rayepeng · October 25, 2022 01:46
diff --git a/haas 源码.php b/haas 源码.php
 <?php
    if(isset($_GET['debug'])){
        highlight_file(__FILE__);
        exit();
    }
 ?>
 <html>
    <head>
        <title>HAAS</title>
        <link rel="stylesheet" href="assets/index.css">
    </head>
    <body>
        <center>
        <div class="wrapper fadeInDown">
        <div id="formContent">
            <h2 class="active"> Hashing As A Service - HAAS </h2>
            <form action="" method="POST">
            <input type="text" class="fadeIn second" name="name" placeholder="Name">
            <input type="text" class="fadeIn third" name="age" placeholder="Age">
            <input type="text" class="fadeIn fourth" name="place" placeholder="Place">
            <input type="submit" class="fadeIn fifth" value="Submit">
            </form>
 <?php
 ini_set('display_errors',1);
 ini_set('display_startup_errors',1);
 error_reporting(-1);
    include "secret.php";
    $dir = 'sandbox/' . $_SERVER['REMOTE_ADDR'];
    if (!file_exists($dir)){
        mkdir($dir);
    }
    chdir($dir);

    if(isset($_POST['name']) && ($_POST['name'] != '') &&
       isset($_POST['age']) && ($_POST['age'] != '') &&
       isset($_POST['place']) && ($_POST['place'] != '')){

        $name=$_POST['name'];
        $age=$_POST['age'];
        $place=$_POST['place'];

        if(custom_filter($name)===false || custom_filter($age)===false || custom_filter($place)===false){
            echo "<script>alert('NOPE!');</script>";
            exit();
        }

        $fname="details.txt";
        $txt="name: {$name}";
        $txt.="\nage: {$age}";
        $txt.="\nplace: {$place}";

        $f=fopen($fname, "w");
        fwrite($f,$txt);
        fclose($f);

        $arr=secret_sauce_function($fname);

        $locations=array();
        $length=strlen($secret);
        $output=$secret;
        $positions=range(0,$length);
        shuffle($positions);
        $places=5;
        for ($i=0;$i<$places;$i++){
            array_push($locations,$positions[$i]);
        }

        for($i=0;$i<sizeof($locations);$i++){
            $location=$locations[$i];
            $count=0;
            while($count==0){
                $new_val=rand(0,1);
                if($new_val==1){
                    $count+=1;
                    $output=substr($output,0,$location).$arr['name'].substr($output,$location);
                }
                $new_val=rand(0,1);
                if($new_val==1){
                    $count+=1;
                    $output=substr($output,0,$location).$arr['age'].substr($output,$location);
                }
                $new_val=rand(0,1);
                if($new_val==1){
                    $count+=1;
                    $output=substr($output,0,$location).$arr['place'].substr($output,$location);
                }
            }
        }
        $hash=hash('sha256',$output);
        $cmd="echo -n ${hash} > hash.txt";
        shell_exec($cmd);
        $show='<div id="formFooter">'.$hash.'</div>';
        echo $show;
    }
 ?>
        </div>
        </div>
    </body>
 </html>
	<?php
	if(isset($_GET['debug'])){
	highlight_file(__FILE__);
	exit();
	}
	?>
	<html>
	<head>
	<title>HAAS</title>
	<link rel="stylesheet" href="assets/index.css">
	</head>
	<body>
	<center>
	<div class="wrapper fadeInDown">
	<div id="formContent">
	<h2 class="active"> Hashing As A Service - HAAS </h2>
	<form action="" method="POST">
	<input type="text" class="fadeIn second" name="name" placeholder="Name">
	<input type="text" class="fadeIn third" name="age" placeholder="Age">
	<input type="text" class="fadeIn fourth" name="place" placeholder="Place">
	<input type="submit" class="fadeIn fifth" value="Submit">
	</form>
	<?php
	ini_set('display_errors',1);
	ini_set('display_startup_errors',1);
	error_reporting(-1);
	include "secret.php";
	$dir = 'sandbox/' . $_SERVER['REMOTE_ADDR'];
	if (!file_exists($dir)){
	mkdir($dir);
	}
	chdir($dir);

	if(isset($_POST['name']) && ($_POST['name'] != '') &&
	isset($_POST['age']) && ($_POST['age'] != '') &&
	isset($_POST['place']) && ($_POST['place'] != '')){

	$name=$_POST['name'];
	$age=$_POST['age'];
	$place=$_POST['place'];

	if(custom_filter($name)===false \|\| custom_filter($age)===false \|\| custom_filter($place)===false){
	echo "<script>alert('NOPE!');</script>";
	exit();
	}

	$fname="details.txt";
	$txt="name: {$name}";
	$txt.="\nage: {$age}";
	$txt.="\nplace: {$place}";

	$f=fopen($fname, "w");
	fwrite($f,$txt);
	fclose($f);

	$arr=secret_sauce_function($fname);

	$locations=array();
	$length=strlen($secret);
	$output=$secret;
	$positions=range(0,$length);
	shuffle($positions);
	$places=5;
	for ($i=0;$i<$places;$i++){
	array_push($locations,$positions[$i]);
	}

	for($i=0;$i<sizeof($locations);$i++){
	$location=$locations[$i];
	$count=0;
	while($count==0){
	$new_val=rand(0,1);
	if($new_val==1){
	$count+=1;
	$output=substr($output,0,$location).$arr['name'].substr($output,$location);
	}
	$new_val=rand(0,1);
	if($new_val==1){
	$count+=1;
	$output=substr($output,0,$location).$arr['age'].substr($output,$location);
	}
	$new_val=rand(0,1);
	if($new_val==1){
	$count+=1;
	$output=substr($output,0,$location).$arr['place'].substr($output,$location);
	}
	}
	}
	$hash=hash('sha256',$output);
	$cmd="echo -n ${hash} > hash.txt";
	shell_exec($cmd);
	$show='<div id="formFooter">'.$hash.'</div>';
	echo $show;
	}
	?>
	</div>
	</div>
	</body>
	</html>