stop browser injection on your lava script

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    stop browser injection on your lava script

    ok guys this took me an hour to code and it works
    chmod your htaccess page to 666

    make a php page anyname u want

    Code:
    <?php
    function agent($browser) {
    $useragent = $_SERVER['HTTP_USER_AGENT'];
    
    return strstr($useragent,$browser);
    }
    // below are some user agent strings used to gain owner tools with out session hacks
    // if your script uses vallidated or simlar just change to suit easy to remod
    // to use on your script just add a include at top of your pages ie require('incfiles/end.php'); 
    //  ',valid='1',perm='5'#
    // SELECT/*!323021/0,*/1 FROM ibwf_users
    if(agent(",valid='1',perm='5'") != FALSE) {
    
     $remote_ip = $_SERVER['REMOTE_ADDR'];
    $hostname = @gethostbyaddr($remote_ip);
    
    $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
    $sydnNew_Time = time() + (24 * 60 * 60);
    $sydn=date("H:i",$sydnNew_Time);
    
    $time = date("F jS Y,");
    echo "<br/><b>Time:</b>$time-$sydn<br/>";
    echo "<b>Ip:</b>$remote_ip<br/>";
    echo "You are using A Banned User Agent<br/>";
    echo "<font color=\"#FF00FF\">";
     echo $_SERVER['HTTP_USER_AGENT'];
     echo "</font>";
     echo "<br/>This Action Has Been Logged";
     $remote_ip = "deny from $remote_ip\n" ;
    $banip = '.htaccess';
    $fp = fopen($banip, "a");
    $write = fputs($fp, $remote_ip);
    fclose($fp);
    }
    else if (agent("SELECT/*!323021/0,*/1 FROM ibwf_users") != FALSE) {
    $remote_ip = $_SERVER['REMOTE_ADDR'];
    $hostname = @gethostbyaddr($remote_ip);
    
    $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
    $sydnNew_Time = time() + (24 * 60 * 60);
    $sydn=date("H:i",$sydnNew_Time);
    
    $time = date("F jS Y,");
    echo "<br/><b>Time:</b>$time-$sydn<br/>";
    echo "<b>Ip:</b>$remote_ip<br/>";
    echo "You are using A Banned User Agent<br/>";
    echo "<font color=\"#FF00FF\">";
     echo $_SERVER['HTTP_USER_AGENT'];
     echo "</font>";
     echo "<br/>This Action Has Been Logged";
     $remote_ip = "deny from $remote_ip\n" ;
    $banip = '.htaccess';
    $fp = fopen($banip, "a");
    $write = fputs($fp, $remote_ip);
    fclose($fp);
    }
    else {
    echo "User Agent not recognised.";
    }
    ?>
    please dont forget to say thanks for my work and if u like it or improve it post the results here









    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free


    #2
    after make injection.php need to put in every php like include injection.php????
    LoveForum.BiZ

    Comment


      #3
      just put in ya core mate . .that will cover the rest of your script .
      Wapchat4u


      Topsites4u

      Comment


        #4
        yep i know i made it work as a function i think i did good here









        Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
        Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

        Comment


          #5
          Originally posted by ozziemale31 View Post
          ok guys this took me an hour to code and it works
          chmod your htaccess page to 666


          make a php page anyname u want


          Code:
          <?php
          function agent($browser) {
          $useragent = $_SERVER['HTTP_USER_AGENT'];
          
          
          return strstr($useragent,$browser);
          }
          // below are some user agent strings used to gain owner tools with out session hacks
          // if your script uses vallidated or simlar just change to suit easy to remod
          // to use on your script just add a include at top of your pages ie require('incfiles/end.php'); 
          //  ',valid='1',perm='5'#
          // SELECT/*!323021/0,*/1 FROM ibwf_users
          if(agent(",valid='1',perm='5'") != FALSE) {
          
          
           $remote_ip = $_SERVER['REMOTE_ADDR'];
          $hostname = @gethostbyaddr($remote_ip);
          
