oxeo0/darknet-lantern
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/darknet-lantern.git synced 2025-05-16 12:16:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

made sure you couldnt get php payloads to work via csv files

Browse source
This commit is contained in:
root 2025-01-25 10:33:26 +01:00
parent 91af49035e
commit e76297de64
4 changed files with 67 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

96
www/header.php
View file

@ -9,6 +9,16 @@ if (($handle = fopen($csvfile, "r")) !== FALSE) {
$oldcatname="";
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
//PREVENT ALL MALICIOUS PHP PAYLOADS FROM BEING EXECUTED FROM CSV FILES!
$data[0]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[0]);
$data[1]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[1]);
$data[2]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[2]);
$data[3]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[3]);
$data[4]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[4]);
$data[5]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[5]);
$data[6]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[6]);
$data[7]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[7]);
$row++;
$num = count($data);
//echo "<p>" . $data[1] . "</p>";
@ -110,6 +120,17 @@ if (($handle = fopen($csvfile, "r")) !== FALSE) {
if ( $row == "2") {
echo "<p> | ";
}else{
//PREVENT ALL MALICIOUS PHP PAYLOADS FROM BEING EXECUTED FROM CSV FILES!
$data[0]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[0]);
$data[1]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[1]);
$data[2]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[2]);
$data[3]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[3]);
$data[4]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[4]);
$data[5]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[5]);
$data[6]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[6]);
$data[7]=preg_replace("/[^a-zA-Z0-9:\/.\ ]/", "", $data[7]);
if (str_contains(strtolower($data[3]), strtolower($query)) or str_contains(strtolower($data[2]), strtolower($query)) or str_contains(strtolower($data[1]), strtolower($query))) {
$resultcount++;
for ($c=0; $c < $num; $c++) { // iterate over each row
@ -134,80 +155,6 @@ if (($handle = fopen($csvfile, "r")) !== FALSE) {
}
}
function DisplayCSV($csvfile) {
$row = 1;
echo "<center><table>\n\n"; //begin html table formatting
if (($handle = fopen($csvfile, "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$num = count($data);
//echo "<p>" . $data[1] . "</p>";
//echo "<p> $num fields in line $row: <br /></p>\n";
$row++;
//echo $row;
if ( $row == "2") {
echo "<tr><td>Name</td> <td>Score</td> <td></td></tr>";
}else{
for ($c=0; $c < $num; $c++) {
echo "<tr>"; // beging html table row
// if the row is the first one (name url status score) only display (Name Status Score):
// display the contents of a csv row
if ( $c == "1" ){
echo "<td>" . '<a href="'; // begin the table cell and a href
echo $data[$c] . '">'; // display the link
echo $data[0] . "</a></td><td>"; // display the link title and close the a href and first cell, open the second cell
echo $data[3] . "</td><td>"; // display the status and close the second cell, open the third cell
echo $data[2] . "</td> \n"; // display the score and close the third cell
}
//if ($c == 2){
//}
}
}
echo "</tr>"; // end html table row
}
echo "\n</table></center>";
fclose($handle);
}
}
function DisplayCSVold($csvfile) {
echo "<center><table>\n\n";
// Open a file
$file = fopen($csvfile, "r");
// Fetching data from csv file row by row
while (($data = fgetcsv($file)) !== false) {
// HTML tag for placing in row format
echo "<tr>";
foreach ($data as $i) {
echo "<td>" . htmlspecialchars($i)
. "</td>";
}
echo "</tr> \n";
}
// Closing the file
fclose($file);
echo "\n</table></center>";
}
?>
<?php
$min_length = 1;
$max_length = 32;
$instance= $_SERVER['SERVER_NAME'];
@ -228,4 +175,3 @@ echo "<center><table>\n\n";
<p><u>Update Frequency:</u> every 3 hours</p> </br>
<!--<img src="img/logo-large.png">-->