├── pages └── index.php ├── installation ├── index.php └── installer │ ├── index.php │ └── data │ ├── index.php │ ├── lang │ └── index.php │ ├── templates │ ├── images │ │ ├── edit.gif │ │ ├── note.gif │ │ ├── Thumbs.db │ │ ├── active.gif │ │ ├── bullet.gif │ │ ├── button.gif │ │ ├── delete.gif │ │ ├── error.gif │ │ ├── footer.jpg │ │ ├── approve.gif │ │ ├── divider.gif │ │ ├── negative.gif │ │ ├── positive.gif │ │ ├── sidebody.gif │ │ ├── sidehead.gif │ │ ├── success.gif │ │ ├── userbox.gif │ │ ├── warning.gif │ │ ├── wrapper.gif │ │ ├── background.jpg │ │ └── visitwebsite.gif │ ├── error.phtml │ ├── finish.phtml │ ├── rtl.css │ ├── error_db.phtml │ ├── dbdone.phtml │ └── index.phtml │ └── database.php ├── challenges ├── ch012 │ ├── __MACOSX │ │ └── files │ │ │ └── radar.png │ ├── files │ │ └── radar.png │ └── ch012.xml ├── ch013 │ ├── __MACOSX │ │ ├── images │ │ │ ├── .DS_Store │ │ │ ├── nmac.jpg │ │ │ └── cascade_nmac.png │ │ └── js │ │ │ └── jquery-2.1.1.min.js │ ├── images │ │ ├── .DS_Store │ │ ├── nmac.jpg │ │ └── cascade_nmac.png │ └── ch013.xml ├── index.php ├── ch011 │ ├── __MACOSX │ │ └── files │ │ │ ├── ciphertext.txt │ │ │ └── frequency.jpg │ ├── files │ │ └── frequency.jpg │ └── ch011.xml ├── ch015 │ ├── __MACOSX │ │ └── files │ │ │ └── sanity_check.txt │ └── ch015.xml ├── cookiEng │ ├── test │ │ └── testoutput │ │ │ └── ESAPI_logging_file_test │ ├── guns.jpg │ ├── t0psec.php │ └── cookiEng.xml ├── example.zip ├── ch008 │ ├── l7s.png │ ├── b64.txt │ └── ch008.xml ├── ch001 │ ├── logo2.gif │ └── main │ │ ├── banner.gif │ │ ├── secret_area_ │ │ ├── mails.gif │ │ └── mails.txt │ │ ├── main.htm │ │ └── Sociability.htm ├── ch003 │ ├── xssme1.png │ └── ch003.xml ├── ch004 │ ├── xssme2.png │ └── ch004.xml ├── ch005 │ ├── p0wnb.png │ └── ch005.xml ├── ch009 │ ├── slagoff.png │ └── sUpErDuPErL33T.txt ├── izon │ ├── img │ │ ├── izon.png │ │ ├── favicon.ico │ │ ├── glyphicons-halflings.png │ │ └── glyphicons-halflings-white.png │ ├── config.inc.php │ ├── logout.php │ ├── js │ │ └── obfuscate.php │ └── README.md ├── ch007 │ └── index_files │ │ ├── lastlogin.txt │ │ ├── logo.png │ │ └── background.jpg ├── ch010 │ └── ninja_eyes.png ├── ch002 │ ├── ch002.css │ └── ch002.xml ├── ch017 │ ├── ch017.xml │ └── css │ │ ├── main.css~ │ │ └── main.css ├── ch014 │ └── ch014.xml ├── ch020 │ └── ch020.xml ├── ch018 │ └── ch018.xml ├── ch016 │ └── ch016.xml └── ch006 │ └── ch006.xml ├── esapi └── lib │ ├── apache-log4php │ ├── site │ │ ├── css │ │ │ ├── site.css │ │ │ └── print.css │ │ ├── images │ │ │ ├── add.gif │ │ │ ├── fix.gif │ │ │ ├── logo.jpg │ │ │ ├── rss.png │ │ │ ├── ls-logo.jpg │ │ │ ├── remove.gif │ │ │ ├── update.gif │ │ │ ├── collapsed.gif │ │ │ ├── expanded.gif │ │ │ ├── external.png │ │ │ ├── newwindow.png │ │ │ ├── icon_error_sml.gif │ │ │ ├── icon_help_sml.gif │ │ │ ├── icon_info_sml.gif │ │ │ ├── icon_success_sml.gif │ │ │ ├── icon_warning_sml.gif │ │ │ └── logos │ │ │ │ └── maven-feather.png │ │ └── apidocs │ │ │ ├── blank.html │ │ │ └── media │ │ │ └── banner.css │ └── trunk │ │ ├── src │ │ ├── site │ │ │ └── resources │ │ │ │ ├── images │ │ │ │ ├── logo.jpg │ │ │ │ ├── ls-logo.jpg │ │ │ │ └── apache-incubator-logo.png │ │ │ │ └── css │ │ │ │ └── site.css │ │ └── test │ │ │ └── php │ │ │ └── configurators │ │ │ └── test2.properties │ │ ├── NOTICE │ │ └── README │ └── htmlpurifier │ ├── HTMLPurifier │ ├── ConfigSchema │ │ ├── schema │ │ │ ├── info.ini │ │ │ ├── Attr.IDBlacklist.txt │ │ │ ├── HTML.TidyAdd.txt │ │ │ ├── HTML.TidyRemove.txt │ │ │ ├── CSS.Proprietary.txt │ │ │ ├── Test.ForceNoIconv.txt │ │ │ ├── Core.EscapeInvalidTags.txt │ │ │ ├── Attr.AllowedClasses.txt │ │ │ ├── CSS.DefinitionRev.txt │ │ │ ├── URI.DefinitionRev.txt │ │ │ ├── HTML.Strict.txt │ │ │ ├── CSS.AllowImportant.txt │ │ │ ├── HTML.Trusted.txt │ │ │ ├── HTML.CustomDoctype.txt │ │ │ ├── HTML.XHTML.txt │ │ │ ├── URI.DefaultScheme.txt │ │ │ ├── Attr.AllowedRev.txt │ │ │ ├── Attr.ForbiddenClasses.txt │ │ │ ├── URI.DefinitionID.txt │ │ │ ├── AutoFormat.Linkify.txt │ │ │ ├── Attr.AllowedRel.txt │ │ │ ├── Core.Language.txt │ │ │ ├── Output.CommentScriptContents.txt │ │ │ ├── URI.Disable.txt │ │ │ ├── Attr.DefaultInvalidImageAlt.txt │ │ │ ├── Attr.DefaultTextDir.txt │ │ │ ├── Core.RemoveScriptContents.txt │ │ │ ├── URI.DisableResources.txt │ │ │ ├── URI.HostBlacklist.txt │ │ │ ├── Filter.Custom.txt │ │ │ ├── AutoFormat.Custom.txt │ │ │ ├── Attr.IDBlacklistRegexp.txt │ │ │ ├── HTML.Parent.txt │ │ │ ├── Attr.DefaultInvalidImage.txt │ │ │ ├── AutoFormat.DisplayLinkURI.txt │ │ │ ├── AutoFormat.PurifierLinkify.txt │ │ │ ├── Filter.YouTube.txt │ │ │ ├── URI.OverrideAllowedSchemes.txt │ │ │ ├── HTML.Proprietary.txt │ │ │ ├── Cache.SerializerPath.txt │ │ │ ├── Core.RemoveInvalidImg.txt │ │ │ ├── AutoFormat.PurifierLinkify.DocURL.txt │ │ │ ├── Output.Newline.txt │ │ │ ├── URI.AllowedSchemes.txt │ │ │ ├── AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt │ │ │ ├── Cache.DefinitionImpl.txt │ │ │ ├── Core.EscapeInvalidChildren.txt │ │ │ ├── URI.MakeAbsolute.txt │ │ │ ├── Core.CollectErrors.txt │ │ │ ├── URI.DisableExternal.txt │ │ │ ├── CSS.AllowTricky.txt │ │ │ ├── Core.ConvertDocumentToFragment.txt │ │ │ ├── HTML.Doctype.txt │ │ │ ├── Attr.IDPrefix.txt │ │ │ ├── HTML.Attr.Name.UseCDATA.txt │ │ │ ├── Attr.DefaultImageAlt.txt │ │ │ ├── AutoFormat.RemoveEmpty.RemoveNbsp.txt │ │ │ ├── HTML.MaxImgLength.txt │ │ │ ├── HTML.SafeEmbed.txt │ │ │ ├── Filter.ExtractStyleBlocks.Escaping.txt │ │ │ ├── Output.SortAttr.txt │ │ │ ├── HTML.SafeObject.txt │ │ │ ├── HTML.DefinitionRev.txt │ │ │ ├── URI.DisableExternalResources.txt │ │ │ ├── Attr.AllowedFrameTargets.txt │ │ │ ├── Core.EscapeNonASCIICharacters.txt │ │ │ ├── Core.MaintainLineNumbers.txt │ │ │ ├── HTML.BlockWrapper.txt │ │ │ ├── Core.HiddenElements.txt │ │ │ ├── Filter.ExtractStyleBlocks.TidyImpl.txt │ │ │ ├── URI.MungeResources.txt │ │ │ ├── CSS.AllowedProperties.txt │ │ │ ├── CSS.MaxImgLength.txt │ │ │ ├── HTML.AllowedAttributes.txt │ │ │ ├── Attr.EnableID.txt │ │ │ ├── URI.Base.txt │ │ │ ├── Attr.IDPrefixLocal.txt │ │ │ ├── Core.DirectLexLineNumberSyncInterval.txt │ │ │ ├── HTML.CoreModules.txt │ │ │ ├── HTML.TidyLevel.txt │ │ │ ├── Core.AggressivelyFixLt.txt │ │ │ ├── HTML.AllowedElements.txt │ │ │ ├── Core.ColorKeywords.txt │ │ │ ├── HTML.AllowedModules.txt │ │ │ ├── Core.Encoding.txt │ │ │ ├── HTML.ForbiddenElements.txt │ │ │ └── URI.Host.txt │ │ └── Exception.php │ ├── DefinitionCache │ │ ├── Serializer │ │ │ └── README │ │ └── Null.php │ ├── Printer │ │ ├── ConfigForm.js │ │ └── ConfigForm.css │ ├── Token │ │ ├── Empty.php │ │ ├── Start.php │ │ ├── End.php │ │ └── Comment.php │ ├── Language │ │ ├── classes │ │ │ └── en-x-test.php │ │ └── messages │ │ │ ├── en-x-test.php │ │ │ └── en-x-testmini.php │ ├── VarParserException.php │ ├── Exception.php │ ├── HTMLModule │ │ ├── Tidy │ │ │ ├── Transitional.php │ │ │ ├── XHTML.php │ │ │ ├── Strict.php │ │ │ └── Name.php │ │ ├── XMLCommonAttributes.php │ │ ├── NonXMLCommonAttributes.php │ │ ├── Target.php │ │ ├── Name.php │ │ ├── CommonAttributes.php │ │ └── StyleAttribute.php │ ├── URIScheme │ │ ├── https.php │ │ ├── http.php │ │ ├── nntp.php │ │ ├── news.php │ │ └── mailto.php │ ├── AttrDef │ │ ├── Text.php │ │ ├── URI │ │ │ ├── Email.php │ │ │ └── Email │ │ │ │ └── SimpleCheck.php │ │ ├── CSS │ │ │ ├── AlphaValue.php │ │ │ └── DenyElementDecorator.php │ │ └── HTML │ │ │ ├── FrameTarget.php │ │ │ └── Bool.php │ ├── URIFilter │ │ ├── DisableExternalResources.php │ │ └── HostBlacklist.php │ ├── AttrTransform │ │ ├── ScriptRequired.php │ │ ├── SafeEmbed.php │ │ ├── SafeObject.php │ │ ├── Textarea.php │ │ ├── BdoDir.php │ │ ├── Border.php │ │ ├── BgColor.php │ │ ├── Background.php │ │ ├── Name.php │ │ ├── Length.php │ │ └── Lang.php │ ├── Strategy │ │ ├── Core.php │ │ └── Composite.php │ ├── ChildDef │ │ └── Empty.php │ ├── VarParser │ │ └── Native.php │ ├── Strategy.php │ ├── Injector │ │ └── DisplayLinkURI.php │ └── PropertyListIterator.php │ ├── HTMLPurifier.path.php │ ├── HTMLPurifier.auto.php │ ├── HTMLPurifier.func.php │ └── HTMLPurifier.autoload.php ├── admin ├── view │ ├── _footer.tpl │ ├── _usermessage.tpl │ ├── admin_login.tpl │ └── addclass.tpl └── assets │ └── images │ ├── addclass.png │ ├── adduser.png │ ├── addarticle.jpg │ ├── manageclass.png │ ├── usermanager.jpg │ ├── addchallenge2.PNG │ ├── articlemanager.jpg │ ├── configuration.jpg │ ├── login-sprite.png │ ├── whiteGradient.png │ └── challengemanager.jpg ├── extlib ├── Smarty-3.1.8 │ ├── demo │ │ ├── templates │ │ │ ├── footer.tpl │ │ │ └── header.tpl │ │ └── configs │ │ │ └── test.conf │ └── libs │ │ ├── sysplugins │ │ └── smarty_internal_compile_block.php │ │ └── plugins │ │ ├── modifiercompiler.noprint.php │ │ ├── variablefilter.htmlspecialchars.php │ │ ├── modifiercompiler.string_format.php │ │ ├── modifiercompiler.cat.php │ │ ├── modifiercompiler.count_paragraphs.php │ │ ├── modifiercompiler.upper.php │ │ ├── modifiercompiler.indent.php │ │ ├── modifier.spacify.php │ │ ├── modifiercompiler.lower.php │ │ └── modifiercompiler.count_sentences.php └── tinymce │ ├── examples │ ├── media │ │ ├── sample.ram │ │ ├── logo.jpg │ │ ├── sample.avi │ │ ├── sample.dcr │ │ ├── sample.flv │ │ ├── sample.mov │ │ ├── sample.rm │ │ ├── sample.swf │ │ └── logo_over.jpg │ ├── templates │ │ ├── snippet1.htm │ │ └── layout1.htm │ ├── index.html │ ├── lists │ │ ├── image_list.js │ │ ├── template_list.js │ │ ├── link_list.js │ │ └── media_list.js │ └── menu.html │ ├── changelog.txt │ └── jscripts │ └── tiny_mce │ ├── plugins │ ├── example │ │ ├── langs │ │ │ ├── en.js │ │ │ └── en_dlg.js │ │ ├── img │ │ │ └── example.gif │ │ ├── js │ │ │ └── dialog.js │ │ └── editor_plugin.js │ ├── spellchecker │ │ ├── css │ │ │ └── content.css │ │ ├── img │ │ │ └── wline.gif │ │ ├── editor_plugin.js │ │ └── editor_plugin_src.js │ ├── advhr │ │ ├── langs │ │ │ └── en_dlg.js │ │ ├── css │ │ │ └── advhr.css │ │ └── editor_plugin.js │ ├── media │ │ └── moxieplayer.swf │ ├── advimage │ │ ├── img │ │ │ └── sample.gif │ │ ├── css │ │ │ └── advimage.css │ │ └── editor_plugin.js │ ├── emotions │ │ ├── img │ │ │ ├── smiley-cry.gif │ │ │ ├── smiley-cool.gif │ │ │ ├── smiley-frown.gif │ │ │ ├── smiley-kiss.gif │ │ │ ├── smiley-smile.gif │ │ │ ├── smiley-wink.gif │ │ │ ├── smiley-yell.gif │ │ │ ├── smiley-innocent.gif │ │ │ ├── smiley-laughing.gif │ │ │ ├── smiley-sealed.gif │ │ │ ├── smiley-embarassed.gif │ │ │ ├── smiley-surprised.gif │ │ │ ├── smiley-tongue-out.gif │ │ │ ├── smiley-undecided.gif │ │ │ ├── smiley-foot-in-mouth.gif │ │ │ └── smiley-money-mouth.gif │ │ ├── langs │ │ │ └── en_dlg.js │ │ └── editor_plugin.js │ ├── inlinepopups │ │ └── skins │ │ │ └── clearlooks2 │ │ │ └── img │ │ │ ├── alert.gif │ │ │ ├── button.gif │ │ │ ├── buttons.gif │ │ │ ├── confirm.gif │ │ │ ├── corners.gif │ │ │ ├── vertical.gif │ │ │ └── horizontal.gif │ ├── searchreplace │ │ ├── css │ │ │ └── searchreplace.css │ │ └── langs │ │ │ └── en_dlg.js │ ├── table │ │ ├── css │ │ │ ├── table.css │ │ │ ├── cell.css │ │ │ └── row.css │ │ └── js │ │ │ └── merge_cells.js │ ├── paste │ │ ├── langs │ │ │ └── en_dlg.js │ │ └── pasteword.htm │ ├── xhtmlxtras │ │ ├── css │ │ │ ├── attributes.css │ │ │ └── popup.css │ │ └── js │ │ │ ├── abbr.js │ │ │ ├── cite.js │ │ │ └── acronym.js │ ├── autosave │ │ └── langs │ │ │ └── en.js │ ├── template │ │ ├── css │ │ │ └── template.css │ │ ├── blank.htm │ │ └── langs │ │ │ └── en_dlg.js │ ├── example_dependency │ │ └── editor_plugin.js │ ├── print │ │ └── editor_plugin.js │ ├── advlink │ │ └── css │ │ │ └── advlink.css │ ├── preview │ │ ├── preview.html │ │ └── example.html │ └── iespell │ │ └── editor_plugin.js │ └── themes │ ├── simple │ ├── img │ │ └── icons.gif │ ├── skins │ │ ├── o2k7 │ │ │ ├── img │ │ │ │ └── button_bg.png │ │ │ └── content.css │ │ └── default │ │ │ └── content.css │ └── langs │ │ └── en.js │ └── advanced │ ├── img │ ├── flash.gif │ ├── icons.gif │ ├── iframe.gif │ ├── trans.gif │ ├── video.gif │ ├── colorpicker.jpg │ ├── pagebreak.gif │ ├── quicktime.gif │ ├── realmedia.gif │ ├── shockwave.gif │ └── windowsmedia.gif │ └── skins │ ├── default │ └── img │ │ ├── tabs.gif │ │ ├── buttons.png │ │ ├── items.gif │ │ ├── progress.gif │ │ ├── menu_arrow.gif │ │ └── menu_check.gif │ └── o2k7 │ ├── img │ ├── button_bg.png │ ├── button_bg_black.png │ └── button_bg_silver.png │ └── ui_silver.css ├── .gitignore ├── assets └── images │ ├── logo.png │ ├── owasp.png │ └── favicon.png ├── view ├── mainlogin.tpl ├── frontendChallengeMenu.tpl ├── readarticle.tpl ├── user_login.tpl ├── showChallenge.tpl └── forgotpw.tpl ├── behat.yml ├── composer.json └── misc_scripts └── add_Guest_to_every_class.php /pages/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installation/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installation/installer/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installation/installer/data/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /challenges/ch012/__MACOSX/files/radar.png: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /challenges/ch013/__MACOSX/images/.DS_Store: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /challenges/ch013/__MACOSX/images/nmac.jpg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /challenges/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/demo/templates/footer.tpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | config.inc.php 2 | view/compiled_view/ 3 | pages/test/ 4 | test 5 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.ram: -------------------------------------------------------------------------------- 1 | http://streaming.uga.edu/samples/ayp_lan.rm -------------------------------------------------------------------------------- /extlib/tinymce/examples/templates/snippet1.htm: -------------------------------------------------------------------------------- 1 | This is just some code. 2 | -------------------------------------------------------------------------------- /assets/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/assets/images/logo.png -------------------------------------------------------------------------------- /assets/images/owasp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/assets/images/owasp.png -------------------------------------------------------------------------------- /challenges/example.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/example.zip -------------------------------------------------------------------------------- /assets/images/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/assets/images/favicon.png -------------------------------------------------------------------------------- /challenges/ch008/l7s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch008/l7s.png -------------------------------------------------------------------------------- /challenges/ch001/logo2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch001/logo2.gif -------------------------------------------------------------------------------- /challenges/ch003/xssme1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch003/xssme1.png -------------------------------------------------------------------------------- /challenges/ch004/xssme2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch004/xssme2.png -------------------------------------------------------------------------------- /challenges/ch005/p0wnb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch005/p0wnb.png -------------------------------------------------------------------------------- /challenges/ch009/slagoff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch009/slagoff.png -------------------------------------------------------------------------------- /challenges/cookiEng/guns.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/cookiEng/guns.jpg -------------------------------------------------------------------------------- /challenges/izon/img/izon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/izon/img/izon.png -------------------------------------------------------------------------------- /extlib/tinymce/changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/changelog.txt -------------------------------------------------------------------------------- /admin/assets/images/addclass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/addclass.png -------------------------------------------------------------------------------- /admin/assets/images/adduser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/adduser.png -------------------------------------------------------------------------------- /challenges/ch001/main/banner.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch001/main/banner.gif -------------------------------------------------------------------------------- /challenges/ch007/index_files/lastlogin.txt: -------------------------------------------------------------------------------- 1 | Last Login user: 2 | Irene Pretty : Irene 3 | at 14/3/2000 10:59:00am 4 | -------------------------------------------------------------------------------- /challenges/ch010/ninja_eyes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch010/ninja_eyes.png -------------------------------------------------------------------------------- /challenges/ch012/files/radar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch012/files/radar.png -------------------------------------------------------------------------------- /challenges/ch013/images/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch013/images/.DS_Store -------------------------------------------------------------------------------- /challenges/ch013/images/nmac.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch013/images/nmac.jpg -------------------------------------------------------------------------------- /challenges/izon/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/izon/img/favicon.ico -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini: -------------------------------------------------------------------------------- 1 | name = "HTML Purifier" 2 | 3 | ; vim: et sw=4 sts=4 4 | -------------------------------------------------------------------------------- /admin/assets/images/addarticle.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/addarticle.jpg -------------------------------------------------------------------------------- /admin/assets/images/manageclass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/manageclass.png -------------------------------------------------------------------------------- /admin/assets/images/usermanager.