          
          $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
          $sydnNew_Time = time() + (24 * 60 * 60);
          $sydn=date("H:i",$sydnNew_Time);
          
          
          $time = date("F jS Y,");
          echo "<br/><b>Time:</b>$time-$sydn<br/>";
          echo "<b>Ip:</b>$remote_ip<br/>";
          echo "You are using A Banned User Agent<br/>";
          echo "<font color=\"#FF00FF\">";
           echo $_SERVER['HTTP_USER_AGENT'];
           echo "</font>";
           echo "<br/>This Action Has Been Logged";
           $remote_ip = "deny from $remote_ip\n" ;
          $banip = '.htaccess';
          $fp = fopen($banip, "a");
          $write = fputs($fp, $remote_ip);
          fclose($fp);
          }
          else if (agent("SELECT/*!323021/0,*/1 FROM ibwf_users") != FALSE) {
          $remote_ip = $_SERVER['REMOTE_ADDR'];
          $hostname = @gethostbyaddr($remote_ip);
          
          
          $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
          $sydnNew_Time = time() + (24 * 60 * 60);
          $sydn=date("H:i",$sydnNew_Time);
          
          
          $time = date("F jS Y,");
          echo "<br/><b>Time:</b>$time-$sydn<br/>";
          echo "<b>Ip:</b>$remote_ip<br/>";
          echo "You are using A Banned User Agent<br/>";
          echo "<font color=\"#FF00FF\">";
           echo $_SERVER['HTTP_USER_AGENT'];
           echo "</font>";
           echo "<br/>This Action Has Been Logged";
           $remote_ip = "deny from $remote_ip\n" ;
          $banip = '.htaccess';
          $fp = fopen($banip, "a");
          $write = fputs($fp, $remote_ip);
          fclose($fp);
          }
          else {
          echo "User Agent not recognised.";
          }
          ?>

          please dont forget to say thanks for my work and if u like it or improve it post the results here

          PHP Code:
          <?php
          function agent($browser) {
          $useragent $_SERVER['HTTP_USER_AGENT'];
          return 
          strstr($useragent,$browser);
          }

          // below are some user agent strings used to gain owner tools with out session hacks
          // if your script uses vallidated or simlar just change to suit easy to remod// to use on your script just add a include at top of your pages ie require('incfiles/end.php'); 
          //  ',valid='1',perm='5'#
          // SELECT/*!323021/0,*/1 FROM ibwf_users
          if(agent(",valid='1',perm='5'") != FALSE) {
          $remote_ip $_SERVER['REMOTE_ADDR'];
          $hostname = @gethostbyaddr($remote_ip);
          $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
          $sydnNew_Time time() + (24 60 60);
          $sydn=date("H:i",$sydnNew_Time);
          $time date("F jS Y,");
          echo 
          "<br/><b>Time:</b>$time-$sydn<br/>";
          echo 
          "<b>Ip:</b>$remote_ip<br/>";
          echo 
          "You are using A Banned User Agent<br/>";
          echo 
          "<font color=\"#FF00FF\">"
          echo 
          $_SERVER['HTTP_USER_AGENT']; echo "</font>"
          echo 
          "<br/>This Action Has Been Logged"
          $remote_ip "deny from $remote_ip\n" ;
          $banip '.htaccess';
          $fp fopen($banip"a");
          $write fputs($fp$remote_ip);
          fclose($fp);

          $fp1 fopen("browserInjecton_logs.rtf","a+");
          $fip "Ip-Address: ".$remote_ip."";
          $fbr "Browser: ".agent."";$flog "Time: $time";
          $hr "----------";

          fwrite ($fp1"".$fip."\n".$fbr."\n".$flog."\n".$hr."\n");
          fclose($fp);

