lavalair script holes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Originally posted by kiLLeR-eyEd_14 View Post
    i said use ur head making some simple codes but it doesn't relate that i said it but i don't know more about c99shell..everybody here don't know c99shell at first..and we can search for its meaning in the web..but making simple codes uses head and it is not searchable everytime, that's why i say sometimes "use ur head"..Lol..
    shell is simply php script written to get into ur server..
    she is beautifull than php.and i love her more than php.
    sigpic

    Comment


      #47
      Originally posted by ranzit2 View Post
      shell is simply php script written to get into ur server..
      no it isnt stupid, shell script just gives a gui presentation of the server same way as a ftp client in a way

      Comment


        #48
        Shell scripts can't do anything if they are moved to a hidden folder and then md5'd and then have to be vaildated before they are moved to the downloads folder..

        and as for image session id stealer thinggy, don't allow images to be added via a link, make all images have to be vaildated and md5'd.. they will still show as normal if there md5'd. and don't allow hotlinking..

        then if you get a noob hacker trying his luck then they will just go away because they wont get anywere... but remember, a good hacker can get into any script! even the most secure scripts they can hack!

        you will always get noob's trying to hack lavalair edits etc.. because they are probably the most saddest people on the internet and get a kick out of hacking lavalair edits and sharing them here.

        "ooohhhh yeah, i hacked lavalair edit, im a top internet hacker"

        hahaha!

        Comment


          #49
          1 thing i dont get with shell scripts there php but most decent uploaders wont accept them and calling them say mshell.php.jpg doesnt work unless u can rename the file and thats if the uploader isnt checking content type

          Comment


            #50
            Originally posted by ozziemale31 View Post
            make a htaccess page with the following in side it

            IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

            <Limit GET POST>
            order deny,allow
            deny from all
            allow from all
            </Limit>

            <Limit PUT DELETE>
            order deny,allow
            deny from all
            </Limit>

            <Files images>
            deny from all
            </Files>

            <Files *.php>
            deny from all
            </Files>

            <Files *.php.*>
            deny from all
            </Files>

            <Files *.php.php.*>
            deny from all
            </Files>


            then place it in your share folders this will stop the php pages executing in those folders on your server
            most these dont do anything andrew lol i use this

            PHP Code:
            <FilesMatch "\.(jpe?g|png|gif|bmp|php|mid|mp3|wma|wav|amr|sis|sisx|jar|jad|3gp|mp4|avi|mov|wmv|mpg|mpeg)$">
            Order Deny,Allow
            Deny from all
            </FilesMatch
            then even the file types that are in there cant be located thru url / hotlinking then u just gotto rely on ur uploader to not upload malicious files lol

            Comment


              #51
              True wat whitewarrior said, do ur basic protection: quote escapes, upload file scannin renaming n maybe file header validation resizing(for jpegs), sid security and input validation. Any hacker dat can be arsed enuf to go d extra mile must ava gud reason, prolly deserves to hack u, or is not a very cheerful lad lol. I dnt knw about others bt i wont even try to go over d edge just 4 sum crap wap site even tho i can. If its nt watchn my server logs or generating sid or uploading AND ur site isnt prodigits pls im nt interested and i wnt listen 2 ppl dat say "hack my site, lets c if u can" cuz usually d results r d same.
              Oh an N.B No mata how secure u tink ur uploader is PLEASE dnt use CSS upload. DANGER!! Dnt say i didnt warn u lol.

              Comment


                #52
                css upload? as in cascade style sheets?

                Comment


                  #53
                  Yes that. I found a bypass recently.

                  Comment


                    #54
                    well my css changes itself for each user its a neat lil trick using php and also stops ppl seeing ur css file too and stealing ideas

                    Comment


                      #55
                      Originally posted by ori View Post
                      well my css changes itself for each user its a neat lil trick using php and also stops ppl seeing ur css file too and stealing ideas
                      you cant hide CSS style...
                      It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                      ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                      ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                      キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                      Comment


                        #56
                        i think we can hide css using a sesion variable

                        Comment


                          #57
                          my css file is unreadable by browsers as it is a php file lol have look the source for afta-dark.mobi

                          Comment


                            #58
                            i mixed php and css using a css header in php file

                            Comment


                              #59
                              Originally posted by ori View Post
                              my css file is unreadable by browsers as it is a php file lol have look the source for afta-dark.mobi
                              well... im not sayin that anyone can see your CSS propertie...
                              but(gee theres always this BUT lmao)
                              i could copy your site exact css style ;) :P
                              It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                              ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                              ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                              キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                              Comment


                                #60
                                Originally posted by ori View Post
                                i mixed php and css using a css header in php file
                                Code:
                                body {background-color:#000; color:#fff; font-family:'Segoe Print', Verdana, Arial; font-size:medium; margin:0px; padding:2px;}
                                head {font-size:medium;}
                                img {border:0;}
                                .img {margin:10px;}
                                small, big, i {color:#fff;}
                                a, a:active, a:visited, a:hover {color:#3366ff; text-decoration:none;}
                                p, div {text-align:center; width:100%;}
                                .center { text-align:center; }
                                .bold { font-weight:bold; }
                                .adblock, .adblock2 { background-image:url("/images/style/adblock_bg.png"); background-repeat:repeat-x; color:#000; margin:2px 0px 2px 0px; padding:2px 0px 2px 0px; }
                                .adblock a, .adblock2 a { font-weight:bold; color:#3366ff; }
                                .adblock a:hover, .adblock2 a:hover { font-weight:bold; color: #ff0000; }
                                .adblock img, .adblock2 img { height:25px; width:150px; }
                                .title { color:#fff; padding:2px 0px 2px 0px; background-image:url("/images/style/3366ff_header_bg.png"); background-repeat:repeat-x; background-color:#000; }
                                .navi { color:#fff; font-size:small; padding:2px 0px 2px 0px; background-image:url("/images/style/3366ff_footer_bg.png"); background-repeat:repeat-x; background-color:#000; }
                                .navi a, .navi a:active, .navi a:visited { color:#000; }
                                .navi a:hover { color:#fff; }
                                .warn { background-color:#ffe1bb; color:#000; font-size:small; padding:0px 2px 0px 2px; border:1px solid #ff9900; }
                                .error { background-color:#fda9a9; color:#000; font-size:small; padding:0px 2px 0px 2px; border:1px solid #ff0000; }
                                .ok { background-color:#c1ffc1; color:#000; font-size:small; padding:0px 2px 0px 2px; border:1px solid #00c000; }
                                ? just went property source and click on the css link and walla.
                                Want something coded email me at sales@webnwaphost.com for a prices.




                                Comment

                                Working...
                                X