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/usermanager.jpg -------------------------------------------------------------------------------- /admin/assets/images/addchallenge2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/addchallenge2.PNG -------------------------------------------------------------------------------- /admin/assets/images/articlemanager.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/articlemanager.jpg -------------------------------------------------------------------------------- /admin/assets/images/configuration.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/configuration.jpg -------------------------------------------------------------------------------- /admin/assets/images/login-sprite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/login-sprite.png -------------------------------------------------------------------------------- /admin/assets/images/whiteGradient.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/whiteGradient.png -------------------------------------------------------------------------------- /challenges/ch007/index_files/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch007/index_files/logo.png -------------------------------------------------------------------------------- /challenges/ch011/files/frequency.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch011/files/frequency.jpg -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/demo/configs/test.conf: -------------------------------------------------------------------------------- 1 | title = Welcome to Smarty! 2 | cutoff_size = 40 3 | 4 | [setup] 5 | bold = true 6 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/logo.jpg -------------------------------------------------------------------------------- /admin/assets/images/challengemanager.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/admin/assets/images/challengemanager.jpg -------------------------------------------------------------------------------- /challenges/ch013/images/cascade_nmac.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch013/images/cascade_nmac.png -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.avi -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.dcr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.dcr -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.flv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.flv -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.mov -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.rm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.rm -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/sample.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/sample.swf -------------------------------------------------------------------------------- /challenges/ch002/ch002.css: -------------------------------------------------------------------------------- 1 | /* CSS layout */ 2 | #masthead { 3 | } 4 | #top_nav { 5 | } 6 | #page_content { 7 | } 8 | #footer { 9 | } -------------------------------------------------------------------------------- /challenges/ch007/index_files/background.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch007/index_files/background.jpg -------------------------------------------------------------------------------- /extlib/tinymce/examples/media/logo_over.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/examples/media/logo_over.jpg -------------------------------------------------------------------------------- /challenges/ch001/main/secret_area_/mails.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/ch001/main/secret_area_/mails.gif -------------------------------------------------------------------------------- /challenges/izon/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/izon/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/add.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/add.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/fix.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/fix.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/logo.jpg -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/rss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/rss.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example/langs/en.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.example',{ 2 | desc : 'This is just a template button' 3 | }); 4 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/ls-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/ls-logo.jpg -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/remove.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/remove.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/update.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/update.gif -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/demo/templates/header.tpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | {$title} - {$Name} 4 | 5 | 6 | -------------------------------------------------------------------------------- /challenges/izon/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/challenges/izon/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/collapsed.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/collapsed.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/expanded.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/expanded.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/external.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/external.png -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/newwindow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/newwindow.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example/langs/en_dlg.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.example_dlg',{ 2 | title : 'This is just a example title' 3 | }); 4 | -------------------------------------------------------------------------------- /installation/installer/data/templates/images/edit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/edit.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/note.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/note.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/icon_error_sml.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/icon_error_sml.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/icon_help_sml.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/icon_help_sml.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/icon_info_sml.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/icon_info_sml.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/Thumbs.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/Thumbs.db -------------------------------------------------------------------------------- /installation/installer/data/templates/images/active.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/active.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/bullet.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/bullet.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/button.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/button.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/delete.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/delete.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/error.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/error.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/footer.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/footer.jpg -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/icon_success_sml.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/icon_success_sml.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/icon_warning_sml.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/icon_warning_sml.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/css/content.css: -------------------------------------------------------------------------------- 1 | .mceItemHiddenSpellWord {background:url(../img/wline.gif) repeat-x bottom left; cursor:default;} 2 | -------------------------------------------------------------------------------- /installation/installer/data/templates/images/approve.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/approve.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/divider.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/divider.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/negative.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/negative.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/positive.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/positive.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/sidebody.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/sidebody.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/sidehead.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/sidehead.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/success.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/success.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/userbox.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/userbox.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/warning.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/warning.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/wrapper.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/wrapper.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/images/logos/maven-feather.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/site/images/logos/maven-feather.png -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README: -------------------------------------------------------------------------------- 1 | This is a dummy file to prevent Git from ignoring this empty directory. 2 | 3 | vim: et sw=4 sts=4 4 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/simple/img/icons.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/simple/img/icons.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/background.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/background.jpg -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advhr/langs/en_dlg.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.advhr_dlg',{size:"Height",noshade:"No Shadow",width:"Width",normal:"Normal",widthunits:"Units"}); -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/media/moxieplayer.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/media/moxieplayer.swf -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/flash.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/flash.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/icons.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/icons.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/iframe.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/iframe.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/trans.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/trans.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/video.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/video.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/images/visitwebsite.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/installation/installer/data/templates/images/visitwebsite.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/src/site/resources/images/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/trunk/src/site/resources/images/logo.jpg -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advimage/img/sample.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/advimage/img/sample.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example/img/example.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/example/img/example.gif -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/src/site/resources/images/ls-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/trunk/src/site/resources/images/ls-logo.jpg -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cry.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cry.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/img/wline.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/img/wline.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/colorpicker.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/colorpicker.jpg -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/pagebreak.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/pagebreak.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/quicktime.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/quicktime.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/realmedia.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/realmedia.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/shockwave.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/shockwave.gif -------------------------------------------------------------------------------- /view/mainlogin.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header_frontend.tpl"} 2 |
3 | {include file="user_login.tpl"} 4 |
5 | {include file="_footer_frontend.tpl"} -------------------------------------------------------------------------------- /challenges/ch008/b64.txt: -------------------------------------------------------------------------------- 1 | LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClVzZXJuYW1lOiByb290IA0KUGFzc3dvcmQ6IGcwdHIwMHQNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t 2 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/sysplugins/smarty_internal_compile_block.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/Smarty-3.1.8/libs/sysplugins/smarty_internal_compile_block.php -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cool.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cool.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-frown.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-frown.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-kiss.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-kiss.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-smile.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-smile.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-wink.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-wink.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-yell.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-yell.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin.js -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/windowsmedia.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/img/windowsmedia.gif -------------------------------------------------------------------------------- /behat.yml: -------------------------------------------------------------------------------- 1 | # behat.yml 2 | default: 3 | extensions: 4 | Behat\MinkExtension: 5 | base_url: 'http://localhost/Hackademic/' 6 | goutte: ~ 7 | selenium2: ~ 8 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-innocent.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-innocent.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-laughing.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-laughing.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-sealed.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-sealed.gif -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "require-dev": { 3 | "behat/behat": "^3.0", 4 | "behat/mink-extension": "^2.2", 5 | "behat/mink-goutte-driver": "^1.2", 6 | "behat/mink-selenium2-driver": "^1.3" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-embarassed.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-embarassed.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-surprised.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-surprised.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-tongue-out.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-tongue-out.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-undecided.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-undecided.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin_src.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin_src.js -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/tabs.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/tabs.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/simple/skins/o2k7/img/button_bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/simple/skins/o2k7/img/button_bg.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-foot-in-mouth.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-foot-in-mouth.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-money-mouth.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-money-mouth.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/buttons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/buttons.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/items.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/items.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/progress.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/progress.gif -------------------------------------------------------------------------------- /challenges/izon/config.inc.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/src/site/resources/images/apache-incubator-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/esapi/lib/apache-log4php/trunk/src/site/resources/images/apache-incubator-logo.png -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt: -------------------------------------------------------------------------------- 1 | Attr.IDBlacklist 2 | TYPE: list 3 | DEFAULT: array() 4 | DESCRIPTION: Array of IDs not allowed in the document. 5 | --# vim: et sw=4 sts=4 6 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js: -------------------------------------------------------------------------------- 1 | function toggleWriteability(id_of_patient, checked) { 2 | document.getElementById(id_of_patient).disabled = checked; 3 | } 4 | 5 | // vim: et sw=4 sts=4 6 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/menu_arrow.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/menu_arrow.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/menu_check.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/img/menu_check.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg_black.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg_black.png -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg_silver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/img/button_bg_silver.png -------------------------------------------------------------------------------- /installation/installer/data/templates/error.phtml: -------------------------------------------------------------------------------- 1 |
2 |

{#I-12#}

3 |

4 | 5 |

{#ERROR#}

6 | 7 |

{#I-13#}

-------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/NOTICE: -------------------------------------------------------------------------------- 1 | Apache log4php 2 | Copyright 2004-2007 The Apache Software Foundation 3 | 4 | This product includes software developed by 5 | The Apache Software Foundation (http://www.apache.org/). 6 | 7 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/button.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/button.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackademic/hackademic/HEAD/extlib/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif -------------------------------------------------------------------------------- /installation/installer/data/templates/finish.phtml: -------------------------------------------------------------------------------- 1 |
2 |

{#I-21#}

3 |

4 | 5 |

{#I-22#} {#I-31#}
{#login_path#}

-------------------------------------------------------------------------------- /challenges/ch009/sUpErDuPErL33T.txt: -------------------------------------------------------------------------------- 1 | Top Secret Information: 2 | --------------------------------------- 3 | username: Admin 4 | password: teh_n1nj4_pwn3r 5 | email : admin@prwtoftyari.gr 6 | --------------------------------------- 7 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Token/Empty.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | {$challenge->pkg_name} 7 | 8 | 9 | 10 | 11 | {include file="_footer_frontend.tpl"} -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt: -------------------------------------------------------------------------------- 1 | CSS.Proprietary 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | Whether or not to allow safe, proprietary CSS values. 9 |

10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php: -------------------------------------------------------------------------------- 1 | 'HTML Purifier X' 9 | ); 10 | 11 | // vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /admin/view/_usermessage.tpl: -------------------------------------------------------------------------------- 1 | {if isset($successmsg) && $successmsg!=''} 2 |

3 | {$successmsg} 4 |

5 | {/if} 6 | {if isset($errormsg)} 7 |

8 | {$errormsg} 9 |

10 | {/if} 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt: -------------------------------------------------------------------------------- 1 | Test.ForceNoIconv 2 | TYPE: bool 3 | DEFAULT: false 4 | --DESCRIPTION-- 5 | When set to true, HTMLPurifier_Encoder will act as if iconv does not exist 6 | and use only pure PHP implementations. 7 | --# vim: et sw=4 sts=4 8 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt: -------------------------------------------------------------------------------- 1 | Core.EscapeInvalidTags 2 | TYPE: bool 3 | DEFAULT: false 4 | --DESCRIPTION-- 5 | When true, invalid tags will be written back to the document as plain text. 6 | Otherwise, they are silently dropped. 7 | --# vim: et sw=4 sts=4 8 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/css/attributes.css: -------------------------------------------------------------------------------- 1 | .panel_wrapper div.current { 2 | height: 290px; 3 | } 4 | 5 | #id, #style, #title, #dir, #hreflang, #lang, #classlist, #tabindex, #accesskey { 6 | width: 200px; 7 | } 8 | 9 | #events_panel input { 10 | width: 200px; 11 | } 12 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advhr/css/advhr.css: -------------------------------------------------------------------------------- 1 | input.radio {border:1px none #000; background:transparent; vertical-align:middle;} 2 | .panel_wrapper div.current {height:80px;} 3 | #width {width:50px; vertical-align:middle;} 4 | #width2 {width:50px; vertical-align:middle;} 5 | #size {width:100px;} 6 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Column 1 5 | Column 2 6 | 7 | 8 | 9 | 10 | 11 | Username: {$username} 12 | Staffid: {$staffid} 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/autosave/langs/en.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.autosave',{ 2 | restore_content: "Restore auto-saved content", 3 | warning_message: "If you restore the saved content, you will lose all the content that is currently in the editor.\n\nAre you sure you want to restore the saved content?" 4 | }); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedClasses 2 | TYPE: lookup/null 3 | VERSION: 4.0.0 4 | DEFAULT: null 5 | --DESCRIPTION-- 6 | List of allowed class values in the class attribute. By default, this is null, 7 | which means all classes are allowed. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | CSS.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.0.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |

8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | URI.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.1.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |

8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/table/css/cell.css: -------------------------------------------------------------------------------- 1 | /* CSS file for cell dialog in the table plugin */ 2 | 3 | .panel_wrapper div.current { 4 | height: 200px; 5 | } 6 | 7 | .advfield { 8 | width: 200px; 9 | } 10 | 11 | #action { 12 | margin-bottom: 3px; 13 | } 14 | 15 | #class { 16 | width: 150px; 17 | } -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier.path.php: -------------------------------------------------------------------------------- 1 | 'HTML Purifier XNone' 10 | ); 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | TinyMCE examples 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt: -------------------------------------------------------------------------------- 1 | URI.DefaultScheme 2 | TYPE: string 3 | DEFAULT: 'http' 4 | --DESCRIPTION-- 5 | 6 |

7 | Defines through what scheme the output will be served, in order to 8 | select the proper object validator when no scheme information is present. 9 |

10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /challenges/izon/logout.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier.auto.php: -------------------------------------------------------------------------------- 1 | 8 | Unique identifier for a custom-built URI definition. If you want 9 | to add custom URIFilters, you must specify this value. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/Text.php: -------------------------------------------------------------------------------- 1 | parseCDATA($string); 11 | } 12 | 13 | } 14 | 15 | // vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.Linkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | This directive turns on linkification, auto-linking http, ftp and 9 | https URLs. a tags with the href attribute 10 | must be allowed. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/simple/langs/en.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.simple',{"cleanup_desc":"Cleanup Messy Code","redo_desc":"Redo (Ctrl+Y)","undo_desc":"Undo (Ctrl+Z)","numlist_desc":"Insert/Remove Numbered List","bullist_desc":"Insert/Remove Bulleted List","striketrough_desc":"Strikethrough","underline_desc":"Underline (Ctrl+U)","italic_desc":"Italic (Ctrl+I)","bold_desc":"Bold (Ctrl+B)"}); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedRel 2 | TYPE: lookup 3 | VERSION: 1.6.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of allowed forward document relationships in the rel attribute. Common 7 | values may be nofollow or print. By default, this is empty, meaning that no 8 | document relationships are allowed. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css: -------------------------------------------------------------------------------- 1 | 2 | .hp-config {} 3 | 4 | .hp-config tbody th {text-align:right; padding-right:0.5em;} 5 | .hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;} 6 | .hp-config .namespace th {text-align:center;} 7 | .hp-config .verbose {display:none;} 8 | .hp-config .controls {text-align:center;} 9 | 10 | /* vim: et sw=4 sts=4 */ 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt: -------------------------------------------------------------------------------- 1 | Core.Language 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'en' 5 | --DESCRIPTION-- 6 | 7 | ISO 639 language code for localizable things in HTML Purifier to use, 8 | which is mainly error reporting. There is currently only an English (en) 9 | translation, so this directive is currently useless. 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt: -------------------------------------------------------------------------------- 1 | Output.CommentScriptContents 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 | Determines whether or not HTML Purifier should attempt to fix up the 7 | contents of script tags for legacy browsers with comments. 8 | --ALIASES-- 9 | Core.CommentScriptContents 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt: -------------------------------------------------------------------------------- 1 | URI.Disable 2 | TYPE: bool 3 | VERSION: 1.3.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | Disables all URIs in all forms. Not sure why you'd want to do that 9 | (after all, the Internet's founded on the notion of a hyperlink). 10 |

11 | 12 | --ALIASES-- 13 | Attr.DisableURI 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImageAlt 2 | TYPE: string 3 | DEFAULT: 'Invalid image' 4 | --DESCRIPTION-- 5 | This is the content of the alt tag of an invalid image if the user had not 6 | previously specified an alt attribute. It has no effect when the image is 7 | valid but there was no alt attribute present. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 'xml:lang' => 'LanguageCode', 10 | ) 11 | ); 12 | } 13 | 14 | // vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php: -------------------------------------------------------------------------------- 1 | 9 | This directive enables HTML Purifier to remove not only script tags 10 | but all of their contents. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 'lang' => 'LanguageCode', 10 | ) 11 | ); 12 | } 13 | 14 | // vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableResources 2 | TYPE: bool 3 | VERSION: 1.3.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | Disables embedding resources, essentially meaning no pictures. You can 9 | still link to them though. See %URI.DisableExternalResources for why 10 | this might be a good idea. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt: -------------------------------------------------------------------------------- 1 | URI.HostBlacklist 2 | TYPE: list 3 | VERSION: 1.3.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of strings that are forbidden in the host of any URI. Use it to kill 7 | domain names of spam, etc. Note that it will catch anything in the domain, 8 | so moo.com will catch moo.com.example.com. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt: -------------------------------------------------------------------------------- 1 | Filter.Custom 2 | TYPE: list 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |

7 | This directive can be used to add custom filters; it is nearly the 8 | equivalent of the now deprecated HTMLPurifier->addFilter() 9 | method. Specify an array of concrete implementations. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/template/css/template.css: -------------------------------------------------------------------------------- 1 | #frmbody { 2 | padding: 10px; 3 | background-color: #FFF; 4 | border: 1px solid #CCC; 5 | } 6 | 7 | .frmRow { 8 | margin-bottom: 10px; 9 | } 10 | 11 | #templatesrc { 12 | border: none; 13 | width: 320px; 14 | height: 240px; 15 | } 16 | 17 | .title { 18 | padding-bottom: 5px; 19 | } 20 | 21 | .mceActionPanel { 22 | padding-top: 5px; 23 | } 24 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.Custom 2 | TYPE: list 3 | VERSION: 2.0.1 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | 7 |

8 | This directive can be used to add custom auto-format injectors. 9 | Specify an array of injector names (class name minus the prefix) 10 | or concrete implementations. Injector class must exist. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/template/blank.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | blank_page 4 | 5 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt: -------------------------------------------------------------------------------- 1 | Attr.IDBlacklistRegexp 2 | TYPE: string/null 3 | VERSION: 1.6.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | PCRE regular expression to be matched against all IDs. If the expression is 7 | matches, the ID is rejected. Use this with care: may cause significant 8 | degradation. ID matching is done after all other validation. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt: -------------------------------------------------------------------------------- 1 | HTML.Parent 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'div' 5 | --DESCRIPTION-- 6 | 7 |

8 | String name of element that HTML fragment passed to library will be 9 | inserted in. An interesting variation would be using span as the 10 | parent element, meaning that only inline tags would be allowed. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/lists/image_list.js: -------------------------------------------------------------------------------- 1 | // This list may be created by a server logic page PHP/ASP/ASPX/JSP in some backend system. 2 | // There images will be displayed as a dropdown in all image dialogs if the "external_link_image_url" 3 | // option is defined in TinyMCE init. 4 | 5 | var tinyMCEImageList = new Array( 6 | // Name, URL 7 | ["Logo 1", "media/logo.jpg"], 8 | ["Logo 2 Over", "media/logo_over.jpg"] 9 | ); 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImage 2 | TYPE: string 3 | DEFAULT: '' 4 | --DESCRIPTION-- 5 | This is the default image an img tag will be pointed to if it does not have 6 | a valid src attribute. In future versions, we may allow the image tag to 7 | be removed completely, but due to design issues, this is not possible right 8 | now. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.DisplayLinkURI 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | This directive turns on the in-text display of URIs in <a> tags, and disables 8 | those links. For example, example becomes 9 | example (http://example.com). 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.PurifierLinkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | Internal auto-formatter that converts configuration directives in 9 | syntax %Namespace.Directive to links. a tags 10 | with the href attribute must be allowed. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt: -------------------------------------------------------------------------------- 1 | Filter.YouTube 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | This directive enables YouTube video embedding in HTML Purifier. Check 8 | this document 9 | on embedding videos for more information on what this filter does. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.OverrideAllowedSchemes 2 | TYPE: bool 3 | DEFAULT: true 4 | --DESCRIPTION-- 5 | If this is set to true (which it is by default), you can override 6 | %URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the 7 | registry. If false, you will also have to update that directive in order 8 | to add more schemes. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/table/css/row.css: -------------------------------------------------------------------------------- 1 | /* CSS file for row dialog in the table plugin */ 2 | 3 | .panel_wrapper div.current { 4 | height: 200px; 5 | } 6 | 7 | .advfield { 8 | width: 200px; 9 | } 10 | 11 | #action { 12 | margin-bottom: 3px; 13 | } 14 | 15 | #rowtype,#align,#valign,#class,#height { 16 | width: 150px; 17 | } 18 | 19 | #height { 20 | width: 50px; 21 | } 22 | 23 | .col2 { 24 | padding-left: 20px; 25 | } 26 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt: -------------------------------------------------------------------------------- 1 | HTML.Proprietary 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | Whether or not to allow proprietary elements and attributes in your 8 | documents, as per HTMLPurifier_HTMLModule_Proprietary. 9 | Warning: This can cause your documents to stop 10 | validating! 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt: -------------------------------------------------------------------------------- 1 | Cache.SerializerPath 2 | TYPE: string/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | Absolute path with no trailing slash to store serialized definitions in. 9 | Default is within the 10 | HTML Purifier library inside DefinitionCache/Serializer. This 11 | path must be writable by the webserver. 12 |

