471,046 Members | 1,293 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > php > questions > hack this code :)

Join Bytes to post your question to a community of 471,046 software developers and data experts.

hack this code :)

hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #1
4 1430
"NoWhereMan" <no********@PLEASEDONTSPAMMEdespammed.comwrote in message
news:1a****************************@40tude.net...
hi all,

would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

bye

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Hi.

If you don't post defaults.php, there's is no telling if there really is a
security flaw.
Sep 3 '06 #2
on Sun, 3 Sep 2006 13:37:35 +0200, Hans 'pritaeas' Pollaerts wrote:
If you don't post defaults.php, there's is no telling if there really is a
security flaw.
defaults.php defines only the constants you read in the code :)

define('IMAGES_DIR', 'fp-content/content/mages');
define('ATTACHS_DIR', 'fp-content/content/attachs');

plus others you don't need to know here...
nothing else

bye :)

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #3
NoWhereMan wrote:
would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829
I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
Sep 3 '06 #4
on Sun, 3 Sep 2006 14:03:23 +0200, Janwillem Borleffs wrote:
NoWhereMan wrote:
>would you please help me find any security flaw in this code (if any)?
thank you so much

http://paste.uni.cc/9829

I assume you have properly set your base dir restriction directive in your
php.ini file to handle cases where $_REQUEST['f'] would be defined as
'../someprivatedir/dbconnect.php'?

JW
actually I can't as I don't own the webserver (and as the script is
suppsoed to be distributed), and that's why I've put these lines:

if (strpos($name, '..')!==false || strpos($name,'/')!==false)
die('Invalid file name!');

--
NoWhereMan
-- NoWhereBlog: www.nowhereland.it
-- deviantArt: http://nowhereland.deviantart.com
-- Giochi a BiteFight? http://bitefight.nowhereland.it/
-- Vagisil migliora la tua vita intima: www.vagisil.com/teencenter.shtml
Sep 3 '06 #5

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics

PHP
How do download this hack?
reply views Thread by Market Mutant | last post: by
PHP
HACK : Mixin in PHP5
reply views Thread by zimba | last post: by
old issue revisited: IE hack for block centering
3 posts views Thread by Haines Brown | last post: by
Alternate Box Model Hack
reply views Thread by Thomas Mlynarczyk | last post: by
Is it possible to hack *.DLL created from *.VB files ?
2 posts views Thread by Ing. Rajesh Kumar | last post: by
help with dirty hack
5 posts views Thread by Nmx | last post: by
The Hack of bitmask used as Predicate Parameters
reply views Thread by Xah Lee | last post: by
Stupid or clever hack?
7 posts views Thread by badc0de4 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2022
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates