Advisory #: 108
Title: Multiple vulnerabilities in Ice Cold Apps Servers Ulitmate Version 6.0.2(12) for Android
Author: Larry W. Cashdollar, @_larry0
Date: 2013-09-08
CVE-ID:[CVE-2013-7465]
CWE:
Download Site: http://www.amazon.com/Ice-Cold-Apps-Servers-Ultimate/dp/B00E00C44G/ref=sr_1_1?s=mobile-apps&ie=UTF8&qid=1378688647
Vendor: Ice Cold Apps
Vendor Notified: 2013-09-08
Vendor Contact:
Advisory: http://www.vapid.dhs.org/advisories/ultimate-server-android-vulns.html
Description: **Run over 60 servers with over 70 protocols!** Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, DDNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, FTPES, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SIP, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Time, Trigger, Unison, UPnP Port Mapper, VNC, VPN, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server! Start a server easily on the 'Simple' tab or go advanced and add users, allowed IP's, rules and more! Multiple servers can be run at the same time! No root needed, exceptions mentioned below. **Over 16 network tools!** Trial: This app will work for 14 days after which you will need to buy the paid version. You can also only add two servers in this app. Unfortunately we need to do this to support development. **Remote control support!** Server limitations: - Port Forwarder: root needed. - VNC Server: root needed and doesn’t work on most devices. - Samba Server: won’t work on Windows. - CVS, UPnP, Email, PHP, Lighttpd, MySQL, Rsync, VNC Server: only one server of this type can run at the same time. - ARM based: PHP, Lighttpd, MySQL, CVS, Rsync, VNC, SSH command line, Port forward, MySQL monitor, Traceroute **Includes a PHP Server!** Note: - The permission for receiving and sending SMS are for the optional SMS Gateway Server. **Light or dark Holo theme!** A few general features: - Encryption for settings and password login support! - Tasker and Llama support! - Start / Stop servers automatically using WIFI / SMS / call / power or cronjob rules! Or use the 'Trigger Server' for more! - Set a port, network interface to listen on, backlog, logging (to file), etc. And if rooted set a port below 1024. - Widget support! - A lot more! **Change your device to a NAS Server, dedicated server and/or honeypot! Network tools: - Remote Control Client - Simple shtaccess editor - Connectability - IP Calculator (IPv4 / IPv6) - Port Scanner - MySQL Monitor - Whois - Raw socket (TCP / UDP) - Command line - Ping - Network speed - HTTP Headers - Wake On LAN (WOL) - Lookup (DNS, IP, Host, Mac to Vendor) - Traceroute - UPnP Port Mapper Servers: - CVS Server - DC Hub Server (Direct Connect Hub) - DHCP Server - DHCP Proxy Server - DHCP Relay Server - UPnP Server - DNS Server - DNSMasq Server - Dynamic DNS Updater: DDNS services ChangeIP, DNSdynamic, DNSexit, DNSMadeEasy, DNS-O-Matic, DNSPark, DtDNS, DynDNS, easyDNS, eNom, Namecheap, No-IP, ZoneEdit, etc - eDonkey Server - Email Server: POP3, SMTP - FTP Proxy Server - FTP Server - FTP Root Server - FTPS Server - FTPES Server - Flash Policy Server - Git Server - Gopher Server - HTTP Proxy Server - HTTP Snoop Server - ICAP Server - IRC Bot - IRC Server - ISCSI Server - Icecast Server - Load Balancer Server - LPD Server (Printer Server) - MQTT Server - Memcached Server - MongoDB Server - Multicast DNS Server (Bonjour) - MySQL Server - NFS Server - NTP Server - NZB Downloader Client - Napster Server - PHP Server and Lighttpd Server (optional PHPMyAdmin, PHPFileManager, etc) - Port Forwarder - Proxy Server - PXE Server (Network Boot) - Remote Control App Server - Rsync Server - RTMP Server - RTMP Proxy Server - SIP Server - SMB / CIFS Server (Samba) - SMPP Server - SMS Gateway - SOCKS Server - SSH Server - SCP Server - Server Monitor - SFTP Server - Stomp Server - Styx Server - Syslog Server - TFTP Server - Telnet Server - Test Server: Echo, Discard, CHARGEN, QOTD - Time Server - Trigger Server - Unison Server - UPnP Port Mapper - VNC Server - VPN Server - Wake On LAN clien Visit us on: http://www.icecoldapps.com/ Follow us on Twitter: https://twitter.com/IceColdApps Like us on Facebook: http://www.facebook.com/IceColdApps
Vulnerability:
There are no credentials by default, authentication is disabled for telnet/ssh/ftp allowing remote access to the device's storage. PHP can be uploaded to the webserver and executed. ftp server allows writes to lighttp/php* directory. telnet default authentication turned off. ssh server default authentication turned off. Anonymous SOCKS proxy & http/ftp proxy. SSHD larry$ ssh 192.168.0.29 -p 2222 $ id uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $ uptime up time: 19:42:02, idle time: 18:47:19, sleep time: 00:00:00 $ Telnet larry$ telnet 192.168.0.29 2323 Trying 192.168.0.29... Connected to 192.168.0.29. Escape character is '^]'. Welcome to tel! Please enter some text to test the connection and hit enter: $ $ id $ id uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $ lighttpd / PHP server Here is the phpinfo() info output Because of the sandboxing eval(),system(),pass_thru() won't work. php has the following functions available: Via <?php $arr = get_defined_functions(); echo "<pre>"; print_r($arr); echo "</pre>"; ?> Returned the following: Array ( [internal] => Array ( [0] => zend_version [1] => func_num_args [2] => func_get_arg [3] => func_get_args [4] => strlen [5] => strcmp [6] => strncmp [7] => strcasecmp [8] => strncasecmp [9] => each [10] => error_reporting [11] => define [12] => defined [13] => get_class [14] => get_called_class [15] => get_parent_class [16] => method_exists [17] => property_exists [18] => class_exists [19] => interface_exists [20] => trait_exists [21] => function_exists [22] => class_alias [23] => get_included_files [24] => get_required_files [25] => is_subclass_of [26] => is_a [27] => get_class_vars [28] => get_object_vars [29] => get_class_methods [30] => trigger_error [31] => user_error [32] => set_error_handler [33] => restore_error_handler [34] => set_exception_handler [35] => restore_exception_handler [36] => get_declared_classes [37] => get_declared_traits [38] => get_declared_interfaces [39] => get_defined_functions [40] => get_defined_vars [41] => create_function [42] => get_resource_type [43] => get_loaded_extensions [44] => extension_loaded [45] => get_extension_funcs [46] => get_defined_constants [47] => debug_backtrace [48] => debug_print_backtrace [49] => gc_collect_cycles [50] => gc_enabled [51] => gc_enable [52] => gc_disable [53] => strtotime [54] => date [55] => idate [56] => gmdate [57] => mktime [58] => gmmktime [59] => checkdate [60] => strftime [61] => gmstrftime [62] => time [63] => localtime [64] => getdate [65] => date_create [66] => date_create_from_format [67] => date_parse [68] => date_parse_from_format [69] => date_get_last_errors [70] => date_format [71] => date_modify [72] => date_add [73] => date_sub [74] => date_timezone_get [75] => date_timezone_set [76] => date_offset_get [77] => date_diff [78] => date_time_set [79] => date_date_set [80] => date_isodate_set [81] => date_timestamp_set [82] => date_timestamp_get [83] => timezone_open [84] => timezone_name_get [85] => timezone_name_from_abbr [86] => timezone_offset_get [87] => timezone_transitions_get [88] => timezone_location_get [89] => timezone_identifiers_list [90] => timezone_abbreviations_list [91] => timezone_version_get [92] => date_interval_create_from_date_string [93] => date_interval_format [94] => date_default_timezone_set [95] => date_default_timezone_get [96] => date_sunrise [97] => date_sunset [98] => date_sun_info [99] => ereg [100] => ereg_replace [101] => eregi [102] => eregi_replace [103] => split [104] => spliti [105] => sql_regcase [106] => libxml_set_streams_context [107] => libxml_use_internal_errors [108] => libxml_get_last_error [109] => libxml_clear_errors [110] => libxml_get_errors [111] => libxml_disable_entity_loader [112] => libxml_set_external_entity_loader [113] => preg_match [114] => preg_match_all [115] => preg_replace [116] => preg_replace_callback [117] => preg_filter [118] => preg_split [119] => preg_quote [120] => preg_grep [121] => preg_last_error [122] => readgzfile [123] => gzrewind [124] => gzclose [125] => gzeof [126] => gzgetc [127] => gzgets [128] => gzgetss [129] => gzread [130] => gzopen [131] => gzpassthru [132] => gzseek [133] => gztell [134] => gzwrite [135] => gzputs [136] => gzfile [137] => gzcompress [138] => gzuncompress [139] => gzdeflate [140] => gzinflate [141] => gzencode [142] => gzdecode [143] => zlib_encode [144] => zlib_decode [145] => zlib_get_coding_type [146] => ob_gzhandler [147] => ctype_alnum [148] => ctype_alpha [149] => ctype_cntrl [150] => ctype_digit [151] => ctype_lower [152] => ctype_graph [153] => ctype_print [154] => ctype_punct [155] => ctype_space [156] => ctype_upper [157] => ctype_xdigit [158] => curl_init [159] => curl_copy_handle [160] => curl_version [161] => curl_setopt [162] => curl_setopt_array [163] => curl_exec [164] => curl_getinfo [165] => curl_error [166] => curl_errno [167] => curl_close [168] => curl_multi_init [169] => curl_multi_add_handle [170] => curl_multi_remove_handle [171] => curl_multi_select [172] => curl_multi_exec [173] => curl_multi_getcontent [174] => curl_multi_info_read [175] => curl_multi_close [176] => dom_import_simplexml [177] => finfo_open [178] => finfo_close [179] => finfo_set_flags [180] => finfo_file [181] => finfo_buffer [182] => mime_content_type [183] => filter_input [184] => filter_var [185] => filter_input_array [186] => filter_var_array [187] => filter_list [188] => filter_has_var [189] => filter_id [190] => ftp_connect [191] => ftp_login [192] => ftp_pwd [193] => ftp_cdup [194] => ftp_chdir [195] => ftp_exec [196] => ftp_raw [197] => ftp_mkdir [198] => ftp_rmdir [199] => ftp_chmod [200] => ftp_alloc [201] => ftp_nlist [202] => ftp_rawlist [203] => ftp_systype [204] => ftp_pasv [205] => ftp_get [206] => ftp_fget [207] => ftp_put [208] => ftp_fput [209] => ftp_size [210] => ftp_mdtm [211] => ftp_rename [212] => ftp_delete [213] => ftp_site [214] => ftp_close [215] => ftp_set_option [216] => ftp_get_option [217] => ftp_nb_fget [218] => ftp_nb_get [219] => ftp_nb_continue [220] => ftp_nb_put [221] => ftp_nb_fput [222] => ftp_quit [223] => gd_info [224] => imagearc [225] => imageellipse [226] => imagechar [227] => imagecharup [228] => imagecolorat [229] => imagecolorallocate [230] => imagepalettecopy [231] => imagecreatefromstring [232] => imagecolorclosest [233] => imagecolorclosesthwb [234] => imagecolordeallocate [235] => imagecolorresolve [236] => imagecolorexact [237] => imagecolorset [238] => imagecolortransparent [239] => imagecolorstotal [240] => imagecolorsforindex [241] => imagecopy [242] => imagecopymerge [243] => imagecopymergegray [244] => imagecopyresized [245] => imagecreate [246] => imagecreatetruecolor [247] => imageistruecolor [248] => imagetruecolortopalette [249] => imagesetthickness [250] => imagefilledarc [251] => imagefilledellipse [252] => imagealphablending [253] => imagesavealpha [254] => imagecolorallocatealpha [255] => imagecolorresolvealpha [256] => imagecolorclosestalpha [257] => imagecolorexactalpha [258] => imagecopyresampled [259] => imagerotate [260] => imageantialias [261] => imagesettile [262] => imagesetbrush [263] => imagesetstyle [264] => imagecreatefrompng [265] => imagecreatefromgif [266] => imagecreatefromjpeg [267] => imagecreatefromwbmp [268] => imagecreatefromxbm [269] => imagecreatefromgd [270] => imagecreatefromgd2 [271] => imagecreatefromgd2part [272] => imagepng [273] => imagegif [274] => imagejpeg [275] => imagewbmp [276] => imagegd [277] => imagegd2 [278] => imagedestroy [279] => imagegammacorrect [280] => imagefill [281] => imagefilledpolygon [282] => imagefilledrectangle [283] => imagefilltoborder [284] => imagefontwidth [285] => imagefontheight [286] => imageinterlace [287] => imageline [288] => imageloadfont [289] => imagepolygon [290] => imagerectangle [291] => imagesetpixel [292] => imagestring [293] => imagestringup [294] => imagesx [295] => imagesy [296] => imagedashedline [297] => imagetypes [298] => jpeg2wbmp [299] => png2wbmp [300] => image2wbmp [301] => imagelayereffect [302] => imagexbm [303] => imagecolormatch [304] => imagefilter [305] => imageconvolution [306] => textdomain [307] => gettext [308] => [309] => dgettext [310] => dcgettext [311] => bindtextdomain [312] => ngettext [313] => dngettext [314] => dcngettext [315] => bindtextdomain_codeset [316] => hash [317] => hash_file [318] => hash_hmac [319] => hash_hmac_file [320] => hash_init [321] => hash_update [322] => hash_update_stream [323] => hash_update_file [324] => hash_final [325] => hash_copy [326] => hash_algos [327] => iconv [328] => iconv_get_encoding [329] => iconv_set_encoding [330] => iconv_strlen [331] => iconv_substr [332] => iconv_strpos [333] => iconv_strrpos [334] => iconv_mime_encode [335] => iconv_mime_decode [336] => iconv_mime_decode_headers [337] => json_encode [338] => json_decode [339] => json_last_error [340] => mb_convert_case [341] => mb_strtoupper [342] => mb_strtolower [343] => mb_language [344] => mb_internal_encoding [345] => mb_http_input [346] => mb_http_output [347] => mb_detect_order [348] => mb_substitute_character [349] => mb_parse_str [350] => mb_output_handler [351] => mb_preferred_mime_name [352] => mb_strlen [353] => mb_strpos [354] => mb_strrpos [355] => mb_stripos [356] => mb_strripos [357] => mb_strstr [358] => mb_strrchr [359] => mb_stristr [360] => mb_strrichr [361] => mb_substr_count [362] => mb_substr [363] => mb_strcut [364] => mb_strwidth [365] => mb_strimwidth [366] => mb_convert_encoding [367] => mb_detect_encoding [368] => mb_list_encodings [369] => mb_encoding_aliases [370] => mb_convert_kana [371] => mb_encode_mimeheader [372] => mb_decode_mimeheader [373] => mb_convert_variables [374] => mb_encode_numericentity [375] => mb_decode_numericentity [376] => mb_send_mail [377] => mb_get_info [378] => mb_check_encoding [379] => mb_regex_encoding [380] => mb_regex_set_options [381] => mb_ereg [382] => mb_eregi [383] => mb_ereg_replace [384] => mb_eregi_replace [385] => mb_ereg_replace_callback [386] => mb_split [387] => mb_ereg_match [388] => mb_ereg_search [389] => mb_ereg_search_pos [390] => mb_ereg_search_regs [391] => mb_ereg_search_init [392] => mb_ereg_search_getregs [393] => mb_ereg_search_getpos [394] => mb_ereg_search_setpos [395] => mbregex_encoding [396] => mbereg [397] => mberegi [398] => mbereg_replace [399] => mberegi_replace [400] => mbsplit [401] => mbereg_match [402] => mbereg_search [403] => mbereg_search_pos [404] => mbereg_search_regs [405] => mbereg_search_init [406] => mbereg_search_getregs [407] => mbereg_search_getpos [408] => mbereg_search_setpos [409] => mcrypt_ecb [410] => mcrypt_cbc [411] => mcrypt_cfb [412] => mcrypt_ofb [413] => mcrypt_get_key_size [414] => mcrypt_get_block_size [415] => mcrypt_get_cipher_name [416] => mcrypt_create_iv [417] => mcrypt_list_algorithms [418] => mcrypt_list_modes [419] => mcrypt_get_iv_size [420] => mcrypt_encrypt [421] => mcrypt_decrypt [422] => mcrypt_module_open [423] => mcrypt_generic_init [424] => mcrypt_generic [425] => mdecrypt_generic [426] => mcrypt_generic_end [427] => mcrypt_generic_deinit [428] => mcrypt_enc_self_test [429] => mcrypt_enc_is_block_algorithm_mode [430] => mcrypt_enc_is_block_algorithm [431] => mcrypt_enc_is_block_mode [432] => mcrypt_enc_get_block_size [433] => mcrypt_enc_get_key_size [434] => mcrypt_enc_get_supported_key_sizes [435] => mcrypt_enc_get_iv_size [436] => mcrypt_enc_get_algorithms_name [437] => mcrypt_enc_get_modes_name [438] => mcrypt_module_self_test [439] => mcrypt_module_is_block_algorithm_mode [440] => mcrypt_module_is_block_algorithm [441] => mcrypt_module_is_block_mode [442] => mcrypt_module_get_algo_block_size [443] => mcrypt_module_get_algo_key_size [444] => mcrypt_module_get_supported_key_sizes [445] => mcrypt_module_close [446] => mysql_connect [447] => mysql_pconnect [448] => mysql_close [449] => mysql_select_db [450] => mysql_query [451] => mysql_unbuffered_query [452] => mysql_db_query [453] => mysql_list_dbs [454] => mysql_list_tables [455] => mysql_list_fields [456] => mysql_list_processes [457] => mysql_error [458] => mysql_errno [459] => mysql_affected_rows [460] => mysql_insert_id [461] => mysql_result [462] => mysql_num_rows [463] => mysql_num_fields [464] => mysql_fetch_row [465] => mysql_fetch_array [466] => mysql_fetch_assoc [467] => mysql_fetch_object [468] => mysql_data_seek [469] => mysql_fetch_lengths [470] => mysql_fetch_field [471] => mysql_field_seek [472] => mysql_free_result [473] => mysql_field_name [474] => mysql_field_table [475] => mysql_field_len [476] => mysql_field_type [477] => mysql_field_flags [478] => mysql_escape_string [479] => mysql_real_escape_string [480] => mysql_stat [481] => mysql_thread_id [482] => mysql_client_encoding [483] => mysql_ping [484] => mysql_get_client_info [485] => mysql_get_host_info [486] => mysql_get_proto_info [487] => mysql_get_server_info [488] => mysql_info [489] => mysql_set_charset [490] => mysql [491] => mysql_fieldname [492] => mysql_fieldtable [493] => mysql_fieldlen [494] => mysql_fieldtype [495] => mysql_fieldflags [496] => mysql_selectdb [497] => mysql_freeresult [498] => mysql_numfields [499] => mysql_numrows [500] => mysql_listdbs [501] => mysql_listtables [502] => mysql_listfields [503] => mysql_db_name [504] => mysql_dbname [505] => mysql_tablename [506] => mysql_table_name [507] => mysqli_affected_rows [508] => mysqli_autocommit [509] => mysqli_change_user [510] => mysqli_character_set_name [511] => mysqli_close [512] => mysqli_commit [513] => mysqli_connect [514] => mysqli_connect_errno [515] => mysqli_connect_error [516] => mysqli_data_seek [517] => mysqli_dump_debug_info [518] => mysqli_debug [519] => mysqli_errno [520] => mysqli_error [521] => mysqli_error_list [522] => mysqli_stmt_execute [523] => mysqli_execute [524] => mysqli_fetch_field [525] => mysqli_fetch_fields [526] => mysqli_fetch_field_direct [527] => mysqli_fetch_lengths [528] => mysqli_fetch_array [529] => mysqli_fetch_assoc [530] => mysqli_fetch_object [531] => mysqli_fetch_row [532] => mysqli_field_count [533] => mysqli_field_seek [534] => mysqli_field_tell [535] => mysqli_free_result [536] => mysqli_get_charset [537] => mysqli_get_client_info [538] => mysqli_get_client_version [539] => mysqli_get_host_info [540] => mysqli_get_proto_info [541] => mysqli_get_server_info [542] => mysqli_get_server_version [543] => mysqli_get_warnings [544] => mysqli_init [545] => mysqli_info [546] => mysqli_insert_id [547] => mysqli_kill [548] => mysqli_set_local_infile_default [549] => mysqli_set_local_infile_handler [550] => mysqli_more_results [551] => mysqli_multi_query [552] => mysqli_next_result [553] => mysqli_num_fields [554] => mysqli_num_rows [555] => mysqli_options [556] => mysqli_ping [557] => mysqli_prepare [558] => mysqli_report [559] => mysqli_query [560] => mysqli_real_connect [561] => mysqli_real_escape_string [562] => mysqli_real_query [563] => mysqli_rollback [564] => mysqli_select_db [565] => mysqli_set_charset [566] => mysqli_stmt_affected_rows [567] => mysqli_stmt_attr_get [568] => mysqli_stmt_attr_set [569] => mysqli_stmt_bind_param [570] => mysqli_stmt_bind_result [571] => mysqli_stmt_close [572] => mysqli_stmt_data_seek [573] => mysqli_stmt_errno [574] => mysqli_stmt_error [575] => mysqli_stmt_error_list [576] => mysqli_stmt_fetch [577] => mysqli_stmt_field_count [578] => mysqli_stmt_free_result [579] => mysqli_stmt_get_warnings [580] => mysqli_stmt_init [581] => mysqli_stmt_insert_id [582] => mysqli_stmt_num_rows [583] => mysqli_stmt_param_count [584] => mysqli_stmt_prepare [585] => mysqli_stmt_reset [586] => mysqli_stmt_result_metadata [587] => mysqli_stmt_send_long_data [588] => mysqli_stmt_store_result [589] => mysqli_stmt_sqlstate [590] => mysqli_sqlstate [591] => mysqli_ssl_set [592] => mysqli_stat [593] => mysqli_store_result [594] => mysqli_thread_id [595] => mysqli_thread_safe [596] => mysqli_use_result [597] => mysqli_warning_count [598] => mysqli_refresh [599] => mysqli_escape_string [600] => mysqli_set_opt [601] => pdo_drivers [602] => posix_kill [603] => posix_getpid [604] => posix_getppid [605] => posix_getuid [606] => posix_setuid [607] => posix_geteuid [608] => posix_seteuid [609] => posix_getgid [610] => posix_setgid [611] => posix_getegid [612] => posix_setegid [613] => posix_getgroups [614] => posix_getlogin [615] => posix_getpgrp [616] => posix_setsid [617] => posix_setpgid [618] => posix_getpgid [619] => posix_getsid [620] => posix_uname [621] => posix_times [622] => posix_ctermid [623] => posix_ttyname [624] => posix_isatty [625] => posix_getcwd [626] => posix_mkfifo [627] => posix_mknod [628] => posix_access [629] => posix_getgrnam [630] => posix_getgrgid [631] => posix_getpwnam [632] => posix_getpwuid [633] => posix_getrlimit [634] => posix_get_last_error [635] => posix_errno [636] => posix_strerror [637] => posix_initgroups [638] => session_name [639] => session_module_name [640] => session_save_path [641] => session_id [642] => session_regenerate_id [643] => session_decode [644] => session_encode [645] => session_start [646] => session_destroy [647] => session_unset [648] => session_set_save_handler [649] => session_cache_limiter [650] => session_cache_expire [651] => session_set_cookie_params [652] => session_get_cookie_params [653] => session_write_close [654] => session_status [655] => session_register_shutdown [656] => session_commit [657] => simplexml_load_file [658] => simplexml_load_string [659] => simplexml_import_dom [660] => use_soap_error_handler [661] => is_soap_fault [662] => socket_select [663] => socket_create [664] => socket_create_listen [665] => socket_create_pair [666] => socket_accept [667] => socket_set_nonblock [668] => socket_set_block [669] => socket_listen [670] => socket_close [671] => socket_write [672] => socket_read [673] => socket_getsockname [674] => socket_getpeername [675] => socket_connect [676] => socket_strerror [677] => socket_bind [678] => socket_recv [679] => socket_send [680] => socket_recvfrom [681] => socket_sendto [682] => socket_get_option [683] => socket_set_option [684] => socket_shutdown [685] => socket_last_error [686] => socket_clear_error [687] => socket_import_stream [688] => socket_getopt [689] => socket_setopt [690] => spl_classes [691] => spl_autoload [692] => spl_autoload_extensions [693] => spl_autoload_register [694] => spl_autoload_unregister [695] => spl_autoload_functions [696] => spl_autoload_call [697] => class_parents [698] => class_implements [699] => class_uses [700] => spl_object_hash [701] => iterator_to_array [702] => iterator_count [703] => iterator_apply [704] => constant [705] => bin2hex [706] => hex2bin [707] => sleep [708] => usleep [709] => time_nanosleep [710] => time_sleep_until [711] => strptime [712] => flush [713] => wordwrap [714] => htmlspecialchars [715] => htmlentities [716] => html_entity_decode [717] => htmlspecialchars_decode [718] => get_html_translation_table [719] => sha1 [720] => sha1_file [721] => md5 [722] => md5_file [723] => crc32 [724] => iptcparse [725] => iptcembed [726] => getimagesize [727] => getimagesizefromstring [728] => image_type_to_mime_type [729] => image_type_to_extension [730] => phpinfo [731] => phpversion [732] => phpcredits [733] => php_logo_guid [734] => php_real_logo_guid [735] => php_egg_logo_guid [736] => zend_logo_guid [737] => php_sapi_name [738] => php_uname [739] => php_ini_scanned_files [740] => php_ini_loaded_file [741] => strnatcmp [742] => strnatcasecmp [743] => substr_count [744] => strspn [745] => strcspn [746] => strtok [747] => strtoupper [748] => strtolower [749] => strpos [750] => stripos [751] => strrpos [752] => strripos [753] => strrev [754] => hebrev [755] => hebrevc [756] => nl2br [757] => basename [758] => dirname [759] => pathinfo [760] => stripslashes [761] => stripcslashes [762] => strstr [763] => stristr [764] => strrchr [765] => str_shuffle [766] => str_word_count [767] => str_split [768] => strpbrk [769] => substr_compare [770] => strcoll [771] => money_format [772] => substr [773] => substr_replace [774] => quotemeta [775] => ucfirst [776] => lcfirst [777] => ucwords [778] => strtr [779] => addslashes [780] => addcslashes [781] => rtrim [782] => str_replace [783] => str_ireplace [784] => str_repeat [785] => count_chars [786] => chunk_split [787] => trim [788] => ltrim [789] => strip_tags [790] => similar_text [791] => explode [792] => implode [793] => join [794] => setlocale [795] => localeconv [796] => nl_langinfo [797] => soundex [798] => levenshtein [799] => chr [800] => ord [801] => parse_str [802] => str_getcsv [803] => str_pad [804] => chop [805] => strchr [806] => sprintf [807] => printf [808] => vprintf [809] => vsprintf [810] => fprintf [811] => vfprintf [812] => sscanf [813] => fscanf [814] => parse_url [815] => urlencode [816] => urldecode [817] => rawurlencode [818] => rawurldecode [819] => http_build_query [820] => readlink [821] => linkinfo [822] => symlink [823] => link [824] => unlink [825] => exec [826] => system [827] => escapeshellcmd [828] => escapeshellarg [829] => passthru [830] => shell_exec [831] => proc_open [832] => proc_close [833] => proc_terminate [834] => proc_get_status [835] => proc_nice [836] => rand [837] => srand [838] => getrandmax [839] => mt_rand [840] => mt_srand [841] => mt_getrandmax [842] => getservbyname [843] => getservbyport [844] => getprotobyname [845] => getprotobynumber [846] => getmyuid [847] => getmygid [848] => getmypid [849] => getmyinode [850] => getlastmod [851] => base64_decode [852] => base64_encode [853] => convert_uuencode [854] => convert_uudecode [855] => abs [856] => ceil [857] => floor [858] => round [859] => sin [860] => cos [861] => tan [862] => asin [863] => acos [864] => atan [865] => atanh [866] => atan2 [867] => sinh [868] => cosh [869] => tanh [870] => asinh [871] => acosh [872] => expm1 [873] => log1p [874] => pi [875] => is_finite [876] => is_nan [877] => is_infinite [878] => pow [879] => exp [880] => log [881] => log10 [882] => sqrt [883] => hypot [884] => deg2rad [885] => rad2deg [886] => bindec [887] => hexdec [888] => octdec [889] => decbin [890] => decoct [891] => dechex [892] => base_convert [893] => number_format [894] => fmod [895] => inet_ntop [896] => inet_pton [897] => ip2long [898] => long2ip [899] => getenv [900] => putenv [901] => getopt [902] => sys_getloadavg [903] => microtime [904] => gettimeofday [905] => getrusage [906] => uniqid [907] => quoted_printable_decode [908] => quoted_printable_encode [909] => convert_cyr_string [910] => get_current_user [911] => set_time_limit [912] => header_register_callback [913] => get_cfg_var [914] => magic_quotes_runtime [915] => set_magic_quotes_runtime [916] => get_magic_quotes_gpc [917] => get_magic_quotes_runtime [918] => error_log [919] => error_get_last [920] => call_user_func [921] => call_user_func_array [922] => call_user_method [923] => call_user_method_array [924] => forward_static_call [925] => forward_static_call_array [926] => serialize [927] => unserialize [928] => var_dump [929] => var_export [930] => debug_zval_dump [931] => print_r [932] => memory_get_usage [933] => memory_get_peak_usage [934] => register_shutdown_function [935] => register_tick_function [936] => unregister_tick_function [937] => highlight_file [938] => show_source [939] => highlight_string [940] => php_strip_whitespace [941] => ini_get [942] => ini_get_all [943] => ini_set [944] => ini_alter [945] => ini_restore [946] => get_include_path [947] => set_include_path [948] => restore_include_path [949] => setcookie [950] => setrawcookie [951] => header [952] => header_remove [953] => headers_sent [954] => headers_list [955] => http_response_code [956] => connection_aborted [957] => connection_status [958] => ignore_user_abort [959] => parse_ini_file [960] => parse_ini_string [961] => is_uploaded_file [962] => move_uploaded_file [963] => gethostbyaddr [964] => gethostbyname [965] => gethostbynamel [966] => gethostname [967] => intval [968] => floatval [969] => doubleval [970] => strval [971] => gettype [972] => settype [973] => is_null [974] => is_resource [975] => is_bool [976] => is_long [977] => is_float [978] => is_int [979] => is_integer [980] => is_double [981] => is_real [982] => is_numeric [983] => is_string [984] => is_array [985] => is_object [986] => is_scalar [987] => is_callable [988] => pclose [989] => popen [990] => readfile [991] => rewind [992] => rmdir [993] => umask [994] => fclose [995] => feof [996] => fgetc [997] => fgets [998] => fgetss [999] => fread [1000] => fopen [1001] => fpassthru [1002] => ftruncate [1003] => fstat [1004] => fseek [1005] => ftell [1006] => fflush [1007] => fwrite [1008] => fputs [1009] => mkdir [1010] => rename [1011] => copy [1012] => tempnam [1013] => tmpfile [1014] => file [1015] => file_get_contents [1016] => file_put_contents [1017] => stream_select [1018] => stream_context_create [1019] => stream_context_set_params [1020] => stream_context_get_params [1021] => stream_context_set_option [1022] => stream_context_get_options [1023] => stream_context_get_default [1024] => stream_context_set_default [1025] => stream_filter_prepend [1026] => stream_filter_append [1027] => stream_filter_remove [1028] => stream_socket_client [1029] => stream_socket_server [1030] => stream_socket_accept [1031] => stream_socket_get_name [1032] => stream_socket_recvfrom [1033] => stream_socket_sendto [1034] => stream_socket_enable_crypto [1035] => stream_socket_shutdown [1036] => stream_socket_pair [1037] => stream_copy_to_stream [1038] => stream_get_contents [1039] => stream_supports_lock [1040] => fgetcsv [1041] => fputcsv [1042] => flock [1043] => get_meta_tags [1044] => stream_set_read_buffer [1045] => stream_set_write_buffer [1046] => set_file_buffer [1047] => stream_set_chunk_size [1048] => set_socket_blocking [1049] => stream_set_blocking [1050] => socket_set_blocking [1051] => stream_get_meta_data [1052] => stream_get_line [1053] => stream_wrapper_register [1054] => stream_register_wrapper [1055] => stream_wrapper_unregister [1056] => stream_wrapper_restore [1057] => stream_get_wrappers [1058] => stream_get_transports [1059] => stream_resolve_include_path [1060] => stream_is_local [1061] => get_headers [1062] => stream_set_timeout [1063] => socket_set_timeout [1064] => socket_get_status [1065] => realpath [1066] => fsockopen [1067] => pfsockopen [1068] => pack [1069] => unpack [1070] => get_browser [1071] => crypt [1072] => opendir [1073] => closedir [1074] => chdir [1075] => getcwd [1076] => rewinddir [1077] => readdir [1078] => dir [1079] => scandir [1080] => glob [1081] => fileatime [1082] => filectime [1083] => filegroup [1084] => fileinode [1085] => filemtime [1086] => fileowner [1087] => fileperms [1088] => filesize [1089] => filetype [1090] => file_exists [1091] => is_writable [1092] => is_writeable [1093] => is_readable [1094] => is_executable [1095] => is_file [1096] => is_dir [1097] => is_link [1098] => stat [1099] => lstat [1100] => chown [1101] => chgrp [1102] => lchown [1103] => lchgrp [1104] => chmod [1105] => touch [1106] => clearstatcache [1107] => disk_total_space [1108] => disk_free_space [1109] => diskfreespace [1110] => realpath_cache_size [1111] => realpath_cache_get [1112] => mail [1113] => ezmlm_hash [1114] => openlog [1115] => syslog [1116] => closelog [1117] => lcg_value [1118] => metaphone [1119] => ob_start [1120] => ob_flush [1121] => ob_clean [1122] => ob_end_flush [1123] => ob_end_clean [1124] => ob_get_flush [1125] => ob_get_clean [1126] => ob_get_length [1127] => ob_get_level [1128] => ob_get_status [1129] => ob_get_contents [1130] => ob_implicit_flush [1131] => ob_list_handlers [1132] => ksort [1133] => krsort [1134] => natsort [1135] => natcasesort [1136] => asort [1137] => arsort [1138] => sort [1139] => rsort [1140] => usort [1141] => uasort [1142] => uksort [1143] => shuffle [1144] => array_walk [1145] => array_walk_recursive [1146] => count [1147] => end [1148] => prev [1149] => next [1150] => reset [1151] => current [1152] => key [1153] => min [1154] => max [1155] => in_array [1156] => array_search [1157] => extract [1158] => compact [1159] => array_fill [1160] => array_fill_keys [1161] => range [1162] => array_multisort [1163] => array_push [1164] => array_pop [1165] => array_shift [1166] => array_unshift [1167] => array_splice [1168] => array_slice [1169] => array_merge [1170] => array_merge_recursive [1171] => array_replace [1172] => array_replace_recursive [1173] => array_keys [1174] => array_values [1175] => array_count_values [1176] => array_reverse [1177] => array_reduce [1178] => array_pad [1179] => array_flip [1180] => array_change_key_case [1181] => array_rand [1182] => array_unique [1183] => array_intersect [1184] => array_intersect_key [1185] => array_intersect_ukey [1186] => array_uintersect [1187] => array_intersect_assoc [1188] => array_uintersect_assoc [1189] => array_intersect_uassoc [1190] => array_uintersect_uassoc [1191] => array_diff [1192] => array_diff_key [1193] => array_diff_ukey [1194] => array_udiff [1195] => array_diff_assoc [1196] => array_udiff_assoc [1197] => array_diff_uassoc [1198] => array_udiff_uassoc [1199] => array_sum [1200] => array_product [1201] => array_filter [1202] => array_map [1203] => array_chunk [1204] => array_combine [1205] => array_key_exists [1206] => pos [1207] => sizeof [1208] => key_exists [1209] => assert [1210] => assert_options [1211] => version_compare [1212] => ftok [1213] => str_rot13 [1214] => stream_get_filters [1215] => stream_filter_register [1216] => stream_bucket_make_writeable [1217] => stream_bucket_prepend [1218] => stream_bucket_append [1219] => stream_bucket_new [1220] => output_add_rewrite_var [1221] => output_reset_rewrite_vars [1222] => sys_get_temp_dir [1223] => token_get_all [1224] => token_name [1225] => xml_parser_create [1226] => xml_parser_create_ns [1227] => xml_set_object [1228] => xml_set_element_handler [1229] => xml_set_character_data_handler [1230] => xml_set_processing_instruction_handler [1231] => xml_set_default_handler [1232] => xml_set_unparsed_entity_decl_handler [1233] => xml_set_notation_decl_handler [1234] => xml_set_external_entity_ref_handler [1235] => xml_set_start_namespace_decl_handler [1236] => xml_set_end_namespace_decl_handler [1237] => xml_parse [1238] => xml_parse_into_struct [1239] => xml_get_error_code [1240] => xml_error_string [1241] => xml_get_current_line_number [1242] => xml_get_current_column_number [1243] => xml_get_current_byte_index [1244] => xml_parser_free [1245] => xml_parser_set_option [1246] => xml_parser_get_option [1247] => utf8_encode [1248] => utf8_decode [1249] => xmlwriter_open_uri [1250] => xmlwriter_open_memory [1251] => xmlwriter_set_indent [1252] => xmlwriter_set_indent_string [1253] => xmlwriter_start_comment [1254] => xmlwriter_end_comment [1255] => xmlwriter_start_attribute [1256] => xmlwriter_end_attribute [1257] => xmlwriter_write_attribute [1258] => xmlwriter_start_attribute_ns [1259] => xmlwriter_write_attribute_ns [1260] => xmlwriter_start_element [1261] => xmlwriter_end_element [1262] => xmlwriter_full_end_element [1263] => xmlwriter_start_element_ns [1264] => xmlwriter_write_element [1265] => xmlwriter_write_element_ns [1266] => xmlwriter_start_pi [1267] => xmlwriter_end_pi [1268] => xmlwriter_write_pi [1269] => xmlwriter_start_cdata [1270] => xmlwriter_end_cdata [1271] => xmlwriter_write_cdata [1272] => xmlwriter_text [1273] => xmlwriter_write_raw [1274] => xmlwriter_start_document [1275] => xmlwriter_end_document [1276] => xmlwriter_write_comment [1277] => xmlwriter_start_dtd [1278] => xmlwriter_end_dtd [1279] => xmlwriter_write_dtd [1280] => xmlwriter_start_dtd_element [1281] => xmlwriter_end_dtd_element [1282] => xmlwriter_write_dtd_element [1283] => xmlwriter_start_dtd_attlist [1284] => xmlwriter_end_dtd_attlist [1285] => xmlwriter_write_dtd_attlist [1286] => xmlwriter_start_dtd_entity [1287] => xmlwriter_end_dtd_entity [1288] => xmlwriter_write_dtd_entity [1289] => xmlwriter_output_memory [1290] => xmlwriter_flush [1291] => zip_open [1292] => zip_close [1293] => zip_read [1294] => zip_entry_open [1295] => zip_entry_close [1296] => zip_entry_read [1297] => zip_entry_filesize [1298] => zip_entry_name [1299] => zip_entry_compressedsize [1300] => zip_entry_compressionmethod [1301] => apache_child_terminate [1302] => apache_request_headers [1303] => apache_response_headers [1304] => getallheaders ) [user] => Array ( ) )
Export: JSON TEXT XML
Exploit Code:
  1.  
Screen Shots:
Notes:
98151