Results 1 to 6 of 6

Thread: Assistance with code to 'show all'

  1. #1
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Assistance with code to 'show all'

    I'm not the most experienced web programmer, to say the least. I'd like to create a simple, quick and dirty page that will display all info coming from the client browser, including form field entries. Is there a PHP function that'll do this for me?

    The purpose is two fold:
    #1 to display what information a browser shares with the servers it hits, as an educational tool

    #2 to display the proof of concept for the recent OWA Vulnerability that Tiger_Shark posted
    (I'd like to redirect the data entered to my clients OWA site to a page that will give up those credentials)

    Anyone willing to help a poor unix geek out here? I'm serious, this is simple output only. No formatting, nothing special needed. A plain text dump of all data from the browser would be fine...hell, this is probably a built in function of Apache/PHP or something, I just don't know enough about it.

    I've googled and searched AO and the PHP sites, but the answers aren't coming quick enough. I'm sure I'll have the answer in a few days, but I need to present the vulnerability today, and this PoC would help.

    I need to do something with HTTP_HEADERS, right? AGENT_HEADERS?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Something like this? http://avanttechnologies.com/checker.php
    Sorry about the sloppy code... It has all the functions you can think of in it, though.

    The txt file attached is the code for it (AO doesn't take php attachments, so you might want to rename it).


  3. #3
    http://us3.php.net/reserved.variables

    PHP Code:
    <?php

    $whatever 
    $_SERVER['HTTP_USER_AGENT'];

    echo 
    $whatever;
    ?&
    gt
    And there's your browser. Plug in values from the link to get different info.

    or this:
    http://us3.php.net/getenv

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Thank you! That's 90% of what I need. And I can make PHP give up whatever fields it can with some echo $userid and such.

    Much appreciated!!! I *KNEW* there was a simple answer to this!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    There's also the built-in GetAllHeaders() function, but if I'm correct it doesn't work on Windows servers, and only works if PHP is installed as an Apace plug-in...

    PHP Code:
    $headers GetAllHeaders();
    foreach(
    $headers as $header=>$value)
        echo 
    "$header$value<br>\n"
    Gives you this result: http://www.avanttechnologies.com/test.php

  6. #6
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    PHP Code:
    <?php
    $arr 
    get_defined_vars();
    print 
    "<html>\n<body>\n<pre>\n";
    print_r($arr);
    print 
    "\n</pre>\n</body>\n</html>";
    ?&
    gt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •