-
February 15th, 2005, 05:36 PM
#1
Assistance with code to 'show all'
I'm not the most experienced web programmer, to say the least. I'd like to create a simple, quick and dirty page that will display all info coming from the client browser, including form field entries. Is there a PHP function that'll do this for me?
The purpose is two fold:
#1 to display what information a browser shares with the servers it hits, as an educational tool
#2 to display the proof of concept for the recent OWA Vulnerability that Tiger_Shark posted
(I'd like to redirect the data entered to my clients OWA site to a page that will give up those credentials)
Anyone willing to help a poor unix geek out here? I'm serious, this is simple output only. No formatting, nothing special needed. A plain text dump of all data from the browser would be fine...hell, this is probably a built in function of Apache/PHP or something, I just don't know enough about it.
I've googled and searched AO and the PHP sites, but the answers aren't coming quick enough. I'm sure I'll have the answer in a few days, but I need to present the vulnerability today, and this PoC would help.
I need to do something with HTTP_HEADERS, right? AGENT_HEADERS?
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 15th, 2005, 05:49 PM
#2
Something like this? http://avanttechnologies.com/checker.php
Sorry about the sloppy code... It has all the functions you can think of in it, though.
The txt file attached is the code for it (AO doesn't take php attachments, so you might want to rename it).
-
February 15th, 2005, 06:13 PM
#3
http://us3.php.net/reserved.variables
PHP Code:
<?php
$whatever = $_SERVER['HTTP_USER_AGENT'];
echo $whatever;
?>
And there's your browser. Plug in values from the link to get different info.
or this:
http://us3.php.net/getenv
-
February 15th, 2005, 06:16 PM
#4
Thank you! That's 90% of what I need. And I can make PHP give up whatever fields it can with some echo $userid and such.
Much appreciated!!! I *KNEW* there was a simple answer to this!
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 15th, 2005, 06:39 PM
#5
There's also the built-in GetAllHeaders() function, but if I'm correct it doesn't work on Windows servers, and only works if PHP is installed as an Apace plug-in...
PHP Code:
$headers = GetAllHeaders();
foreach($headers as $header=>$value)
echo "$header: $value<br>\n";
Gives you this result: http://www.avanttechnologies.com/test.php
-
February 24th, 2005, 02:30 AM
#6
PHP Code:
<?php
$arr = get_defined_vars();
print "<html>\n<body>\n<pre>\n";
print_r($arr);
print "\n</pre>\n</body>\n</html>";
?>
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|