lavalair script holes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #31
    Im just a noob!
    LESS TALK. LESS MISTAKE.

    HTTP://APPSROB.COM - LIST OF MY FACEBOOK APPS!

    Comment


      #32
      bro..what should we put at .htacces to secure syt.?

      Comment


        #33
        gum put a nice mod rewrite rule for files (.*).php.(.*) but i cant remember it lol but its in forum somewhere lol

        Comment


          #34
          a lot of holes in lava a lot of work to secured....to prevent restrict all the possible holes.how? learn 1st to hacked before to secured ur site if you don't know how to execute it then how to protect ur self?lol.

          Comment


            #35
            Originally posted by kiLLeR-eyEd_14 View Post
            the php word is still there..just do a pregmatch of the word..like if(preg_match("/php/i",basename($file))) then invalid extension..Can also use htaccess trick..Just use some head..
            i can still hack a site even with naming a shell script like somefilename.sis
            as long as its an executable extension the apache server will treat it as such and parse the php code this mostly happens on server built around the default cpanel setup with the old apache and mysql4 etc etc aka ****ty shared hosting

            Comment


              #36
              Originally posted by amylee View Post
              i can still hack a site even with naming a shell script like somefilename.sis
              as long as its an executable extension the apache server will treat it as such and parse the php code this mostly happens on server built around the default cpanel setup with the old apache and mysql4 etc etc aka ****ty shared hosting
              i don't know more about c99shell..Can we try to disable functions like shell_exec, escapeshellarg..etc
              My Blog: http://jhommark.blogspot.com
              My Facebook: http://www.facebook.com/jhommark
              My Official Site: http://www.undergroundweb.tk
              My Community Site: http://undergroundwap.xtreemhost.com

              Comment


                #37
                after saying use ur head! Now your saying you dont know more about it. lol.. Are you joking mr genius killer-eyed_?

                Comment


                  #38
                  Originally posted by amylee View Post
                  i can still hack a site even with naming a shell script like somefilename.sis
                  as long as its an executable extension the apache server will treat it as such and parse the php code this mostly happens on server built around the default cpanel setup with the old apache and mysql4 etc etc aka ****ty shared hosting
                  What will happen if I lock my directory from being used by others?
                  Wait...
                  sigpic

                  Comment


                    #39
                    And what happen if I fix the uploadable file size limit maximum to 15 or 20 kb?
                    Wait...
                    sigpic

                    Comment


                      #40
                      Lol shell and session hijacking is just 2 ways out of many to hack lava ;-)

                      Comment


                        #41
                        Originally posted by tres View Post
                        after saying use ur head! Now your saying you dont know more about it. lol.. Are you joking mr genius killer-eyed_?
                        i said use ur head making some simple codes but it doesn't relate that i said it but i don't know more about c99shell..everybody here don't know c99shell at first..and we can search for its meaning in the web..but making simple codes uses head and it is not searchable everytime, that's why i say sometimes "use ur head"..Lol..
                        Last edited by kiLLeR-eyEd_14; 14.09.09, 09:24.
                        My Blog: http://jhommark.blogspot.com
                        My Facebook: http://www.facebook.com/jhommark
                        My Official Site: http://www.undergroundweb.tk
                        My Community Site: http://undergroundwap.xtreemhost.com

                        Comment


                          #42
                          make a htaccess page with the following in side it

                          IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

                          <Limit GET POST>
                          order deny,allow
                          deny from all
                          allow from all
                          </Limit>

                          <Limit PUT DELETE>
                          order deny,allow
                          deny from all
                          </Limit>

                          <Files images>
                          deny from all
                          </Files>

                          <Files *.php>
                          deny from all
                          </Files>

                          <Files *.php.*>
                          deny from all
                          </Files>

                          <Files *.php.php.*>
                          deny from all
                          </Files>


                          then place it in your share folders this will stop the php pages executing in those folders on your server









                          Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                          Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                          Comment


                            #43
                            heres the shell script
                            Attached Files
                            Free WebHosting :D

                            8):closedeyes:^_^

                            Comment


                              #44
                              Originally posted by anderson View Post
                              And what happen if I fix the uploadable file size limit maximum to 15 or 20 kb?
                              useless.lol c99 shell script only less than 1kb cn manipulate ur site..lol..html virus les than 1kb can manipulate too.lol

                              Comment


                                #45
                                Originally posted by xcoderx View Post
                                Lol shell and session hijacking is just 2 ways out of many to hack lava ;-)
                                yap..add sql inject and csrf..lol...

                                Comment

                                Working...
                                X