13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveInvalidImg 2 | TYPE: bool 3 | DEFAULT: true 4 | VERSION: 1.3.0 5 | --DESCRIPTION-- 6 | 7 |

8 | This directive enables pre-emptive URI checking in img 9 | tags, as the attribute validation strategy is not authorized to 10 | remove elements from the document. Revert to pre-1.3.0 behavior by setting to false. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php: -------------------------------------------------------------------------------- 1 | 8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |

12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /challenges/izon/js/obfuscate.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/langs/en_dlg.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.emotions_dlg',{cry:"Cry",cool:"Cool",desc:"Emotions",title:"Insert Emotion",usage:"Use left and right arrows to navigate.",yell:"Yell",wink:"Wink",undecided:"Undecided","tongue_out":"Tongue Out",surprised:"Surprised",smile:"Smile",sealed:"Sealed","money_mouth":"Money Mouth",laughing:"Laughing",kiss:"Kiss",innocent:"Innocent",frown:"Frown","foot_in_mouth":"Foot in Mouth",embarassed:"Embarassed"}); 2 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt: -------------------------------------------------------------------------------- 1 | Output.Newline 2 | TYPE: string/null 3 | VERSION: 2.0.1 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | Newline string to format final output with. If left null, HTML Purifier 9 | will auto-detect the default newline type of the system and use that; 10 | you can manually override it here. Remember, \r\n is Windows, \r 11 | is Mac, and \n is Unix. 12 |

13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php: -------------------------------------------------------------------------------- 1 | get('EmbeddedURI', true)) return true; 8 | return parent::filter($uri, $config, $context); 9 | } 10 | } 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/lists/template_list.js: -------------------------------------------------------------------------------- 1 | // This list may be created by a server logic page PHP/ASP/ASPX/JSP in some backend system. 2 | // There templates will be displayed as a dropdown in all media dialog if the "template_external_list_url" 3 | // option is defined in TinyMCE init. 4 | 5 | var tinyMCETemplateList = [ 6 | // Name, URL, Description 7 | ["Simple snippet", "templates/snippet1.htm", "Simple HTML snippet."], 8 | ["Layout", "templates/layout1.htm", "HTML Layout."] 9 | ]; -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example_dependency/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(){tinymce.create("tinymce.plugins.ExampleDependencyPlugin",{init:function(a,b){},getInfo:function(){return{longname:"Example Dependency plugin",author:"Some author",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/example_dependency",version:"1.0"}}});tinymce.PluginManager.add("example_dependency",tinymce.plugins.ExampleDependencyPlugin,["example"])})(); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.AllowedSchemes 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'http' => true, 6 | 'https' => true, 7 | 'mailto' => true, 8 | 'ftp' => true, 9 | 'nntp' => true, 10 | 'news' => true, 11 | ) 12 | --DESCRIPTION-- 13 | Whitelist that defines the schemes that a URI is allowed to have. This 14 | prevents XSS attacks from using pseudo-schemes like javascript or mocha. 15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/lists/link_list.js: -------------------------------------------------------------------------------- 1 | // This list may be created by a server logic page PHP/ASP/ASPX/JSP in some backend system. 2 | // There links will be displayed as a dropdown in all link dialogs if the "external_link_list_url" 3 | // option is defined in TinyMCE init. 4 | 5 | var tinyMCELinkList = new Array( 6 | // Name, URL 7 | ["Moxiecode", "http://www.moxiecode.com"], 8 | ["Freshmeat", "http://www.freshmeat.com"], 9 | ["Sourceforge", "http://www.sourceforge.com"] 10 | ); 11 | -------------------------------------------------------------------------------- /view/readarticle.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header_frontend.tpl"} 2 | 3 | 4 | 5 | 9 | 10 | 11 | 12 | 13 | 14 |
6 |

{$article->title}

7 |
{$article->date_posted|date_format}
8 |
{$article->content}
15 | {include file="_footer_frontend.tpl"} -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform 7 | { 8 | public function transform($attr, $config, $context) { 9 | if (!isset($attr['type'])) { 10 | $attr['type'] = 'text/javascript'; 11 | } 12 | return $attr; 13 | } 14 | } 15 | 16 | // vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /challenges/izon/README.md: -------------------------------------------------------------------------------- 1 | Izon Challenge For Hackademic 2 | ============================= 3 | 4 | ## Installation 5 | To install Izon Challenge in [Hackademic CMS] (https://www.github.com/Hackademic/) just download 6 | the challenge as a zip file and import it into Hackademic (Upload Challenge). 7 | Afterwars, you have to edit the config.inc.php file to supply credentials for a user with access to 8 | ```sql 9 | CREATE DATABASE, CREATE USER, DROP DATABASE, DROP USER, REVOKE, GRANT 10 | ``` 11 | 12 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/searchreplace/langs/en_dlg.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.searchreplace_dlg',{findwhat:"Find What",replacewith:"Replace with",direction:"Direction",up:"Up",down:"Down",mcase:"Match Case",findnext:"Find Next",allreplaced:"All occurrences of the search string were replaced.","searchnext_desc":"Find Again",notfound:"The search has been completed. The search string could not be found.","search_title":"Find","replace_title":"Find/Replace",replaceall:"Replace All",replace:"Replace"}); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generated Documentation 4 | 5 | 6 | 7 | 8 |

Generated Documentation

9 | Welcome to log4php!
10 |
11 | This documentation was generated by phpDocumentor v1.3.2
12 | 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions 2 | TYPE: lookup 3 | VERSION: 4.0.0 4 | DEFAULT: array('td' => true, 'th' => true) 5 | --DESCRIPTION-- 6 |

7 | When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp 8 | are enabled, this directive defines what HTML elements should not be 9 | removede if they have only a non-breaking space in them. 10 |

11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt: -------------------------------------------------------------------------------- 1 | Cache.DefinitionImpl 2 | TYPE: string/null 3 | VERSION: 2.0.0 4 | DEFAULT: 'Serializer' 5 | --DESCRIPTION-- 6 | 7 | This directive defines which method to use when caching definitions, 8 | the complex data-type that makes HTML Purifier tick. Set to null 9 | to disable caching (not recommended, as you will see a definite 10 | performance degradation). 11 | 12 | --ALIASES-- 13 | Core.DefinitionCache 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /installation/installer/data/templates/error_db.phtml: -------------------------------------------------------------------------------- 1 |
2 |

{#I-12#}

3 |

4 | 5 |

{#ERROR#}

6 | 7 |

{#I-13#}

8 | 9 |
10 | 11 |
12 |

13 |
14 | 15 |
-------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt: -------------------------------------------------------------------------------- 1 | Core.EscapeInvalidChildren 2 | TYPE: bool 3 | DEFAULT: false 4 | --DESCRIPTION-- 5 | When true, a child is found that is not allowed in the context of the 6 | parent element will be transformed into text as if it were ASCII. When 7 | false, that element and all internal tags will be dropped, though text will 8 | be preserved. There is no option for dropping the element but preserving 9 | child nodes. 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt: -------------------------------------------------------------------------------- 1 | URI.MakeAbsolute 2 | TYPE: bool 3 | VERSION: 2.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |

8 | Converts all URIs into absolute forms. This is useful when the HTML 9 | being filtered assumes a specific base path, but will actually be 10 | viewed in a different context (and setting an alternate base URI is 11 | not possible). %URI.Base must be set for this directive to work. 12 |

13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform 7 | { 8 | 9 | public function transform($attr, $config, $context) { 10 | // Calculated from Firefox 11 | if (!isset($attr['cols'])) $attr['cols'] = '22'; 12 | if (!isset($attr['rows'])) $attr['rows'] = '3'; 13 | return $attr; 14 | } 15 | 16 | } 17 | 18 | // vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/print/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(){tinymce.create("tinymce.plugins.Print",{init:function(a,b){a.addCommand("mcePrint",function(){a.getWin().print()});a.addButton("print",{title:"print.print_desc",cmd:"mcePrint"})},getInfo:function(){return{longname:"Print",author:"Moxiecode Systems AB",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/print",version:tinymce.majorVersion+"."+tinymce.minorVersion}}});tinymce.PluginManager.add("print",tinymce.plugins.Print)})(); -------------------------------------------------------------------------------- /installation/installer/data/templates/dbdone.phtml: -------------------------------------------------------------------------------- 1 |
2 |

{#I-15#}

3 |

4 |
5 |
6 | 7 | 8 | {#message#} 9 | 10 | 11 |
12 |

13 |
14 | 15 |
16 |
-------------------------------------------------------------------------------- /challenges/cookiEng/t0psec.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | Forbidden! You are not authed. Please leave this page.'); 7 | print("Your forbidden attempt to access this page has been recorded"); 8 | } 9 | else 10 | { 11 | print('

Hello Admin, your password in order to continue is the following <<48bb6e862e54f2a795ffc4e541caed4d>>. Do not forget to decrypt it!

'); 12 | } 13 | ?> -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advlink/css/advlink.css: -------------------------------------------------------------------------------- 1 | .mceLinkList, .mceAnchorList, #targetlist {width:280px;} 2 | .mceActionPanel {margin-top:7px;} 3 | .panel_wrapper div.current {height:320px;} 4 | #classlist, #title, #href {width:280px;} 5 | #popupurl, #popupname {width:200px;} 6 | #popupwidth, #popupheight, #popupleft, #popuptop {width:30px;vertical-align:middle;text-align:center;} 7 | #id, #style, #classes, #target, #dir, #hreflang, #lang, #charset, #type, #rel, #rev, #tabindex, #accesskey {width:200px;} 8 | #events_panel input {width:200px;} 9 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt: -------------------------------------------------------------------------------- 1 | Core.CollectErrors 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 | Whether or not to collect errors found while filtering the document. This 8 | is a useful way to give feedback to your users. Warning: 9 | Currently this feature is very patchy and experimental, with lots of 10 | possible error messages not yet implemented. It will not cause any 11 | problems, but it may not help your users either. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt: -------------------------------------------------------------------------------- 1 | URI.DisableExternal 2 | TYPE: bool 3 | VERSION: 1.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Disables links to external websites. This is a highly effective anti-spam 7 | and anti-pagerank-leech measure, but comes at a hefty price: nolinks or 8 | images outside of your domain will be allowed. Non-linkified URIs will 9 | still be preserved. If you want to be able to link to subdomains or use 10 | absolute URIs, specify %URI.Host for your website. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Token/End.php: -------------------------------------------------------------------------------- 1 | display:none; is considered a tricky property that 10 | will only be allowed if this directive is set to true. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt: -------------------------------------------------------------------------------- 1 | Core.ConvertDocumentToFragment 2 | TYPE: bool 3 | DEFAULT: true 4 | --DESCRIPTION-- 5 | 6 | This parameter determines whether or not the filter should convert 7 | input that is a full document with html and body tags to a fragment 8 | of just the contents of a body tag. This parameter is simply something 9 | HTML Purifier can do during an edge-case: for most inputs, this 10 | processing is not necessary. 11 | 12 | --ALIASES-- 13 | Core.AcceptFullDocuments 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIScheme/http.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 15 | return true; 16 | } 17 | 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt: -------------------------------------------------------------------------------- 1 | HTML.Doctype 2 | TYPE: string/null 3 | DEFAULT: NULL 4 | --DESCRIPTION-- 5 | Doctype to use during filtering. Technically speaking this is not actually 6 | a doctype (as it does not identify a corresponding DTD), but we are using 7 | this name for sake of simplicity. When non-blank, this will override any 8 | older directives like %HTML.XHTML or %HTML.Strict. 9 | --ALLOWED-- 10 | 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1' 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/simple/skins/o2k7/content.css: -------------------------------------------------------------------------------- 1 | body, td, pre {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;} 2 | 3 | body {background: #FFF;} 4 | .mceVisualAid {border: 1px dashed #BBB;} 5 | 6 | /* IE */ 7 | 8 | * html body { 9 | scrollbar-3dlight-color: #F0F0EE; 10 | scrollbar-arrow-color: #676662; 11 | scrollbar-base-color: #F0F0EE; 12 | scrollbar-darkshadow-color: #DDDDDD; 13 | scrollbar-face-color: #E0E0DD; 14 | scrollbar-highlight-color: #F0F0EE; 15 | scrollbar-shadow-color: #F0F0EE; 16 | scrollbar-track-color: #F5F5F5; 17 | } 18 | -------------------------------------------------------------------------------- /challenges/ch017/ch017.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Meet in the Middle 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | We have a few ciphertexts we are interested to decrypt. These ciphertexts are "made of" messages containting non-padded prime products. 10 | Your Objective : Reveal the originial messages 11 | 12 | 13 | 8 14 | 180 15 | 16 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/site/apidocs/media/banner.css: -------------------------------------------------------------------------------- 1 | body 2 | { 3 | background-color: #CCCCFF; 4 | margin: 0px; 5 | padding: 0px; 6 | } 7 | 8 | /* Banner (top bar) classes */ 9 | 10 | .banner { } 11 | 12 | .banner-menu 13 | { 14 | clear: both; 15 | padding: .5em; 16 | border-top: 2px solid #6666AA; 17 | } 18 | 19 | .banner-title 20 | { 21 | text-align: right; 22 | font-size: 20pt; 23 | font-weight: bold; 24 | margin: .2em; 25 | } 26 | 27 | .package-selector 28 | { 29 | background-color: #AAAADD; 30 | border: 1px solid black; 31 | color: yellow; 32 | } 33 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIScheme/nntp.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 14 | $uri->query = null; 15 | return true; 16 | } 17 | 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefix 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | String to prefix to IDs. If you have no idea what IDs your pages may use, 7 | you may opt to simply add a prefix to all user-submitted ID attributes so 8 | that they are still usable, but will not conflict with core page IDs. 9 | Example: setting the directive to 'user_' will result in a user submitted 10 | 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true 11 | before using this. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt: -------------------------------------------------------------------------------- 1 | HTML.Attr.Name.UseCDATA 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.0.0 5 | --DESCRIPTION-- 6 | The W3C specification DTD defines the name attribute to be CDATA, not ID, due 7 | to limitations of DTD. In certain documents, this relaxed behavior is desired, 8 | whether it is to specify duplicate names, or to specify names that would be 9 | illegal IDs (for example, names that begin with a digit.) Set this configuration 10 | directive to true to use the relaxed parsing rules. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.noprint.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: noprint
14 | * Purpose: return an empty string 15 | * 16 | * @author Uwe Tews 17 | * @param array $params parameters 18 | * @return string with compiled code 19 | */ 20 | function smarty_modifiercompiler_noprint($params, $compiler) 21 | { 22 | return "''"; 23 | } 24 | 25 | ?> -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultImageAlt 2 | TYPE: string/null 3 | DEFAULT: null 4 | VERSION: 3.2.0 5 | --DESCRIPTION-- 6 | This is the content of the alt tag of an image if the user had not 7 | previously specified an alt attribute. This applies to all images without 8 | a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which 9 | only applies to invalid images, and overrides in the case of an invalid image. 10 | Default behavior with null is to use the basename of the src tag for the alt. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp 2 | TYPE: bool 3 | VERSION: 4.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | When enabled, HTML Purifier will treat any elements that contain only 8 | non-breaking spaces as well as regular whitespace as empty, and remove 9 | them when %AutoForamt.RemoveEmpty is enabled. 10 |