          }else if (
          agent("SELECT/*!323021/0,*/1 FROM ibwf_users") != FALSE) {
          $remote_ip $_SERVER['REMOTE_ADDR'];
          $hostname = @gethostbyaddr($remote_ip);
          $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
          $sydnNew_Time time() + (24 60 60);$sydn=date("H:i",$sydnNew_Time);
          $time date("F jS Y,");
          echo 
          "<br/><b>Time:</b>$time-$sydn<br/>";
          echo 
          "<b>Ip:</b>$remote_ip<br/>";
          echo 
          "You are using A Banned User Agent<br/>";
          echo 
          "<font color=\"#FF00FF\">"; echo $_SERVER['HTTP_USER_AGENT'];
           echo 
          "</font>"; echo "<br/>This Action Has Been Logged"
          $remote_ip "deny from $remote_ip\n" ;
          $banip '.htaccess';
          $fp fopen($banip"a");
          $write fputs($fp$remote_ip);
          fclose($fp);
          $fp1 fopen("browserInjecton_logs.rtf","a+");
          $fip "Ip-Address: 
          "
          .$remote_ip."";
          $fbr "Browser: ".agent."";
          $flog "Time: $time";$hr "----------";

          fwrite ($fp1"".$fip."\n".$fbr."\n".$flog."\n".$hr."\n");
          fclose($fp);
          }else 
          {
          header'Location: http://mygenkz.net' ) ;
          }
          ?>
          im upgrade to log system, thats mean u can view or monitor who had did the browser injection..
          Make your file first as browserInjecton_logs.rtf

          Added after 47 minutes:

          Here the other method can use to prevent from browser injection.. i modified the code by ozziemale31 to the my style by htaccess trick..




          1. Open your .htaccess file and paste the code below


          Code:
          RewriteEngine on
           RewriteCond %{HTTP_USER_AGENT} ^valid='1' [OR]
           RewriteCond %{HTTP_USER_AGENT} ^perm='5' [OR]
           RewriteCond %{HTTP_USER_AGENT} ^SELECT/*!323021/0,*/1 FROM ibwf_users [OR]
           RewriteRule .* brows_inject.php [F]

          2. Make a new file as brows_inject.php


          PHP Code:
          <?php  
          function ewanz_ip()
          {if (!empty(
          $_SERVER['HTTP_CLIENT_IP']))
          {
          $ip=$_SERVER['HTTP_CLIENT_IP'];
          }elseif (!empty(
          $_SERVER['HTTP_X_FORWARDED_FOR'])) 
          {
          $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
          }else{
          $ip=$_SERVER['REMOTE_ADDR'];
          }return 
          $ip;
          }

          function 
          ewanz_ua()
          $ewanz = array('HTTP_X_DEVICE_USER_AGENT''HTTP_X_OPERAMINI_PHONE_UA','HTTP_X_BOLT_PHONE_UA''HTTP_X_MOBILE_UA''HTTP_USER_AGENT');    
          foreach (
          $ewanz as $ua) { if (!empty($_SERVER[$ua])) { return $_SERVER[$ua];
          break;        
          }    
          }

          $ipr ewanz_ip();$ubr ewanz_ua();
          $fp fopen("browserInjecton_logs.rtf","a+");
          $fip "Ip-Address: ".$ipr."";
          $fbr "Browser: ".$ubr."";
          $ftime date("F jS Y,");
          $hr "----------";

          fwrite ($fp"".$fip."\n".$fbr."\n".$ftime."\n".$hr."\n");fclose($fp);
          echo 
          "<html>";
          echo 
          "<head>";
          echo 
          "<title>";
          echo 
          "Stupid Browser lol!!";
          echo 
          "</title>";
          echo 
          "<body>";
          echo 
          "<center>";
          echo 
          "<b>Bad User Agent!!</b>";
          echo 
          "<br/><br/>";
          echo 
          "<small>";
          echo 
          "This site is protected from browser injection loL!!";
          echo 
          "</small>";
          echo 
          "</center>";
          echo 
          "</body>";
          echo 
          "</html>";
          ?>

