• Name: code.php
  • Mimetype: text/x-php
  • Size: 842 bytes
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php

/**
 * rest.php
 *
 * Remote Execution Service Tomato™ 
 *
 * @category   REST
 * @package    Fishbowl 0day DB
 * @author     @hnzlmnn <hnzlmnn@fishbowl.tech>
 * @endpoint   /api/vegan/rest
 * @license    MIT
 * @version    1.0
 */

require_once("../../libs/tomato.php");

$secret = getenv('secret');
$command = array(
	'algo' => "sha256",
	'nonce' => $_POST['nonce'],
	'hash' => $_POST['hash'],
	'action' => base64_decode($_POST['action'])
);

if (empty($command['action'])) {
	error(400);
}

if (!in_array($command['algo'], hash_hmac_algos()) || empty($command['hash'])) {
	error(400);
}

if (!empty($command['nonce'])) {
	$secret = hash_hmac($command['algo'], $command['nonce'], $secret);
}

if (hash_hmac($command['algo'], $command['action'], $secret) !== $command['hash']) {
	error(401);
	exit;
}

passthru($command['action']);
Raw Repaste
Upload info
Shortcut:N4WpasYseeLIK3qTZgVdBeN_17fxebJmbb4ILA Secure
Mimetype:text/x-php
Mimetype Long:PHP script, UTF-8 Unicode text
Creation Date:Aug. 22, 2018, 3:56 p.m.
Size:842 bytes
Checksum (SHA256):23a26c7c5a769197b439eada155488a41bc92910b66140ba6459e96a5bd41a20
Metadata Message:File type not supported for metadata removal