11 |

12 | See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements 13 | that don't have this behavior applied to them. 14 |

15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/css/popup.css: -------------------------------------------------------------------------------- 1 | input.field, select.field {width:200px;} 2 | input.picker {width:179px; margin-left: 5px;} 3 | input.disabled {border-color:#F2F2F2;} 4 | img.picker {vertical-align:text-bottom; cursor:pointer;} 5 | h1 {padding: 0 0 5px 0;} 6 | .panel_wrapper div.current {height:160px;} 7 | #xhtmlxtrasdel .panel_wrapper div.current, #xhtmlxtrasins .panel_wrapper div.current {height: 230px;} 8 | a.browse span {display:block; width:20px; height:20px; background:url('../../../themes/advanced/img/icons.gif') -140px -20px;} 9 | #datetime {width:180px;} 10 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php: -------------------------------------------------------------------------------- 1 | get('Attr.DefaultTextDir'); 14 | return $attr; 15 | } 16 | 17 | } 18 | 19 | // vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/variablefilter.htmlspecialchars.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/README: -------------------------------------------------------------------------------- 1 | Apache log4php is an effort undergoing incubation at The Apache 2 | Software Foundation (ASF), sponsored by the Logging Services Project. 3 | Incubation is required of all newly accepted projects until a further 4 | review indicates that the infrastructure, communications, and 5 | decision making process have stabilized in a manner consistent 6 | with other successful ASF projects. While incubation status 7 | is not necessarily a reflection of the completeness or 8 | stability of the code, it does indicate that the project has yet 9 | to be fully endorsed by the ASF. 10 | 11 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | HTML.MaxImgLength 2 | TYPE: int/null 3 | DEFAULT: 1200 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |

7 | This directive controls the maximum number of pixels in the width and 8 | height attributes in img tags. This is 9 | in place to prevent imagecrash attacks, disable with null at your own risk. 10 | This directive is similar to %CSS.MaxImgLength, and both should be 11 | concurrently edited, although there are 12 | subtle differences in the input format (the HTML max is an integer). 13 |

14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeEmbed 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | Whether or not to permit embed tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to embed tags. Embed is a proprietary 10 | element and will cause your website to stop validating. You probably want 11 | to enable this with %HTML.SafeObject. 12 | Highly experimental. 13 |

14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/Border.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'border'); 11 | // some validation should happen here 12 | $this->prependCSS($attr, "border:{$border_width}px solid;"); 13 | return $attr; 14 | } 15 | 16 | } 17 | 18 | // vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt: -------------------------------------------------------------------------------- 1 | Filter.ExtractStyleBlocks.Escaping 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: true 5 | ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping 6 | --DESCRIPTION-- 7 | 8 |

9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |

14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/lists/media_list.js: -------------------------------------------------------------------------------- 1 | // This list may be created by a server logic page PHP/ASP/ASPX/JSP in some backend system. 2 | // There flash movies will be displayed as a dropdown in all media dialog if the "media_external_list_url" 3 | // option is defined in TinyMCE init. 4 | 5 | var tinyMCEMediaList = [ 6 | // Name, URL 7 | ["Some Flash", "media/sample.swf"], 8 | ["Some Quicktime", "media/sample.mov"], 9 | ["Some AVI", "media/sample.avi"], 10 | ["Some RealMedia", "media/sample.rm"], 11 | ["Some Shockwave", "media/sample.dcr"], 12 | ["Some Video", "media/sample.mp4"], 13 | ["Some FLV", "media/sample.flv"] 14 | ]; -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt: -------------------------------------------------------------------------------- 1 | Output.SortAttr 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | If true, HTML Purifier will sort attributes by name before writing them back 8 | to the document, converting a tag like: <el b="" a="" c="" /> 9 | to <el a="" b="" c="" />. This is a workaround for 10 | a bug in FCKeditor which causes it to swap attributes order, adding noise 11 | to text diffs. If you're not seeing this bug, chances are, you don't need 12 | this directive. 13 |

14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Strategy/Core.php: -------------------------------------------------------------------------------- 1 | strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements(); 11 | $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed(); 12 | $this->strategies[] = new HTMLPurifier_Strategy_FixNesting(); 13 | $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes(); 14 | } 15 | 16 | } 17 | 18 | // vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeObject 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |

7 | Whether or not to permit object tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to object tags. You may also want to 10 | enable %HTML.SafeEmbed for maximum interoperability with Internet Explorer, 11 | although embed tags will cause your website to stop validating. 12 | Highly experimental. 13 |

14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIScheme/news.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 13 | $uri->host = null; 14 | $uri->port = null; 15 | $uri->query = null; 16 | // typecode check needed on path 17 | return true; 18 | } 19 | 20 | } 21 | 22 | // vim: et sw=4 sts=4 23 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Token/Comment.php: -------------------------------------------------------------------------------- 1 | data = $data; 17 | $this->line = $line; 18 | $this->col = $col; 19 | } 20 | } 21 | 22 | // vim: et sw=4 sts=4 23 | -------------------------------------------------------------------------------- /challenges/ch014/ch014.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | RSA Challenge I: Bad Primes 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | We have an RSA encrypted message. 10 | All we know is that the program that generated the RSA primes, p,q uses a bad PRG, so we are confindent |p-q| leq 10000 (decimal). 11 | Your Objective : Factor N, and tell us the originial messeage. 12 | 13 | 14 | 6 15 | 90 16 | 17 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'bgcolor'); 13 | // some validation should happen here 14 | 15 | $this->prependCSS($attr, "background-color:$bgcolor;"); 16 | 17 | return $attr; 18 | 19 | } 20 | 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Target.php: -------------------------------------------------------------------------------- 1 | addBlankElement($name); 15 | $e->attr = array( 16 | 'target' => new HTMLPurifier_AttrDef_HTML_FrameTarget() 17 | ); 18 | } 19 | } 20 | 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /challenges/ch020/ch020.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | RSA Challenge IV: Low Private Exponent 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | You are asked to audit a system that uses a Low Private Exponent (i.e. the Private Key), to save time decryption/signing. 10 | We think it is a bad idea and the Private Exponent can be approximated. 11 | Your Goal: Approximate the Private Exponent. 12 | 13 | 7 14 | 120 15 | 16 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/simple/skins/default/content.css: -------------------------------------------------------------------------------- 1 | body, td, pre { 2 | font-family: Verdana, Arial, Helvetica, sans-serif; 3 | font-size: 10px; 4 | } 5 | 6 | body { 7 | background-color: #FFFFFF; 8 | } 9 | 10 | .mceVisualAid { 11 | border: 1px dashed #BBBBBB; 12 | } 13 | 14 | /* MSIE specific */ 15 | 16 | * html body { 17 | scrollbar-3dlight-color: #F0F0EE; 18 | scrollbar-arrow-color: #676662; 19 | scrollbar-base-color: #F0F0EE; 20 | scrollbar-darkshadow-color: #DDDDDD; 21 | scrollbar-face-color: #E0E0DD; 22 | scrollbar-highlight-color: #F0F0EE; 23 | scrollbar-shadow-color: #F0F0EE; 24 | scrollbar-track-color: #F5F5F5; 25 | } 26 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | HTML.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.0.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |

8 | Revision identifier for your custom definition specified in 9 | %HTML.DefinitionID. This serves the same purpose: uniquely identifying 10 | your custom definition, but this one does so in a chronological 11 | context: revision 3 is more up-to-date then revision 2. Thus, when 12 | this gets incremented, the cache handling is smart enough to clean 13 | up any older revisions of your definition as well as flush the 14 | cache. 15 |

16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/template/langs/en_dlg.js: -------------------------------------------------------------------------------- 1 | tinyMCE.addI18n('en.template_dlg',{title:"Templates",label:"Template","desc_label":"Description",desc:"Insert Predefined Template Content",select:"Select a Template",preview:"Preview",warning:"Warning: Updating a template with a different one may cause data loss.","mdate_format":"%Y-%m-%d %H:%M:%S","cdate_format":"%Y-%m-%d %H:%M:%S","months_long":"January,February,March,April,May,June,July,August,September,October,November,December","months_short":"Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec","day_long":"Sunday,Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday","day_short":"Sun,Mon,Tue,Wed,Thu,Fri,Sat,Sun"}); -------------------------------------------------------------------------------- /misc_scripts/add_Guest_to_every_class.php: -------------------------------------------------------------------------------- 1 | id); 10 | 11 | foreach($class_arr as $cls){ 12 | $member=false; 13 | foreach($memberships as $mem) 14 | if($cls->id == $mem["class_id"]){ 15 | $member = true; 16 | } 17 | if(!$member){ 18 | ClassMemberships::AddMembership($user->id,$cls->id); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableExternalResources 2 | TYPE: bool 3 | VERSION: 1.3.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Disables the embedding of external resources, preventing users from 7 | embedding things like images from other hosts. This prevents access 8 | tracking (good for email viewers), bandwidth leeching, cross-site request 9 | forging, goatse.cx posting, and other nasties, but also results in a loss 10 | of end-user functionality (they can't directly post a pic they posted from 11 | Flickr anymore). Use it if you don't have a robust user-content moderation 12 | team. 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier.func.php: -------------------------------------------------------------------------------- 1 | purify($html, $config); 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/Background.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'background'); 13 | // some validation should happen here 14 | 15 | $this->prependCSS($attr, "background-image:url($background);"); 16 | 17 | return $attr; 18 | 19 | } 20 | 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /challenges/ch015/ch015.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | RSA Challenge II: Common Modulas 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | We have a single message m, that was encrpted, using RSA, and sent to several people. 10 | All reciepents have the same RSA modulas N (N=pq). 11 | We are however only interested in the message. 12 | 13 | Your Objective : Reveal the originial message. (Assume m le N) 14 | 15 | 16 | 6 17 | 120 18 | 19 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/abbr.js: -------------------------------------------------------------------------------- 1 | /** 2 | * abbr.js 3 | * 4 | * Copyright 2009, Moxiecode Systems AB 5 | * Released under LGPL License. 6 | * 7 | * License: http://tinymce.moxiecode.com/license 8 | * Contributing: http://tinymce.moxiecode.com/contributing 9 | */ 10 | 11 | function init() { 12 | SXE.initElementDialog('abbr'); 13 | if (SXE.currentAction == "update") { 14 | SXE.showRemoveButton(); 15 | } 16 | } 17 | 18 | function insertAbbr() { 19 | SXE.insertElement('abbr'); 20 | tinyMCEPopup.close(); 21 | } 22 | 23 | function removeAbbr() { 24 | SXE.removeElement('abbr'); 25 | tinyMCEPopup.close(); 26 | } 27 | 28 | tinyMCEPopup.onInit.add(init); 29 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/cite.js: -------------------------------------------------------------------------------- 1 | /** 2 | * cite.js 3 | * 4 | * Copyright 2009, Moxiecode Systems AB 5 | * Released under LGPL License. 6 | * 7 | * License: http://tinymce.moxiecode.com/license 8 | * Contributing: http://tinymce.moxiecode.com/contributing 9 | */ 10 | 11 | function init() { 12 | SXE.initElementDialog('cite'); 13 | if (SXE.currentAction == "update") { 14 | SXE.showRemoveButton(); 15 | } 16 | } 17 | 18 | function insertCite() { 19 | SXE.insertElement('cite'); 20 | tinyMCEPopup.close(); 21 | } 22 | 23 | function removeCite() { 24 | SXE.removeElement('cite'); 25 | tinyMCEPopup.close(); 26 | } 27 | 28 | tinyMCEPopup.onInit.add(init); 29 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedFrameTargets 2 | TYPE: lookup 3 | DEFAULT: array() 4 | --DESCRIPTION-- 5 | Lookup table of all allowed link frame targets. Some commonly used link 6 | targets include _blank, _self, _parent and _top. Values should be 7 | lowercase, as validation will be done in a case-sensitive manner despite 8 | W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute 9 | so this directive will have no effect in that doctype. XHTML 1.1 does not 10 | enable the Target module by default, you will have to manually enable it 11 | (see the module documentation for more details.) 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt: -------------------------------------------------------------------------------- 1 | Core.EscapeNonASCIICharacters 2 | TYPE: bool 3 | VERSION: 1.4.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | This directive overcomes a deficiency in %Core.Encoding by blindly 7 | converting all non-ASCII characters into decimal numeric entities before 8 | converting it to its native encoding. This means that even characters that 9 | can be expressed in the non-UTF-8 encoding will be entity-ized, which can 10 | be a real downer for encodings like Big5. It also assumes that the ASCII 11 | repetoire is available, although this is the case for almost all encodings. 12 | Anyway, use UTF-8! 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt: -------------------------------------------------------------------------------- 1 | Core.MaintainLineNumbers 2 | TYPE: bool/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | If true, HTML Purifier will add line number information to all tokens. 9 | This is useful when error reporting is turned on, but can result in 10 | significant performance degradation and should not be used when 11 | unnecessary. This directive must be used with the DirectLex lexer, 12 | as the DOMLex lexer does not (yet) support this functionality. 13 | If the value is null, an appropriate value will be selected based 14 | on other configuration. 15 |

