473,544 Members | 1,678 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

hack this code :)

hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #1
4 1534
"NoWhereMan " <no********@PLE ASEDONTSPAMMEde spammed.comwrot e in message
news:1a******** *************** *****@40tude.ne t...
hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Hi.

If you don't post defaults.php, there's is no telling if there really is a
security flaw.
Sep 3 '06 #2
on Sun, 3 Sep 2006 13:37:35 +0200, Hans 'pritaeas' Pollaerts wrote:
If you don't post defaults.php, there's is no telling if there really is a
security flaw.
defaults.php defines only the constants you read in the code :)

define('IMAGES_ DIR', 'fp-content/content/mages');
define('ATTACHS _DIR', 'fp-content/content/attachs');

plus others you don't need to know here...
nothing else

bye :)

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #3
NoWhereMan wrote:
would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829
I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
Sep 3 '06 #4
on Sun, 3 Sep 2006 14:03:23 +0200, Janwillem Borleffs wrote:
NoWhereMan wrote:
>would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
actually I can't as I don't own the webserver (and as the script is
suppsoed to be distributed), and that's why I've put these lines:

if (strpos($name, '..')!==false || strpos($name,'/')!==false)
die('Invalid file name!');

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
2834
by: Market Mutant | last post by:
on http://www.vbulletin.org/forum/showthread.php?s=&threadid=50116 it has http://www.vbulletin.org/forum/attachment.php?attachmentid=11156 but after i registered my account, I still can not download this hack. WHY? *************************************** This is more of a getting you started piece of code than a copy and paste
0
1614
by: zimba | last post by:
Hello ! If somebody is interested, here is a small hack I've done today. There are still some curious effects, but I'm pretty satisfied by the results, since PHP is not very flexible. Let me know what you think, I'm looking into talking about somethin ;)
3
3496
by: Haines Brown | last post by:
I thought I had understood this issue and implemented a work around, but now when I check on IE5, it is not working: ... #IE-hack { margin-left: auto; margin-right: auto; width: 20em; text-align: center; }
0
1295
by: Thomas Mlynarczyk | last post by:
Hi, While reading up a bit on the famous Box Model Hack, I found this solution proposed: selector { property: standard-value !important; property /* IE<6 */: ie-box-model-value; }
3
1938
by: cr88192 | last post by:
for various reasons, I added an imo ugly hack to my xml parser. basically, I wanted the ability to have binary payload within the xml parse trees. this was partly because I came up with a binary xml format (mentioned more later), and thought it would be "useful" to be able to store binary data inline with this format, and still wanted to...
2
3488
by: Ing. Rajesh Kumar | last post by:
Hi everybody I have about 50 code behind *.vb files from which i have created a single *.dll file. This single *.dll file and all the *.aspx files i will put on a clients computer. So i just wanted to know if they can hack it ? I know that there should be a way to hack it but only i want to know if it is simple enough. I mean if my client's...
5
2226
by: Nmx | last post by:
Hi everyone, I'm writing a patch to a search engine (aspseek http://www.aspseek.org/) compile under gcc 3.4.4 on FC3. At some point, I found this piece of code: -- // Dirty hack to avoid non-threadsafeness of string class // We set ref to big value here so it will not reach 0
0
2075
by: Xah Lee | last post by:
In this article, i explain how the use of bit masks is a hack in many imperative languages. Often, a function will need to take many True/False parameters. For example, suppose i have a function that can draw a rainbow, and each color of the rainbow can be turned on or off individually. My function specification can be of this form:...
7
2248
by: badc0de4 | last post by:
Is this a stupid hack or a clever hack? Is it a "hack" at all? ==================== #include <stdio.h> /* !!HACK!! */ /* no parenthesis on the #define'd expression */ #define MY_FLOAT_CONSTANT_HACKED 15 / 4
0
3685
by: freehackers | last post by:
FreeHackers Group : Only 6 Steps to get cracked your target password 1- Fill in the E-Mail Cracking order form , to the best of your knowledge “contact us to freehackers.007gmail.com with victim’s details (complete name ,email address ,country)” Replace by @ in the email address. 2- After successfully cracking the password , we...
0
7429
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7368
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7777
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7713
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
4922
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3420
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3414
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1844
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
990
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.