Submit all data fields as base64 to avoid encoding errors in the json result

flozz / p0wny-shell

Single-file PHP shell

https://blog.flozz.fr/2020/01/21/p0wny-shell-un-shell-php-simple-mais-trop-efficace/

Do What The F*ck You Want To Public License

2.18k stars 638 forks source link

Submit all data fields as base64 to avoid encoding errors in the json result #35

Closed cli-ish closed 1 year ago

cli-ish commented 1 year ago

Issue https://github.com/flozz/p0wny-shell/issues/8

This PR implements base64_encode on each feature return (stdout/files/cwd) and decodes it on the client side using atob.

I also found a small bug in the new function initShellConfig() which checks the variable $hostname instead of $username for !== false.

By the way, are there any programming guidelines for this project? For example, I would replace array() with [] to shorten the code. It would be helpful to know which standard to follow so as not to mix them up.

flozz commented 1 year ago

Thank you for the PR! :)

I also found a small bug in the new function initShellConfig() which checks the variable $hostname instead of $username for !== false.

Oops, my bad... /o\

By the way, are there any programming guidelines for this project?

There is not, because it started as a "quick and dirty" shell to work on a pentest.. I would never have thought that it will interest other people when I started this project... ^^'

Maybe a linter would be a good idea, but as everything is in a single PHP/HTML/JS file, I do not know which linter could do the job...