16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /view/user_login.tpl: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 | Login Details 5 | 6 | 7 | 8 | 9 |
10 | Forgot your password
11 | Create an account 12 |
13 |
14 |
-------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php: -------------------------------------------------------------------------------- 1 | 1.0) $result = '1'; 16 | return $result; 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Strategy/Composite.php: -------------------------------------------------------------------------------- 1 | strategies as $strategy) { 18 | $tokens = $strategy->execute($tokens, $config, $context); 19 | } 20 | return $tokens; 21 | } 22 | 23 | } 24 | 25 | // vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/acronym.js: -------------------------------------------------------------------------------- 1 | /** 2 | * acronym.js 3 | * 4 | * Copyright 2009, Moxiecode Systems AB 5 | * Released under LGPL License. 6 | * 7 | * License: http://tinymce.moxiecode.com/license 8 | * Contributing: http://tinymce.moxiecode.com/contributing 9 | */ 10 | 11 | function init() { 12 | SXE.initElementDialog('acronym'); 13 | if (SXE.currentAction == "update") { 14 | SXE.showRemoveButton(); 15 | } 16 | } 17 | 18 | function insertAcronym() { 19 | SXE.insertElement('acronym'); 20 | tinyMCEPopup.close(); 21 | } 22 | 23 | function removeAcronym() { 24 | SXE.removeElement('acronym'); 25 | tinyMCEPopup.close(); 26 | } 27 | 28 | tinyMCEPopup.onInit.add(init); 29 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php: -------------------------------------------------------------------------------- 1 | valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); 16 | return parent::validate($string, $config, $context); 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt: -------------------------------------------------------------------------------- 1 | HTML.BlockWrapper 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'p' 5 | --DESCRIPTION-- 6 | 7 |

8 | String name of element to wrap inline elements that are inside a block 9 | context. This only occurs in the children of blockquote in strict mode. 10 |

11 |

12 | Example: by default value, 13 | <blockquote>Foo</blockquote> would become 14 | <blockquote><p>Foo</p></blockquote>. 15 | The <p> tags can be replaced with whatever you desire, 16 | as long as it is a block level element. 17 |

18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/emotions/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(a){a.create("tinymce.plugins.EmotionsPlugin",{init:function(b,c){b.addCommand("mceEmotion",function(){b.windowManager.open({file:c+"/emotions.htm",width:250+parseInt(b.getLang("emotions.delta_width",0)),height:160+parseInt(b.getLang("emotions.delta_height",0)),inline:1},{plugin_url:c})});b.addButton("emotions",{title:"emotions.emotions_desc",cmd:"mceEmotion"})},getInfo:function(){return{longname:"Emotions",author:"Moxiecode Systems AB",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/emotions",version:a.majorVersion+"."+a.minorVersion}}});a.PluginManager.add("emotions",a.plugins.EmotionsPlugin)})(tinymce); -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/table/js/merge_cells.js: -------------------------------------------------------------------------------- 1 | tinyMCEPopup.requireLangPack(); 2 | 3 | var MergeCellsDialog = { 4 | init : function() { 5 | var f = document.forms[0]; 6 | 7 | f.numcols.value = tinyMCEPopup.getWindowArg('cols', 1); 8 | f.numrows.value = tinyMCEPopup.getWindowArg('rows', 1); 9 | }, 10 | 11 | merge : function() { 12 | var func, f = document.forms[0]; 13 | 14 | tinyMCEPopup.restoreSelection(); 15 | 16 | func = tinyMCEPopup.getWindowArg('onaction'); 17 | 18 | func({ 19 | cols : f.numcols.value, 20 | rows : f.numrows.value 21 | }); 22 | 23 | tinyMCEPopup.close(); 24 | } 25 | }; 26 | 27 | tinyMCEPopup.onInit.add(MergeCellsDialog.init, MergeCellsDialog); 28 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Name.php: -------------------------------------------------------------------------------- 1 | addBlankElement($name); 12 | $element->attr['name'] = 'CDATA'; 13 | if (!$config->get('HTML.Attr.Name.UseCDATA')) { 14 | $element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync(); 15 | } 16 | } 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /extlib/tinymce/examples/menu.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Menu 5 | 8 | 9 | 10 |

Examples

11 | Full featured 12 | Simple theme 13 | Skin support 14 | Word processor 15 | Custom formats 16 | Accessibility Options 17 | 18 | 19 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example/js/dialog.js: -------------------------------------------------------------------------------- 1 | tinyMCEPopup.requireLangPack(); 2 | 3 | var ExampleDialog = { 4 | init : function() { 5 | var f = document.forms[0]; 6 | 7 | // Get the selected contents as text and place it in the input 8 | f.someval.value = tinyMCEPopup.editor.selection.getContent({format : 'text'}); 9 | f.somearg.value = tinyMCEPopup.getWindowArg('some_custom_arg'); 10 | }, 11 | 12 | insert : function() { 13 | // Insert the contents from the input into the document 14 | tinyMCEPopup.editor.execCommand('mceInsertContent', false, document.forms[0].someval.value); 15 | tinyMCEPopup.close(); 16 | } 17 | }; 18 | 19 | tinyMCEPopup.onInit.add(ExampleDialog.init, ExampleDialog); 20 | -------------------------------------------------------------------------------- /challenges/ch018/ch018.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Blinding Signatures 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | We have a message m, for which we want a valid signature. While we have access to a Sign Oracle to query signatures, it will not respond and sign the challenge message for which we want the signature. 10 | Your Mission, should you choose to accept it, is to forge a signature on the challenge message, using the oracle (or otherwise). 11 | 12 | 13 | 6 14 | 60 15 | 16 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/Name.php: -------------------------------------------------------------------------------- 1 | get('HTML.Attr.Name.UseCDATA')) return $attr; 12 | if (!isset($attr['name'])) return $attr; 13 | $id = $this->confiscateAttr($attr, 'name'); 14 | if ( isset($attr['id'])) return $attr; 15 | $attr['id'] = $id; 16 | return $attr; 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt: -------------------------------------------------------------------------------- 1 | Core.HiddenElements 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'script' => true, 6 | 'style' => true, 7 | ) 8 | --DESCRIPTION-- 9 | 10 |

11 | This directive is a lookup array of elements which should have their 12 | contents removed when they are not allowed by the HTML definition. 13 | For example, the contents of a script tag are not 14 | normally shown in a document, so if script tags are to be removed, 15 | their contents should be removed to. This is opposed to a b 16 | tag, which defines some presentational changes but does not hide its 17 | contents. 18 |

19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt: -------------------------------------------------------------------------------- 1 | Filter.ExtractStyleBlocks.TidyImpl 2 | TYPE: mixed/null 3 | VERSION: 3.1.0 4 | DEFAULT: NULL 5 | ALIASES: FilterParam.ExtractStyleBlocksTidyImpl 6 | --DESCRIPTION-- 7 |

8 | If left NULL, HTML Purifier will attempt to instantiate a csstidy 9 | class to use for internal cleaning. This will usually be good enough. 10 |

11 |

12 | However, for trusted user input, you can set this to false to 13 | disable cleaning. In addition, you can supply your own concrete implementation 14 | of Tidy's interface to use, although I don't know why you'd want to do that. 15 |

16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /challenges/ch016/ch016.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | RSA Challenge III: Low Encryption Exponent 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | We have a single message m, that was encrpted, using RSA, and sent to three people. 10 | All reciepents have the same RSA ecryption modulas e (e=3), (notice it also matches the no. of recipients ;) ). 11 | We are interested in the message. 12 | 13 | Your Objective : Reveal the originial message 14 | 15 | 16 | 7 17 | 120 18 | 19 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php: -------------------------------------------------------------------------------- 1 | name = $name;} 13 | 14 | public function validate($string, $config, $context) { 15 | if (empty($string)) return false; 16 | return $this->name; 17 | } 18 | 19 | /** 20 | * @param $string Name of attribute 21 | */ 22 | public function make($string) { 23 | return new HTMLPurifier_AttrDef_HTML_Bool($string); 24 | } 25 | 26 | } 27 | 28 | // vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php: -------------------------------------------------------------------------------- 1 | blacklist = $config->get('URI.HostBlacklist'); 9 | return true; 10 | } 11 | public function filter(&$uri, $config, $context) { 12 | foreach($this->blacklist as $blacklisted_host_fragment) { 13 | if (strpos($uri->host, $blacklisted_host_fragment) !== false) { 14 | return false; 15 | } 16 | } 17 | return true; 18 | } 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/preview/preview.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 10 | {#preview.preview_desc} 11 | 12 | 13 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ChildDef/Empty.php: -------------------------------------------------------------------------------- 1 | 7 | If true, any URI munging directives like %URI.Munge 8 | will also apply to embedded resources, such as <img src="">. 9 | Be careful enabling this directive if you have a redirector script 10 | that does not use the Location HTTP header; all of your images 11 | and other embedded resources will break. 12 |

13 |

14 | Warning: It is strongly advised you use this in conjunction 15 | %URI.MungeSecretKey to mitigate the security risk of an open redirector. 16 |

17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier.autoload.php: -------------------------------------------------------------------------------- 1 | 8 | If HTML Purifier's style attributes set is unsatisfactory for your needs, 9 | you can overload it with your own list of tags to allow. Note that this 10 | method is subtractive: it does its job by taking away from HTML Purifier 11 | usual feature set, so you cannot add an attribute that HTML Purifier never 12 | supported in the first place. 13 |

14 |

15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |

18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | CSS.MaxImgLength 2 | TYPE: string/null 3 | DEFAULT: '1200px' 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |

7 | This parameter sets the maximum allowed length on img tags, 8 | effectively the width and height properties. 9 | Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is 10 | in place to prevent imagecrash attacks, disable with null at your own risk. 11 | This directive is similar to %HTML.MaxImgLength, and both should be 12 | concurrently edited, although there are 13 | subtle differences in the input format (the CSS max is a number with 14 | a unit). 15 |

16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /installation/installer/data/templates/index.phtml: -------------------------------------------------------------------------------- 1 |
2 |

{#I-01#}

3 |

4 | 5 |
6 |
7 | 8 |

{#I-02#}

9 | 10 | 11 |
12 |

13 |
14 | 15 |
16 |
17 | -------------------------------------------------------------------------------- /challenges/ch013/ch013.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Silly MACs 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | Our adversaries use a primitive and insecure mode of operation to obtain Message Authentication Codes for communication. While they use a secure block cipher, F, to obtain MACs for one block, when it comes to multiple blocks their scheme can be easily manupulted and broken. 10 | 11 | Your Objective : Help us forge a valid MAC to confuse them. 12 | 13 | 14 | 15 | 4 16 | 17 | 18 | 30 19 | 20 | 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedAttributes 2 | TYPE: lookup/null 3 | VERSION: 1.3.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | If HTML Purifier's attribute set is unsatisfactory, overload it! 9 | The syntax is "tag.attr" or "*.attr" for the global attributes 10 | (style, id, class, dir, lang, xml:lang). 11 |

12 |

13 | Warning: If another directive conflicts with the 14 | elements here, that directive will win and override. For 15 | example, %HTML.EnableAttrID will take precedence over *.id in this 16 | directive. You must set that directive to true before you can use 17 | IDs at all. 18 |

19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php: -------------------------------------------------------------------------------- 1 | content_model_type != 'strictblockquote') return parent::getChildDef($def); 17 | return new HTMLPurifier_ChildDef_StrictBlockquote($def->content_model); 18 | } 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /challenges/ch001/main/secret_area_/mails.txt: -------------------------------------------------------------------------------- 1 | Everyone is here... xexexe! 2 | ---------------------------------------- 3 | Crazy Alice Alice@InWonderland.com 4 | Nebu Chadnezzar NebuChadnezzar@OldKing.edu 5 | Jo Raimontilinekergrobelar ShortName@badmail.com 6 | Web Killer WebMurder@killer.ever.com 7 | Don Quixote windmill@mail.spain 8 | Crazy priest Exorcist@hotmail.com 9 | Jasson Killer Friday13@JasonLives.com 10 | Everything All AllweSaid@mail.com 11 | Thiseas Sparrow Pirates@mail.gr 12 | Black Dreamer SupaHacka@mail.com 13 | Bond James MyNameIsBond@JamesBond.com 14 | Poor Boy Millionaire@fmail.com 15 | Blind Lynxeyed Linxblind@siou.com 16 | Earl Dracula CarpathianServers@Blood.com 17 | Tea Coffee sugar@dring.com 18 | Whisky Vodka drink@drunk.com 19 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advimage/css/advimage.css: -------------------------------------------------------------------------------- 1 | #src_list, #over_list, #out_list {width:280px;} 2 | .mceActionPanel {margin-top:7px;} 3 | .alignPreview {border:1px solid #000; width:140px; height:140px; overflow:hidden; padding:5px;} 4 | .checkbox {border:0;} 5 | .panel_wrapper div.current {height:305px;} 6 | #prev {margin:0; border:1px solid #000; width:428px; height:150px; overflow:auto;} 7 | #align, #classlist {width:150px;} 8 | #width, #height {vertical-align:middle; width:50px; text-align:center;} 9 | #vspace, #hspace, #border {vertical-align:middle; width:30px; text-align:center;} 10 | #class_list {width:180px;} 11 | input {width: 280px;} 12 | #constrain, #onmousemovecheck {width:auto;} 13 | #id, #dir, #lang, #usemap, #longdesc {width:200px;} 14 | -------------------------------------------------------------------------------- /challenges/ch011/ch011.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Fun with Frequencies 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | You are given a file that has been encrypted with a substitution cipher using some key permutation P. 10 | And a mysterious ciphertext, that has also been encrypted with the same key permutation P. 11 | Everything you need to know is explained in the challenge. 12 | 13 | Your Objective: give us the decryption of the mysterious ciphertext, should you choose to accept it. 14 | 15 | 16 | 17 | 2 18 | 60 19 | 20 | -------------------------------------------------------------------------------- /challenges/cookiEng/cookiEng.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | cookiEng 4 | 5 | Nikos Danopoulos 6 | 7 | web 8 | 9 |

Hello, we have heard that you are one of the best hackers in our country.We need your services.
You must visit an underground site and find 10 | a form's password. With this password we will cancel 100k+ illegal gun and drug deals! The good news are that we have the password's directory. It's here "/t0psec". The bad news are that we don't have access there. Only administrator does. Go and find the password for us! 11 |