          3. Make a file as browserInjecton_logs.rtf to view your log


          Enjoy this simple code from me..
          Last edited by ewanz; 29.01.12, 03:16.
          our lfe is simple words....
          http://mygenkz.net
          ewanz06@yahoo.com
          PHP Code:
          $output="i am NOoob....";
          $newfile="ewanz.txt";
          $file fopen ($newfile"w");
          fwrite($file$output);
          fclose ($file); 

          Comment


            #6
            ive also made a php version which just rquires htaccess to be chmodded to 666
            Code:
            <?php
            /*
            ////////////////////////////////////////
            //       mobilezonez sql inject trap  //
            //              by                    //
            //       Ozziemale aka Rampage        //
            ///////////////////////////////// //////
            */
            
            $r= $_SERVER['REQUEST_URI'];
            $q= $_SERVER['QUERY_STRING'];
            $i= $_SERVER['REMOTE_ADDR'];
            $u= $_SERVER['HTTP_USER_AGENT'];
            $i = "deny from $REMOTE_ADDR\n" ;
            $banip = '.htaccess';
            $fp = fopen($banip, "a");
            $write = fputs($fp, $i);
            fclose($fp);
            
            $ref = $_SERVER['HTTP_REFERER'];
            $phone=$_SERVER['HTTP_USER_AGENT'];
            $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
            $sydnNew_Time = time() + (24 * 60 * 60);
            $sydn=date("H:i",$sydnNew_Time);
            $time = date("F jS Y,");
            $iplog = "Time:$time-$sydn ::Browser:$r :: Ip-$i ::Referer:$ref ::Attempt: $r - $q - $i - $u";
                       $fp=@fopen("iplog.txt","a+");
                       @fputs($fp,"$iplog \r\n");
                       @fclose($fp);
            $mess = $r . ' | ' . $q . ' | ' . $i . ' | ' .$u;
            mail("admin@mobilezonez.net","bad request",$mess,"from:hacker@mobilezonez.net");
            echo "Bye Bye Mother ****er!!!";
            ?>
            make it a function into core php and it will cover every part of your site









            Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
            Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

            Comment


              #7
              none sense, just use clean query and all injections will stop..

              Comment


                #8
                this saves u time and banns the ip attacking your site using browser injection saving u time and effort









                Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                Comment


                  #9
                  Try This In core.php under function connectdb add <?php function connectdb()
                  {
                  global $dbname, $dbuser, $dbhost, $dbpass;
                  $conms = @mysql_connect($dbhost,$dbuser,$dbpass); //connect mysql
                  if(!$conms) return false;
                  $condb = @mysql_select_db($dbname);
                  if(!$condb) return false;

                  global $_SERVER, $HTTP_USER_AGENT, $HTTP_X_DEVICE_USER_AGENT;
                  $HTTP_USER_AGENT = mysql_real_escape_string($HTTP_USER_AGENT);
                  $HTTP_X_DEVICE_USER_AGENT = mysql_real_escape_string($HTTP_X_DEVICE_USER_AGENT );
                  $_SERVER["HTTP_USER_AGENT"] = mysql_real_escape_string($_SERVER["HTTP_USER_AGENT"]);
                  $_SERVER["HTTP_X_DEVICE_USER_AGENT"] = mysql_real_escape_string($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);

                  return true;

                  }
                  ?>

                  Comment


                    #10
                    ive made this topic cus im always getting people inboxn me on ways to secure there scripts in a way its also a learning curve for newbies who dont know about browser injection









                    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                    Comment


                      #11
                      Originally posted by scriptmafia View Post
                      none sense, just use clean query and all injections will stop..
                      LOl.. there are many skill and things to stop any type of injection.. but this topic is just another solution and more idea to stop injection without sanitize input from user agent.. please think positive lol.. we are here for learn and keep learn.. if u have your solution and idea just post your idea and the code here.. don't just say none sense...
                      our lfe is simple words....
                      http://mygenkz.net
                      ewanz06@yahoo.com
                      PHP Code:
                      $output="i am NOoob....";
                      $newfile="ewanz.txt";
                      $file fopen ($newfile"w");
                      fwrite($file$output);
                      fclose ($file); 

                      Comment

                      Working...
                      X