So, I'm setting up a ShareX Custom Uploader to my web, the code is OK I think, but when I test it, it keeps giving me this error:
URL: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("07462472b6c654d32fb49d6a71d6e992");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://example.com/up.php?secret=0zBe!corfnnf2T7rwk&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>
I know it has something to do with a Byet security thing (https://kyprizel.github.io/testcookie-nginx-module/). I just need to find a cookie and write it on the code, the thing is that I don't know how can I write that cookie in there, please help, here's my code:
<?php
$secret_key = "secretkeyiwontgive";
$sharexdir = "/";
$domain_url = 'https://example.com/';
$lengthofstring = 4;
function RandomString($length) {
$keys = array_merge(range(0,9), range('a', 'z'));
$key = '';
for($i=0; $i < $length; $i++) {
$key .= $keys[mt_rand(0, count($keys) - 1)];
}
return $key;
}
if(isset($_POST['secret']))
{
if($_POST['secret'] == $secret_key)
{
$filename = RandomString($lengthofstring);
$target_file = $_FILES["sharex"]["name"];
$fileType = pathinfo($target_file, PATHINFO_EXTENSION);
if (move_uploaded_file($_FILES["sharex"]["tmp_name"], $sharexdir.$filename.'.'.$fileType))
{
echo $domain_url.$sharexdir.$filename.'.'.$fileType;
}
else
{
echo 'File upload failed - CHMOD/Folder doesn\'t exist?';
}
}
else
{
echo 'Invalid Secret Key';
}
}
else
{
echo 'No post data recieved';
}
?>
Thank you.
Aucun commentaire:
Enregistrer un commentaire