12 | Good luck! 13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 0 => array('Style'), 10 | // 'xml:space' => false, 11 | 'class' => 'Class', 12 | 'id' => 'ID', 13 | 'title' => 'CDATA', 14 | ), 15 | 'Lang' => array(), 16 | 'I18N' => array( 17 | 0 => array('Lang'), // proprietary, for xml:lang/lang 18 | ), 19 | 'Common' => array( 20 | 0 => array('Core', 'I18N') 21 | ) 22 | ); 23 | 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt: -------------------------------------------------------------------------------- 1 | Attr.EnableID 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 1.2.0 5 | --DESCRIPTION-- 6 | Allows the ID attribute in HTML. This is disabled by default due to the 7 | fact that without proper configuration user input can easily break the 8 | validation of a webpage by specifying an ID that is already on the 9 | surrounding HTML. If you don't mind throwing caution to the wind, enable 10 | this directive, but I strongly recommend you also consider blacklisting IDs 11 | you use (%Attr.IDBlacklist) or prefixing all user supplied IDs 12 | (%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of 13 | pre-1.2.0 versions. 14 | --ALIASES-- 15 | HTML.EnableAttrID 16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.string_format.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: string_format
14 | * Purpose: format strings via sprintf 15 | * 16 | * @link http://www.smarty.net/manual/en/language.modifier.string.format.php string_format (Smarty online manual) 17 | * @author Uwe Tews 18 | * @param array $params parameters 19 | * @return string with compiled code 20 | */ 21 | function smarty_modifiercompiler_string_format($params, $compiler) 22 | { 23 | return 'sprintf(' . $params[1] . ',' . $params[0] . ')'; 24 | } 25 | 26 | ?> -------------------------------------------------------------------------------- /admin/view/admin_login.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header.tpl"} 2 | 3 |
4 |
{include file="_usermessage.tpl"}
5 |
6 |

Log In

7 |
8 | 9 | 10 |
11 |
12 | 13 |
14 |
15 |
16 | {include file="_footer.tpl"} -------------------------------------------------------------------------------- /challenges/ch005/ch005.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 5 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 | SITE. In order to achieve this, however, you must buy the "p0wnBrowser" web browser. Since it is too expensive, you will have to "fool" the system in some way, so that it let you read the site's contents. 15 | ]]> 16 | 17 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt: -------------------------------------------------------------------------------- 1 | URI.Base 2 | TYPE: string/null 3 | VERSION: 2.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | The base URI is the URI of the document this purified HTML will be 9 | inserted into. This information is important if HTML Purifier needs 10 | to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute 11 | is on. You may use a non-absolute URI for this value, but behavior 12 | may vary (%URI.MakeAbsolute deals nicely with both absolute and 13 | relative paths, but forwards-compatibility is not guaranteed). 14 | Warning: If set, the scheme on this URI 15 | overrides the one specified by %URI.DefaultScheme. 16 |

17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefixLocal 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you 7 | need to allow multiple sets of user content on web page, you may need to 8 | have a seperate prefix that changes with each iteration. This way, 9 | seperately submitted user content displayed on the same page doesn't 10 | clobber each other. Ideal values are unique identifiers for the content it 11 | represents (i.e. the id of the row in the database). Be sure to add a 12 | seperator (like an underscore) at the end. Warning: this directive will 13 | not work unless %Attr.IDPrefix is set to a non-empty value! 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php: -------------------------------------------------------------------------------- 1 | " 12 | // that needs more percent encoding to be done 13 | if ($string == '') return false; 14 | $string = trim($string); 15 | $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); 16 | return $result ? $string : false; 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt: -------------------------------------------------------------------------------- 1 | Core.DirectLexLineNumberSyncInterval 2 | TYPE: int 3 | VERSION: 2.0.0 4 | DEFAULT: 0 5 | --DESCRIPTION-- 6 | 7 |

8 | Specifies the number of tokens the DirectLex line number tracking 9 | implementations should process before attempting to resyncronize the 10 | current line count by manually counting all previous new-lines. When 11 | at 0, this functionality is disabled. Lower values will decrease 12 | performance, and this is only strictly necessary if the counting 13 | algorithm is buggy (in which case you should report it as a bug). 14 | This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is 15 | not being used. 16 |

17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt: -------------------------------------------------------------------------------- 1 | HTML.CoreModules 2 | TYPE: lookup 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'Structure' => true, 7 | 'Text' => true, 8 | 'Hypertext' => true, 9 | 'List' => true, 10 | 'NonXMLCommonAttributes' => true, 11 | 'XMLCommonAttributes' => true, 12 | 'CommonAttributes' => true, 13 | ) 14 | --DESCRIPTION-- 15 | 16 |

17 | Certain modularized doctypes (XHTML, namely), have certain modules 18 | that must be included for the doctype to be an conforming document 19 | type: put those modules here. By default, XHTML's core modules 20 | are used. You can set this to a blank array to disable core module 21 | protection, but this is not recommended. 22 |

23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt: -------------------------------------------------------------------------------- 1 | HTML.TidyLevel 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'medium' 5 | --DESCRIPTION-- 6 | 7 |

General level of cleanliness the Tidy module should enforce. 8 | There are four allowed values:

9 |
10 |
none
11 |
No extra tidying should be done
12 |
light
13 |
Only fix elements that would be discarded otherwise due to 14 | lack of support in doctype
15 |
medium
16 |
Enforce best practices
17 |
heavy
18 |
Transform all deprecated elements and attributes to standards 19 | compliant equivalents
20 |
21 | 22 | --ALLOWED-- 23 | 'none', 'light', 'medium', 'heavy' 24 | --# vim: et sw=4 sts=4 25 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 3 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 |
Your objective is to make an alert box appear HERE bearing the message: "XSS!".]]> 15 | 16 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt: -------------------------------------------------------------------------------- 1 | Core.AggressivelyFixLt 2 | TYPE: bool 3 | VERSION: 2.1.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |

7 | This directive enables aggressive pre-filter fixes HTML Purifier can 8 | perform in order to ensure that open angled-brackets do not get killed 9 | during parsing stage. Enabling this will result in two preg_replace_callback 10 | calls and at least two preg_replace calls for every HTML document parsed; 11 | if your users make very well-formed HTML, you can set this directive false. 12 | This has no effect when DirectLex is used. 13 |

14 |

15 | Notice: This directive's default turned from false to true 16 | in HTML Purifier 3.2.0. 17 |

18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php: -------------------------------------------------------------------------------- 1 | array('style' => false), // see constructor 15 | 'Core' => array(0 => array('Style')) 16 | ); 17 | 18 | public function setup($config) { 19 | $this->attr_collections['Style']['style'] = new HTMLPurifier_AttrDef_CSS(); 20 | } 21 | 22 | } 23 | 24 | // vim: et sw=4 sts=4 25 | -------------------------------------------------------------------------------- /view/showChallenge.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header_frontend.tpl"} 2 |
3 |
4 |

{$challenge->title}

5 |

6 | 7 | 8 | 9 | 10 | {if isset($is_logged_in) && isset($is_allowed)} 11 | 12 | 15 | 16 | {/if} 17 |
{$challenge->description}
13 |

Try it!

14 |
18 |
19 | {include file="_footer_frontend.tpl"} 20 | -------------------------------------------------------------------------------- /challenges/ch008/ch008.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 8 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 | trytohack.gr

The problem is that, in order to execute the majority of the commands (on the machine running the backdoor) you must have super-user rights (root).

Your aim is to obtain root rights. 15 | ]]> 16 | 17 | -------------------------------------------------------------------------------- /view/forgotpw.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header_frontend.tpl"} 2 |
3 |
4 |

Forgot Your Password?

5 |


6 | 7 |
8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 | 18 | 19 |
16 |

17 |
20 |
21 |
22 |
23 | {include file="_footer_frontend.tpl"} -------------------------------------------------------------------------------- /challenges/ch002/ch002.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 2 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 |
15 | You must therefore succeed in finding the password of this military SITE.

Good luck! 16 | ]]> 17 | 18 | -------------------------------------------------------------------------------- /admin/view/addclass.tpl: -------------------------------------------------------------------------------- 1 | {include file="_header.tpl"} 2 | 3 |
4 |
5 |

Add Class

6 |

7 |
{include file="_usermessage.tpl"}
8 | 9 |
10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 | 20 | 21 |
18 |

19 |
22 |
23 |
24 |
25 | {include file="_footer.tpl"} -------------------------------------------------------------------------------- /challenges/ch012/ch012.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | OTP Challenge 4 | 5 | Subhayan RoyMoulick, Dan Myshkin, Spyros Gasteratos 6 | 7 | crypto 8 | 9 | You are given ciphertexts of various messages, encrypted with the same key using a XOR Cipher or Vernam or One Time Pad. 10 | 11 | However we know the OTP is secure for encrypting only one message. And we are confident it is possible to break the scheme now. 12 | 13 | Given a set of ciphertexts, we are interested in knowing only one. 14 | 15 | Your Objective: Decipher the asked ciphertext and suggest us a strategy for action. 16 | 17 | 18 | 4 19 | 45 20 | 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/VarParser/Native.php: -------------------------------------------------------------------------------- 1 | evalExpression($var); 13 | } 14 | 15 | protected function evalExpression($expr) { 16 | $var = null; 17 | $result = eval("\$var = $expr;"); 18 | if ($result === false) { 19 | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); 20 | } 21 | return $var; 22 | } 23 | 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/advimage/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(){tinymce.create("tinymce.plugins.AdvancedImagePlugin",{init:function(a,b){a.addCommand("mceAdvImage",function(){if(a.dom.getAttrib(a.selection.getNode(),"class","").indexOf("mceItem")!=-1){return}a.windowManager.open({file:b+"/image.htm",width:480+parseInt(a.getLang("advimage.delta_width",0)),height:385+parseInt(a.getLang("advimage.delta_height",0)),inline:1},{plugin_url:b})});a.addButton("image",{title:"advimage.image_desc",cmd:"mceAdvImage"})},getInfo:function(){return{longname:"Advanced image",author:"Moxiecode Systems AB",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/advimage",version:tinymce.majorVersion+"."+tinymce.minorVersion}}});tinymce.PluginManager.add("advimage",tinymce.plugins.AdvancedImagePlugin)})(); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Strategy.php: -------------------------------------------------------------------------------- 1 | 7 | If HTML Purifier's tag set is unsatisfactory for your needs, you 8 | can overload it with your own list of tags to allow. Note that this 9 | method is subtractive: it does its job by taking away from HTML Purifier 10 | usual feature set, so you cannot add a tag that HTML Purifier never 11 | supported in the first place (like embed, form or head). If you 12 | change this, you probably also want to change %HTML.AllowedAttributes. 13 |

14 |

15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |

18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.cat.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: cat
14 | * Date: Feb 24, 2003
15 | * Purpose: catenate a value to a variable
16 | * Input: string to catenate
17 | * Example: {$var|cat:"foo"} 18 | * 19 | * @link http://smarty.php.net/manual/en/language.modifier.cat.php cat 20 | * (Smarty online manual) 21 | * @author Uwe Tews 22 | * @param array $params parameters 23 | * @return string with compiled code 24 | */ 25 | function smarty_modifiercompiler_cat($params, $compiler) 26 | { 27 | return '('.implode(').(', $params).')'; 28 | } 29 | 30 | ?> -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt: -------------------------------------------------------------------------------- 1 | Core.ColorKeywords 2 | TYPE: hash 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'maroon' => '#800000', 7 | 'red' => '#FF0000', 8 | 'orange' => '#FFA500', 9 | 'yellow' => '#FFFF00', 10 | 'olive' => '#808000', 11 | 'purple' => '#800080', 12 | 'fuchsia' => '#FF00FF', 13 | 'white' => '#FFFFFF', 14 | 'lime' => '#00FF00', 15 | 'green' => '#008000', 16 | 'navy' => '#000080', 17 | 'blue' => '#0000FF', 18 | 'aqua' => '#00FFFF', 19 | 'teal' => '#008080', 20 | 'black' => '#000000', 21 | 'silver' => '#C0C0C0', 22 | 'gray' => '#808080', 23 | ) 24 | --DESCRIPTION-- 25 | 26 | Lookup array of color names to six digit hexadecimal number corresponding 27 | to color, with preceding hash mark. Used when parsing colors. 28 | --# vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/URIScheme/mailto.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 19 | $uri->host = null; 20 | $uri->port = null; 21 | // we need to validate path against RFC 2368's addr-spec 22 | return true; 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /challenges/ch006/ch006.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 6 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 | Your mission is to infiltrate their SITE. There is a small problem, however... We don't know the password!
Perhaps you could find it?
Let's see!
g00d luck dudes! 15 | ]]> 16 | 17 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php: -------------------------------------------------------------------------------- 1 | start->attr['href'])){ 17 | $url = $token->start->attr['href']; 18 | unset($token->start->attr['href']); 19 | $token = array($token, new HTMLPurifier_Token_Text(" ($url)")); 20 | } else { 21 | // nothing to display 22 | } 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /challenges/ch017/css/main.css~: -------------------------------------------------------------------------------- 1 | 2 | .mathcal { 3 | font-family: "Comic Sans MS",cursive,sans-serif; 4 | } 5 | 6 | .content { 7 | max-width: 850; 8 | margin: auto; 9 | border: 2px solid red; 10 | padding: 25px; 11 | background: #fefcea 12 | } 13 | 14 | h1 { 15 | text-align: center; 16 | color: red; 17 | } 18 | 19 | .chal_sub { 20 | text-align: center; 21 | } 22 | 23 | .help_RAT { 24 | border: 1px solid blue; 25 | font-size: 13px; 26 | max-width: 400; 27 | padding: 0 30; 28 | } 29 | 30 | h3 { 31 | text-align: center; 32 | color: blue; 33 | } 34 | 35 | .submit { 36 | color: #fed; 37 | padding: 10 20; 38 | border-radius: 10; 39 | background-color: black; 40 | } 41 | 42 | .submit:hover{ 43 | color: red; 44 | background: white ; 45 | } 46 | 47 | h5 { 48 | text-align: center; 49 | } 50 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/Length.php: -------------------------------------------------------------------------------- 1 | name = $name; 14 | $this->cssName = $css_name ? $css_name : $name; 15 | } 16 | 17 | public function transform($attr, $config, $context) { 18 | if (!isset($attr[$this->name])) return $attr; 19 | $length = $this->confiscateAttr($attr, $this->name); 20 | if(ctype_digit($length)) $length .= 'px'; 21 | $this->prependCSS($attr, $this->cssName . ":$length;"); 22 | return $attr; 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedModules 2 | TYPE: lookup/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | A doctype comes with a set of usual modules to use. Without having 9 | to mucking about with the doctypes, you can quickly activate or 10 | disable these modules by specifying which modules you wish to allow 11 | with this directive. This is most useful for unit testing specific 12 | modules, although end users may find it useful for their own ends. 13 |

