Hey guys need some help blocking php uploads in mms when there is like 2 extensions for example logo.php.gif i already blocked logo.php but i can't seem to block it if someone uploades a shell and put the php in the middle instead

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hey guys need some help blocking php uploads in mms when there is like 2 extensions for example logo.php.gif i already blocked logo.php but i can't seem to block it if someone uploades a shell and put the php in the middle instead

    $byuid = getuid_sid($sid);

    $pmtou = mysql_real_escape_string($_POST["pmtou"]);

    addonline(getuid_sid($sid),"Send photo $pmtou","");

    echo head("Mms Inbox","", getuid_sid($sid));

    $pmtext = mysql_real_escape_string($_POST["pmtext"]);

    $size = mysql_real_escape_string($_FILES['attach']['size']/1024);

    $origname = mysql_real_escape_string($_FILES['attach']['name']);

    $ext = explode(".", strrev($origname));

    switch(strtolower($ext[0])){

    case "gpj":

    $res = true;

    break;

    case "gnp":

    $res = true;

    break;

    case "pmb":

    $res = true;

    break;

    case "fig":

    $res = true;

    break;


    }

    $tm = time();

    $uploaddir = $mmsdir; //can be configured in config.php

    $who = getuid_nick($pmtou);

    echo "<p align="center">";

    if($size>1024){

    echo "File is larger than 1024KB";





    }

    else if ($res!=true){



    echo "<img src="images/notok.gif" alt="X"/> Message not sent! Check error messages and report to a moderator or admin if applicable. Error: Incorrect type of file.";

    echo "<br/><a href="inbox.php?action=mmsdisp&amp;sid=$sid">Back To MMS Inbox</a>";

    }



    else if(isblocked($pmtext,$byuid)){

    $bantime = time() + (7*24*60*60);

    echo "<img src="images/notok.gif" alt="X"/>";

    echo "It's impossible to send a photo of PP $pmtou<br/><br/>";

    //echo "You just sent a link to one of the crappiest sites on earth<br/> The members of these sites spam here a lot, so go to that site and stay there if you don't like it here<br/> as a result of your stupid action:<br/>1. you have lost your sheild<br/>2. you have lost all your plusses<br/>3. You are BANNED!";

    mysql_query("INSERT INTO ibwf_penalties SET uid='".mysql_real_escape_string($byuid)."', penalty='1', exid='1', timeto='".mysql_real_escape_string($bantime)."', pnreas='Banned: Automatic Ban for spamming for a crap site'");

    mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".mysql_real_escape_string($byuid)."'");

    mysql_query("INSERT INTO ibwf_private SET text='".mysql_real_escape_string($pmtext)."', byuid='".mysql_real_escape_string($byuid)."', touid='1', timesent='".mysql_real_escape_string($tm)."'");

    $res=false;

    }

    else if((isignored($byuid, $who))&&(istrashed($byuid))){

    echo "me can send a photo because the PP You to Ignore List $pmtou.";

    $res=false;

    }

    else{

    $name = mysql_fetch_array(mysql_query("SELECT (MAX(id)+146) FROM ibwf_mms"));

    $uploadfile = mysql_real_escape_string($name[0].".".strrev($ext[0]));
    $imageurl = "/mmsloads/$uploadfile";

    move_uploaded_file($_FILES['attach']['tmp_name'], "$uploaddir/$uploadfile");

    $ext=strrev($ext[0]);

    $res1 = mysql_query("INSERT INTO ibwf_mms SET origname='".mysql_real_escape_string($origname)."' , pmtext='".mysql_real_escape_string($pmtext)."', byuid='".mysql_real_escape_string($byuid)."', unread='1', touid='".mysql_real_escape_string($who)."', timesent='".mysql_real_escape_string($tm)."', filename='".mysql_real_escape_string($uploadfile). "', imglink='".mysql_real_escape_string($imageurl)."', size='$size', extension='".mysql_real_escape_string($ext)."'");

    }


    if($res1){


    $shpl = getPoints($uid) - 10;

    mysql_query("UPDATE ibwf_users SET Points='".mysql_real_escape_string($shpl)."' WHERE id='".mysql_real_escape_string($uid)."'");

    echo "<div class="title">Your Message was Successfully Sent and 10 Points Were Deducted <img src="images/ok.gif" /></div>";

    }

    else {

    echo "Not submitted.";

    }
    Last edited by tupac; 27.01.17, 15:51.

  • #2
    Any help guys really would appreciate it

    Comment


    • #3
      Turn php off for the upload directory by placing a .htaccess inside it containing the following code:
      Code:
      php_flag engine off

      Comment


      • #4
        Thanks alot bro you always seems to come to our rescue :D

        Comment


        • #5
          By any chance bro do you have any code that after 3 or 4 login attempts a person account is locked for 20 min or so?

          Comment


          • #6
            In short: Its too much hassle for me to do this properly for an lava script.
            If you don't do it properly you end up causing yourself more problems than its worth, as you need a multi ip protection system on it, as there is scripts that can hammer there way in via alternating ip addresses. (If you don't do it with ip protection you end up with users locking other users out of there accounts)

            Although You could "bodge" this together with cookies, but its not exactly hard to turn cookies off.

            My personal choice for a lava script would be to get rid of email addresses being shown to public in profiles and then changing the login credentials to email and password rather than name and password - This way a hacker would need 2 strings of data rather than just 1.

            You could then also email the user every time an incorrect password is entered or maybe even email yourself at the same time.

            Comment


            • #7
              Yes thats a great idea bro...you know you're very innovative. On my site password recovery you need to enter the username of the person and the email to send the recovery email so if the email is restricted from the public then a hacker probably will be in more pressure lol thanks alot

              Comment

              Working...
              X