468,272 Members | 2,159 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

home > topics > php > questions > hack this code :)

Post your question to a community of 468,272 developers. It's quick & easy.

hack this code :)

hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #1
4 1382
"NoWhereMan" <no********@PLEASEDONTSPAMMEdespammed.comwrote in message
news:1a****************************@40tude.net...
hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Hi.

If you don't post defaults.php, there's is no telling if there really is a
security flaw.
Sep 3 '06 #2
on Sun, 3 Sep 2006 13:37:35 +0200, Hans 'pritaeas' Pollaerts wrote:
If you don't post defaults.php, there's is no telling if there really is a
security flaw.
defaults.php defines only the constants you read in the code :)

define('IMAGES_DIR', 'fp-content/content/mages');
define('ATTACHS_DIR', 'fp-content/content/attachs');

plus others you don't need to know here...
nothing else

bye :)

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #3
NoWhereMan wrote:
would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829
I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
Sep 3 '06 #4
on Sun, 3 Sep 2006 14:03:23 +0200, Janwillem Borleffs wrote:
NoWhereMan wrote:
>would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
actually I can't as I don't own the webserver (and as the script is
suppsoed to be distributed), and that's why I've put these lines:

if (strpos($name, '..')!==false || strpos($name,'/')!==false)
die('Invalid file name!');

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #5

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics

PHP
How do download this hack?
reply views Thread by Market Mutant | last post: by
PHP
HACK : Mixin in PHP5
reply views Thread by zimba | last post: by
old issue revisited: IE hack for block centering
3 posts views Thread by Haines Brown | last post: by
Alternate Box Model Hack
reply views Thread by Thomas Mlynarczyk | last post: by
Is it possible to hack *.DLL created from *.VB files ?
2 posts views Thread by Ing. Rajesh Kumar | last post: by
help with dirty hack
5 posts views Thread by Nmx | last post: by
The Hack of bitmask used as Predicate Parameters
reply views Thread by Xah Lee | last post: by
Stupid or clever hack?
7 posts views Thread by badc0de4 | last post: by
Low-invasive C language library
reply views Thread by NPC403 | last post: by
BYTES.COM © 2021
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.