enwikipedia-acc /
waca
@@ -7,43 +7,43 @@ |
||
| 7 | 7 | ******************************************************************************/ |
| 8 | 8 | |
| 9 | 9 | $toolList = array( |
| 10 | - 'tparis-pcount' => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia', |
|
| 11 | - 'luxo-contributions' => '//tools.wmflabs.org/quentinv57-tools/tools/globalcontribs.php?username=%DATA%', |
|
| 12 | - 'guc' => '//tools.wmflabs.org/guc/?user=%DATA%', |
|
| 13 | - 'oq-whois' => 'https://whois.domaintools.com/%DATA%', |
|
| 10 | + 'tparis-pcount' => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia', |
|
| 11 | + 'luxo-contributions' => '//tools.wmflabs.org/quentinv57-tools/tools/globalcontribs.php?username=%DATA%', |
|
| 12 | + 'guc' => '//tools.wmflabs.org/guc/?user=%DATA%', |
|
| 13 | + 'oq-whois' => 'https://whois.domaintools.com/%DATA%', |
|
| 14 | 14 | 'tl-whois' => 'https://tools.wmflabs.org/whois/gateway.py?lookup=true&ip=%DATA%', |
| 15 | - 'sulutil' => '//tools.wmflabs.org/quentinv57-tools/tools/sulinfo.php?showinactivity=1&showblocks=1&username=%DATA%', |
|
| 16 | - 'google' => 'https://www.google.com/search?q=%DATA%', |
|
| 17 | - 'domain' => 'http://%DATA%/', |
|
| 15 | + 'sulutil' => '//tools.wmflabs.org/quentinv57-tools/tools/sulinfo.php?showinactivity=1&showblocks=1&username=%DATA%', |
|
| 16 | + 'google' => 'https://www.google.com/search?q=%DATA%', |
|
| 17 | + 'domain' => 'http://%DATA%/', |
|
| 18 | 18 | ); |
| 19 | 19 | |
| 20 | 20 | if (!isset($_GET['tool']) |
| 21 | - || !isset($toolList[$_GET['tool']]) |
|
| 22 | - || !isset($_GET['data']) |
|
| 21 | + || !isset($toolList[$_GET['tool']]) |
|
| 22 | + || !isset($_GET['data']) |
|
| 23 | 23 | ) { |
| 24 | - header("HTTP/1.1 403 Forbidden"); |
|
| 24 | + header("HTTP/1.1 403 Forbidden"); |
|
| 25 | 25 | |
| 26 | - return; |
|
| 26 | + return; |
|
| 27 | 27 | } |
| 28 | 28 | |
| 29 | 29 | if (isset($_GET['round2'])) { |
| 30 | - $data = $_GET['data']; |
|
| 31 | - $tool = $_GET['tool']; |
|
| 30 | + $data = $_GET['data']; |
|
| 31 | + $tool = $_GET['tool']; |
|
| 32 | 32 | |
| 33 | - if ($tool === 'domain') { |
|
| 34 | - // quick security check - if you want to exploit something, you better be sure your exploit resolves via dns. |
|
| 35 | - // this is not intended to catch everything, just as a quick sanity check. |
|
| 36 | - if (gethostbyname($data) == $data) { |
|
| 37 | - echo 'Error resolving hostname, it doesn\'t look like this domain exists.'; |
|
| 38 | - die(); |
|
| 39 | - } |
|
| 40 | - } |
|
| 41 | - else { |
|
| 42 | - $data = htmlentities($data, ENT_COMPAT, 'UTF-8'); |
|
| 43 | - } |
|
| 33 | + if ($tool === 'domain') { |
|
| 34 | + // quick security check - if you want to exploit something, you better be sure your exploit resolves via dns. |
|
| 35 | + // this is not intended to catch everything, just as a quick sanity check. |
|
| 36 | + if (gethostbyname($data) == $data) { |
|
| 37 | + echo 'Error resolving hostname, it doesn\'t look like this domain exists.'; |
|
| 38 | + die(); |
|
| 39 | + } |
|
| 40 | + } |
|
| 41 | + else { |
|
| 42 | + $data = htmlentities($data, ENT_COMPAT, 'UTF-8'); |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - echo '<script>window.location.href="' . str_replace("%DATA%", $data, $toolList[$tool]) . '"</script>'; |
|
| 45 | + echo '<script>window.location.href="' . str_replace("%DATA%", $data, $toolList[$tool]) . '"</script>'; |
|
| 46 | 46 | } |
| 47 | 47 | else { |
| 48 | - header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true"); |
|
| 48 | + header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true"); |
|
| 49 | 49 | } |