14 |

15 | If you specify a module that does not exist, the manager will silently 16 | fail to use it, so be careful! User-defined modules are not affected 17 | by this directive. Modules defined in %HTML.CoreModules are not 18 | affected by this directive. 19 |

20 | --# vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_paragraphs
14 | * Purpose: count the number of paragraphs in a text 15 | * 16 | * @link http://www.smarty.net/manual/en/language.modifier.count.paragraphs.php 17 | * count_paragraphs (Smarty online manual) 18 | * @author Uwe Tews 19 | * @param array $params parameters 20 | * @return string with compiled code 21 | */ 22 | function smarty_modifiercompiler_count_paragraphs($params, $compiler) 23 | { 24 | // count \r or \n characters 25 | return '(preg_match_all(\'#[\r\n]+#\', ' . $params[0] . ', $tmp)+1)'; 26 | } 27 | 28 | ?> -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/preview/example.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 18 | Example of a custom preview page 19 | 20 | 21 | 22 | Editor contents:
23 |
24 | 25 |
26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php: -------------------------------------------------------------------------------- 1 | feature that automatically resolves all 11 | entities), making it pretty useless for anything except the most I18N-blind 12 | applications, although %Core.EscapeNonASCIICharacters offers fixes this 13 | trouble with another tradeoff. This directive only accepts ISO-8859-1 if 14 | iconv is not enabled. 15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /challenges/ch001/main/main.htm: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |

You have entered a Secure Area 21 |

Here you can either view or update the records in the company's Database. 22 |

Warning: All actions are logged! 23 | 24 | 25 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.upper.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: lower
14 | * Purpose: convert string to uppercase 15 | * 16 | * @link http://smarty.php.net/manual/en/language.modifier.upper.php lower (Smarty online manual) 17 | * @author Uwe Tews 18 | * @param array $params parameters 19 | * @return string with compiled code 20 | */ 21 | function smarty_modifiercompiler_upper($params, $compiler) 22 | { 23 | if (Smarty::$_MBSTRING) { 24 | return 'mb_strtoupper(' . $params[0] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')' ; 25 | } 26 | // no MBString fallback 27 | return 'strtoupper(' . $params[0] . ')'; 28 | } 29 | 30 | ?> -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/example/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(){tinymce.PluginManager.requireLangPack("example");tinymce.create("tinymce.plugins.ExamplePlugin",{init:function(a,b){a.addCommand("mceExample",function(){a.windowManager.open({file:b+"/dialog.htm",width:320+parseInt(a.getLang("example.delta_width",0)),height:120+parseInt(a.getLang("example.delta_height",0)),inline:1},{plugin_url:b,some_custom_arg:"custom arg"})});a.addButton("example",{title:"example.desc",cmd:"mceExample",image:b+"/img/example.gif"});a.onNodeChange.add(function(d,c,e){c.setActive("example",e.nodeName=="IMG")})},createControl:function(b,a){return null},getInfo:function(){return{longname:"Example plugin",author:"Some author",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/example",version:"1.0"}}});tinymce.PluginManager.add("example",tinymce.plugins.ExamplePlugin)})(); -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/paste/pasteword.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | {#paste.paste_word_desc} 4 | 5 | 6 | 7 | 8 |

9 |
{#paste.paste_word_desc}
10 | 11 |
{#paste_dlg.word_title}
12 | 13 |
14 | 15 |
16 | 17 | 18 |
19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/src/site/resources/css/site.css: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one or more 3 | contributor license agreements. See the NOTICE file distributed with 4 | this work for additional information regarding copyright ownership. 5 | The ASF licenses this file to You under the Apache License, Version 2.0 6 | (the "License"); you may not use this file except in compliance with 7 | the License. You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | 17 | */ 18 | 19 | -------------------------------------------------------------------------------- /challenges/ch004/ch004.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Challenge 4 4 | 5 | Andreas Venieris, 6 | Konstantinos Papapanagiotou, 7 | Anastasios Stasinopoulos, 8 | Vasilios Vlachos, 9 | Alexandros Papanikolaou 10 | 11 | web 12 | 13 | this site suffers from an XSS-like type of vulnerability. Unfortunately, he lost the notes he had written regarding how exactly did he exploit the aforementioned vulnerability.
Your objective is to make an alert box appear, bearing the message "XSS!". It should be noted, however, that this site has some protection against such attacks. 15 | ]]> 16 | 17 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenElements 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |

7 | This was, perhaps, the most requested feature ever in HTML 8 | Purifier. Please don't abuse it! This is the logical inverse of 9 | %HTML.AllowedElements, and it will override that directive, or any 10 | other directive. 11 |

12 |

13 | If possible, %HTML.Allowed is recommended over this directive, because it 14 | can sometimes be difficult to tell whether or not you've forbidden all of 15 | the behavior you would like to disallow. If you forbid img 16 | with the expectation of preventing images on your site, you'll be in for 17 | a nasty surprise when people start using the background-image 18 | CSS property. 19 |

20 | --# vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/ui_silver.css: -------------------------------------------------------------------------------- 1 | /* Silver */ 2 | .o2k7SkinSilver .mceToolbar .mceToolbarStart span, .o2k7SkinSilver .mceButton, .o2k7SkinSilver .mceSplitButton, .o2k7SkinSilver .mceSeparator, .o2k7SkinSilver .mceSplitButton a.mceOpen, .o2k7SkinSilver .mceListBox a.mceOpen {background-image:url(img/button_bg_silver.png)} 3 | .o2k7SkinSilver td.mceToolbar, .o2k7SkinSilver td.mceStatusbar, .o2k7SkinSilver .mceMenuItemTitle a {background:#eee} 4 | .o2k7SkinSilver .mceListBox .mceText {background:#FFF} 5 | .o2k7SkinSilver .mceExternalToolbar, .o2k7SkinSilver .mceListBox .mceText, .o2k7SkinSilver div.mceMenu, .o2k7SkinSilver table.mceLayout, .o2k7SkinSilver .mceMenuItemTitle a, .o2k7SkinSilver table.mceLayout tr.mceFirst td, .o2k7SkinSilver table.mceLayout, .o2k7SkinSilver .mceMenuItemTitle a, .o2k7SkinSilver table.mceLayout tr.mceLast td, .o2k7SkinSilver .mceIframeContainer {border-color: #bbb} 6 | -------------------------------------------------------------------------------- /challenges/ch001/main/Sociability.htm: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | Sociability 13 |
14 | Our members must develop a high public activity in all fields.

Through public appearances in social places they will earn the trust of our rich, prospective customers.

15 | 16 | 17 |
18 |

Home

19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /esapi/lib/apache-log4php/trunk/src/test/php/configurators/test2.properties: -------------------------------------------------------------------------------- 1 | ; Licensed to the Apache Software Foundation (ASF) under one or more 2 | ; contributor license agreements. See the NOTICE file distributed with 3 | ; this work for additional information regarding copyright ownership. 4 | ; The ASF licenses this file to You under the Apache License, Version 2.0 5 | ; (the "License"); you may not use this file except in compliance with 6 | ; the License. You may obtain a copy of the License at 7 | ; 8 | ; http://www.apache.org/licenses/LICENSE-2.0 9 | ; 10 | ; Unless required by applicable law or agreed to in writing, software 11 | ; distributed under the License is distributed on an "AS IS" BASIS, 12 | ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | ; See the License for the specific language governing permissions and 14 | ; limitations under the License. 15 | ; 16 | ; EMPTY PROPERTIES -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/PropertyListIterator.php: -------------------------------------------------------------------------------- 1 | l = strlen($filter); 19 | $this->filter = $filter; 20 | } 21 | 22 | public function accept() { 23 | $key = $this->getInnerIterator()->key(); 24 | if( strncmp($key, $this->filter, $this->l) !== 0 ) { 25 | return false; 26 | } 27 | return true; 28 | } 29 | 30 | } 31 | 32 | // vim: et sw=4 sts=4 33 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.indent.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: indent
13 | * Purpose: indent lines of text 14 | * 15 | * @link http://www.smarty.net/manual/en/language.modifier.indent.php indent (Smarty online manual) 16 | * @author Uwe Tews 17 | * @param array $params parameters 18 | * @return string with compiled code 19 | */ 20 | 21 | function smarty_modifiercompiler_indent($params, $compiler) 22 | { 23 | if (!isset($params[1])) { 24 | $params[1] = 4; 25 | } 26 | if (!isset($params[2])) { 27 | $params[2] = "' '"; 28 | } 29 | return 'preg_replace(\'!^!m\',str_repeat(' . $params[2] . ',' . $params[1] . '),' . $params[0] . ')'; 30 | } 31 | 32 | ?> -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifier.spacify.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: spacify
13 | * Purpose: add spaces between characters in a string 14 | * 15 | * @link http://smarty.php.net/manual/en/language.modifier.spacify.php spacify (Smarty online manual) 16 | * @author Monte Ohrt 17 | * @param string $string input string 18 | * @param string $spacify_char string to insert between characters. 19 | * @return string 20 | */ 21 | function smarty_modifier_spacify($string, $spacify_char = ' ') 22 | { 23 | // well… what about charsets besides latin and UTF-8? 24 | return implode($spacify_char, preg_split('//' . Smarty::$_UTF8_MODIFIER, $string, -1, PREG_SPLIT_NO_EMPTY)); 25 | } 26 | 27 | ?> -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.lower.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: lower
13 | * Purpose: convert string to lowercase 14 | * 15 | * @link http://www.smarty.net/manual/en/language.modifier.lower.php lower (Smarty online manual) 16 | * @author Monte Ohrt 17 | * @author Uwe Tews 18 | * @param array $params parameters 19 | * @return string with compiled code 20 | */ 21 | 22 | function smarty_modifiercompiler_lower($params, $compiler) 23 | { 24 | if (Smarty::$_MBSTRING) { 25 | return 'mb_strtolower(' . $params[0] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')' ; 26 | } 27 | // no MBString fallback 28 | return 'strtolower(' . $params[0] . ')'; 29 | } 30 | 31 | ?> -------------------------------------------------------------------------------- /extlib/tinymce/jscripts/tiny_mce/plugins/iespell/editor_plugin.js: -------------------------------------------------------------------------------- 1 | (function(){tinymce.create("tinymce.plugins.IESpell",{init:function(a,b){var c=this,d;if(!tinymce.isIE){return}c.editor=a;a.addCommand("mceIESpell",function(){try{d=new ActiveXObject("ieSpell.ieSpellExtension");d.CheckDocumentNode(a.getDoc().documentElement)}catch(f){if(f.number==-2146827859){a.windowManager.confirm(a.getLang("iespell.download"),function(e){if(e){window.open("http://www.iespell.com/download.php","ieSpellDownload","")}})}else{a.windowManager.alert("Error Loading ieSpell: Exception "+f.number)}}});a.addButton("iespell",{title:"iespell.iespell_desc",cmd:"mceIESpell"})},getInfo:function(){return{longname:"IESpell (IE Only)",author:"Moxiecode Systems AB",authorurl:"http://tinymce.moxiecode.com",infourl:"http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/iespell",version:tinymce.majorVersion+"."+tinymce.minorVersion}}});tinymce.PluginManager.add("iespell",tinymce.plugins.IESpell)})(); -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt: -------------------------------------------------------------------------------- 1 | URI.Host 2 | TYPE: string/null 3 | VERSION: 1.2.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |

8 | Defines the domain name of the server, so we can determine whether or 9 | an absolute URI is from your website or not. Not strictly necessary, 10 | as users should be using relative URIs to reference resources on your 11 | website. It will, however, let you use absolute URIs to link to 12 | subdomains of the domain you post here: i.e. example.com will allow 13 | sub.example.com. However, higher up domains will still be excluded: 14 | if you set %URI.Host to sub.example.com, example.com will be blocked. 15 | Note: This directive overrides %URI.Base because 16 | a given page may be on a sub-domain, but you wish HTML Purifier to be 17 | more relaxed and allow some of the parent domains too. 18 |

19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /esapi/lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php: -------------------------------------------------------------------------------- 1 | def = $def; 16 | $this->element = $element; 17 | } 18 | /** 19 | * Checks if CurrentToken is set and equal to $this->element 20 | */ 21 | public function validate($string, $config, $context) { 22 | $token = $context->get('CurrentToken', true); 23 | if ($token && $token->name == $this->element) return false; 24 | return $this->def->validate($string, $config, $context); 25 | } 26 | } 27 | 28 | // vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /extlib/Smarty-3.1.8/libs/plugins/modifiercompiler.count_sentences.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_sentences 14 | * Purpose: count the number of sentences in a text 15 | * 16 | * @link http://www.smarty.net/manual/en/language.modifier.count.paragraphs.php 17 | * count_sentences (Smarty online manual) 18 | * @author Uwe Tews 19 | * @param array $params parameters 20 | * @return string with compiled code 21 | */ 22 | function smarty_modifiercompiler_count_sentences($params, $compiler) 23 | { 24 | // find periods, question marks, exclamation marks with a word before but not after. 25 | return 'preg_match_all("#\w[\.\?\!](\W|$)#S' . Smarty::$_UTF8_MODIFIER . '", ' . $params[0] . ', $tmp)'; 26 | } 27 | 28 | ?> -------------------------------------------------------------------------------- /installation/installer/data/database.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /challenges/ch017/css/main.css: -------------------------------------------------------------------------------- 1 | 2 | .mathcal { 3 | font-family: "Comic Sans MS",cursive,sans-serif; 4 | } 5 | 6 | .content { 7 | max-width: 850; 8 | margin: auto; 9 | border: 2px solid red; 10 | padding: 25px; 11 | background: #fefcea 12 | } 13 | 14 | h1 { 15 | text-align: center; 16 | color: red; 17 | } 18 | 19 | .chal_sub { 20 | text-align: center; 21 | } 22 | 23 | .help_RAT { 24 | border: 1px solid blue; 25 | font-size: 13px; 26 | max-width: 400; 27 | padding: 0 30; 28 | } 29 | 30 | h3 { 31 | text-align: center; 32 | color: blue; 33 | } 34 | 35 | .submit { 36 | color: #fed; 37 | padding: 10 20; 38 | border-radius: 10; 39 | background-color: black; 40 | } 41 | 42 | .submit:hover{ 43 | color: red; 44 | background: white ; 45 | } 46 | 47 | h5 { 48 | text-align: center; 49 | } 50 | 51 | .G_eval{ 52 | color: green; 53 | } 54 | 55 | .B_eval{ 56 | color: red; 57 | } 58 | --------------------------------------------------------------------------------