a> <a href="http://www.zone-h.com/archive/special=1"><font color="ffffffff">Archive <img src="singles_files/star.gif" border="0" /></a> <a href="http://www.zone-h.com/archive/published=0"><font color="ffffffff">Onhold</a> <a href="http://www.zone-h.com/notify/single"><font color="ffffffff">Notify</a> <a href="http://www.zone-h.com/stats"><font color="ffffffff">Stats</a> <a href="http://www.zone-h.com/register"><font color="ffffffff">Register</a> <a href="http://www.zone-h.com/login"><font color="ffffffff">Login</a> <a href="http://www.zone-h.com/disclaimer.php"><font color="ffffffff">Disclaimer</a> <a href="http://www.zone-h.com/contact"><font color="ffffffff">Contact</a> </p>
<p align="center"> <a href="http://www.zone-h.com/license"><font color="ffffffff">Attribution-NonCommercial-NoDerivs 3.0 Unported License</a> </p>
</div>
</div>
</body></html>
اینم از کد سمت سرور:
<?
if(isset($_POST['submit'])){
session_start();
include "ديتابيس.php";
$sites = array();
foreach($_POST['site'] as $psite) { $sites[] = htmlspecialchars(trim($psite));
$hacker = htmlspecialchars(trim($_POST['hacker']));
$sunucu = $_POST['sunucu'];
if($_POST['gkodumuz'] == "123456" && $_POST['zgkod'] == "123456"){ // g?venlik kontrol
if( empty($site) OR empty($hacker) ){
echo "<left>Please specify a defacer name.";
} elseif( strlen($hacker) < 2 ) {
echo "<left>Please specify a defacer name.";
} elseif( strlen($hacker) > 50 ) {
echo "<left>We don't like spammers.";
} elseif( substr($site, 0, 7) != "http://") {
echo "<left>Invalid domain: Domain format is invalid.";
} else {
//G?venlik Kodunu Temizle
unset($_SESSION['guv']);
$altiay = 60 * 60 * 60 * 24 * 30 * 6;
$simdi = time();
// KAYIT KONTROL
foreach($sites as $site) {
if ( strstr($site, "www") ){
$ilk = strpos($site, ".");
$orta = substr($site, $ilk+1);
$ilkson = strpos($orta, "/");
$orta = substr($site, $ilk+1, $ilkson+1);
$uzunluk = strlen($orta);
$son = substr($orta, $uzunluk-1);
if ($son == "/"){
$ara = substr($orta, 0, $uzunluk-1);
} else {
$ara = $orta;
}
} else { // www yoksa
$orta = substr($site, 7);
$ilkson = strpos($orta, "/");
$orta = substr($orta, 0, $ilkson+1);
$uzunluk = strlen($orta);
$son = substr($orta, $uzunluk-1);
if ($son == "/"){
$ara = substr($orta, 0, $uzunluk-1);
} else {
$ara = $orta;
}
} // www var m? kontrol
$kontrol_yap = mysql_query("SELECT * FROM kayitlar WHERE url LIKE '%$ara%' AND $simdi - tarih < $altiay");
$kontrol = mysql_num_rows($kontrol_yap);
if($kontrol > 0){ // eskiden var m? kontrol
echo "<center>Domain has been defaced during last year:$site ";
} else { // Eskiden yoksa
///site a? veya yanl?? adresi g?ster ////
$crl = curl_init();
curl_setopt($crl, CURLOPT_TIMEOUT, "30");
curl_setopt($crl, CURLOPT_URL, "$site");
curl_setopt($crl, CURLOPT_HEADER, 0);
curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
$icerik = addslashes(curl_exec($crl));
curl_close($crl);
$domain=substr($site,7);
$pos=strpos($domain,'/');
if($pos)$domain=substr($domain,0,$pos);
$domain='http://'.$domain;
$ip=gethostbyname(substr($domain,7));
$os='Other';
$app='Other';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $domain);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_NOBODY, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$header = curl_exec($curl);
curl_close($curl);
if(preg_match('/Server: (?P<server>(?:(?![\n]).)+)/',$header,$match)){
if (stripos($match['server'],'debian')!==false){
$os='Linux';
}elseif (stripos($match['server'],'ubuntu')!==false){
$os='Linux';
}elseif (stripos($match['server'],'centos')!==false){
$os='Linux';
}elseif (stripos($match['server'],'redhat')!==false){
$os='Linux';
}elseif (stripos($match['server'],'win')!==false){
$os='Windows';
}
if (stripos($match['server'],'apache')!==false){
$app='Apache';
if ($os=='Other')$os='Linux';
}elseif (stripos($match['server'],'iis')!==false){
$app='IIS';
if ($os=='Other')$os='Windows';
}elseif (stripos($match['server'],'nginx')!==false){
$app='Nginx';
if ($os=='Other')$os='Linux';
}elseif (stripos($match['server'],'lighthttpd')!==false){
$app='LightHTTPd';
if ($os=='Other')$os='Linux';
}elseif (stripos($match['server'],'Litespeed')!==false){
$app='Litespeed';
if ($os=='Other')$os='Linux';
}
}
if ($icerik == "") echo '<center>Domain format is invalid.</center>';
else {
/// EKLEME ////
$tarih = time();
$hacker = addslashes($hacker);
$ekle = @mysql_query("INSERT INTO kayitlar (id, hacker, url,ip,os,app, icerik, tarih, onay, tur)
VALUES('', '$hacker', '$orta','$ip','$os','$app', '$icerik', '$tarih', '0','0') ");
$kayit_bak = mysql_query("SELECT * FROM hackerlar WHERE hacker = '$hacker'");
$kayit_sayisi = mysql_num_rows($kayit_bak);
if ($kayit_sayisi > 0){ // daha ?nce kay?d? varsa
$ekle2 = mysql_query("UPDATE hackerlar SET onaysiz = onaysiz + 1, deface = deface + 1 WHERE hacker = '$hacker'");
} else { // daha ?nce kay?d? yoksa
$ekle2 = mysql_query("INSERT INTO hackerlar (id, hacker, onaysiz, onayli, deface) VALUES('', '$hacker', '1', '0', '1') ");
} // daha ?nce kay?t kontrol kapa
if ($ekle && $ekle2){
echo "<left>ok";
} else {
echo "<left>ok";
} // ekle kontrol
} // Adres do?rulu?u kontrol
} // Eskiden var m? kontrol
} // empty kontrol
}
}
}
?>
البته کد سمت سرور رو مطمئن نیستم درست کار کنه چون توضیحات و اسامی متغیرها و... به زبان آدمیزاد نبود! خداییش این چه زبانیه؟ درهرحال ایده اصلی اینه که توی فرم مقصد الآن یک آرایه sites$ دارین که باید با foreach اون رو پیمایش کنید و یکی یکی سایتها رو با INSERT توی دیتابیس ذخیره کنید یا اگه قبلاً باشه با UPDATE تعداد هک شدنهاش رو یکی افزایش بدین.
موفق باشید.