Would someone please help me write this code?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Locked
TheGhostYouAre
Forum Newbie
Posts: 4
Joined: Sun Jan 01, 2006 3:20 am

Would someone please help me write this code?

Post by TheGhostYouAre »

I play this php game called Cyber-Wars and in the chat you CANNOT do html unless you are an admin. I can do php though. I was challenged by another player to repeat his code which I can post in html if you would like but I need it in php or source code. Im not too bright on any of the stuff so please explain like I am dumb... and if you can tell me the entire code i need that would be great. Here is also a screenshot of what he did. It is the thing where TheMastah is asking the question with the 3 options. Please Help me learn this.

Image

Here is what i found in View Source when I tried to figure it out:

<form>
<legend>Are you gay
lordship

?</legend>
HELL YEA<INPUT TYPE="radio" NAME="radio" value="I thought so! ?"
onClick="alert(value)">

Yes..<INPUT TYPE="radio" NAME="radio" value=":O" onClick=alert(value)">
HELL NO!
<INPUT TYPE="radio" NAME="radio" value="Then who was it last night?"
onClick="alert(value)">
</form>
LazyJones
Forum Newbie
Posts: 5
Joined: Tue Dec 27, 2005 8:56 pm

Post by LazyJones »

??

Code: Select all

<?php
echo <<<END
<form>
<legend>Are you gaylordship?</legend>
HELL YEA<INPUT TYPE="radio" NAME="radio" value="I thought so! ?"
onClick="alert(value)">
Yes..<INPUT TYPE="radio" NAME="radio" value=":O" onClick=alert(value)">
HELL NO!
<INPUT TYPE="radio" NAME="radio" value="Then who was it last night?"
onClick="alert(value)">
</form>
END;
?>
8)
TheGhostYouAre
Forum Newbie
Posts: 4
Joined: Sun Jan 01, 2006 3:20 am

Post by TheGhostYouAre »

its gotta be something short... he did it mighty fast... and im pretty sure it cant have < or > in it
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

the output as long as its html or any other web language will be displayed with < and > in it. it is what the tags use to show when one starts and when one ends.

if you are wanted to write the code that generates the html, then thats a different story.
DeprecatedDiva
Forum Newbie
Posts: 24
Joined: Wed Aug 03, 2005 10:47 am
Location: NW Louisiana

Post by DeprecatedDiva »

mickd wrote:the output as long as its html or any other web language will be displayed with < and > in it. it is what the tags use to show when one starts and when one ends.

if you are wanted to write the code that generates the html, then thats a different story.
Could he have used < and > ?

One more thought, he may have it saved off as a code snippet.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

DeprecatedDiva wrote:Could he have used < and > ?

One more thought, he may have it saved off as a code snippet.
if you just output HTML with all < and > replaced with the corresponding < >, the client will only see the code not parsed.

for example if you wrote this into a html page:

Code: Select all

<html>
<body>
Test Document
</body>
</html>
it would display something like this:

Code: Select all

<html><body>Test Document</body></html>
not

Code: Select all

Test Document
as it would if you had

Code: Select all

<html>
<body>
Test Document
</body>
</html>
if you wanted it to display having < and > you would have to put the html in the buffer by turning off output buffering, use php or another language to convert all < and > to < and > then flush the buffer. but then itll look the same as if you didnt in the first place.
TheGhostYouAre
Forum Newbie
Posts: 4
Joined: Sun Jan 01, 2006 3:20 am

Post by TheGhostYouAre »

I tried what you said:
LazyJones wrote:??

Code: Select all

<?php
echo <<<END
<form>
<legend>Are you gaylordship?</legend>
HELL YEA<INPUT TYPE="radio" NAME="radio" value="I thought so! ?"
onClick="alert(value)">
Yes..<INPUT TYPE="radio" NAME="radio" value=":O" onClick=alert(value)">
HELL NO!
<INPUT TYPE="radio" NAME="radio" value="Then who was it last night?"
onClick="alert(value)">
</form>
END;
?>
8)

Didnt work.


using the enter button isnt an option in this chat.. unless you are submitting your reply...its completely php based. the chat refreshes every 5 seconds. its not a normal chat. he made the poll code like it was something really obscure.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Would someone please help me write this code?

Post by Roja »

TheGhostYouAre wrote:I play this php game called Cyber-Wars and in the chat you CANNOT do html unless you are an admin. I can do php though.
To restate this, you want us to help you get around (exploit) the controls on the chat to do something you aren't supposed to do.

Thats illegal, and a bad idea.
TheGhostYouAre wrote:I was challenged by another player to repeat his code which I can post in html if you would like but I need it in php or source code.
You've failed his challenge, so move on.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

XSS exploit heaven if you can find way to do that kind of thing.....

It's illegal.

Are you sure the chat doesn't have some sort of BBCode support (or equivalent) ? That would also explain the speed at which it was done.
TheGhostYouAre
Forum Newbie
Posts: 4
Joined: Sun Jan 01, 2006 3:20 am

Post by TheGhostYouAre »

Its nothing illegal, the guy who asked me to try it is an Admin. What he did, he did in PHP.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

TheGhostYouAre wrote:Its nothing illegal, the guy who asked me to try it is an Admin. What he did, he did in PHP. Your assumptions are wrong.
OK. You can't do it on the client side like that. PHP is a server-side language, it won't process at your end.

Even if you sent PHP code to the server the only way it would be executed is if the developer who wrote the application has made some very bad mistake and left it possible to eval() the code or save it to a .php file for execution.

If you can't send < and > then you wont do it with HTML neither.... I think you may have accepted a challenge you simply cannot complete.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

TheGhostYouAre wrote:Its nothing illegal, the guy who asked me to try it is an Admin. What he did, he did in PHP.
Yes, it is illegal.

Even if I own a site, I cannot grant permission to attack my site *across the internet*. Doing so means you are utilizing other networks which neither you nor I have permission to use to launch attacks.

Now, if I gave you *local* access to the machine in question, and gave you permission, that might be a different story, depending on your local laws.

But as it is, it is illegal. Further, the admin at that site was not aware of this thread or any request for you to attempt said attacks, and is now.

Finally, it doesn't matter - the chat system there does NOT accept php. It accepts a variant of BBCode, but only from approved users (admins), which then gets converted into html.

The challenge cannot be done. Stop asking for help with attacking a server, across state lines, that you don't own, and that you don't have the knowledge to accomplish yourself.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I don't see any reason for this thread to continue..
We do not endorse any illegal activity.
Locked