Good work ozziemale, have fun
stop session stealing on lava scripts
Collapse
X
-
,where i can put thz code, after function isblocked2($str,$sender)Originally posted by ozziemale31 View Postalso help against sql injection ban the users who try inserting these symbols ${}
etc
PHP Code:$code[3] = "$";
$code[4] = "{";
$code[4] = "}";
{
if(ismod($sender))
{
return false;
}
$str = str_replace(" ","",$str);
$code[0] = ".php";
$code[1] = ".php4";
$code[2] = ".php5";
...can i put thz code here for mysql injection block??
$code[3] = "$";
$code[4] = "{";
$code[4] = "}"; ,,reply plz
Comment
-
Why dont u post what u got here,everybody are postin theirs..http://myfacepals.com
MYFACEPALS SOCIAL NETWORKsigpic
Comment
-
oh sowi brotha, ok, what ozziemale31 post here in his 1st post, and after that code anothe code for blocking injection,Originally posted by makvanpor2000 View PostWhy dont u post what u got here,everybody are postin theirs..
code[3] = "$"
code[4] = "{"
code[4] = "}" ,,,
after this code i hv block a more word, code[5] = "sid" its main part of stealing sesion of id and 4 enter by any xternel link, if u using opera browser on mobile,just click on menu>>tools>>page information,u wil get this word, for more security we have update catche control generator, means u can access site how long u want,in case ur gprs has disconect coz of network error, u cant use history for enter or from direct ph0nes (last login address), catche control generator will kick ur butts 4 login again, and without user online seasion stealing posible? Blocking "sid" i was think its just normal, and as nebie i did try to block it, and result front of me, if user online,and he wil try to online by copy bookmark,he cant enter... Cant explain more abt it., soon i wil upload here cathe conrol generator and more information,Last edited by manavworld; 28.12.09, 04:01.
Comment
-
Have already done that before i was hackedhttp://myfacepals.com
MYFACEPALS SOCIAL NETWORKsigpic
Comment
-
a few other words you may wanna replace:after this code i hv block a more word, code[5] = "sid"
.js (since session stealing is a client side exploit it uses xss attacks commonly in the form of JS scripts)
.cookie (blocking sid from being used is fine but now everyone knows you've told people to block sid they will use something else to steal sessions, this stops u entering document.cookie or any other cookie related func)
ofcourse none of this code accounts for encoding so you may wanna apply urldecode() at the very least before str matching. Might be a good idea to implement other forms of decoding functions native to php, if your worried about the decode func messing up the original message then create a copy of the message before decoding
Comment
-
hey
well in ccase hacker steal my session so immediately my session expired if he use that same session hehehOriginally posted by manavworld View Postoh sowi brotha, ok, what ozziemale31 post here in his 1st post, and after that code anothe code for blocking injection,
code[3] = "$"
code[4] = "{"
code[4] = "}" ,,,
after this code i hv block a more word, code[5] = "sid" its main part of stealing sesion of id and 4 enter by any xternel link, if u using opera browser on mobile,just click on menu>>tools>>page information,u wil get this word, for more security we have update catche control generator, means u can access site how long u want,in case ur gprs has disconect coz of network error, u cant use history for enter or from direct ph0nes (last login address), catche control generator will kick ur butts 4 login again, and without user online seasion stealing posible? Blocking "sid" i was think its just normal, and as nebie i did try to block it, and result front of me, if user online,and he wil try to online by copy bookmark,he cant enter... Cant explain more abt it., soon i wil upload here cathe conrol generator and more information,
Comment
-
put this code in ur online list, if user wil b disconect once, an example,an network error,attend the call while browsing, gone out of site via bookmark,and afta one mint wil try to come bk with press back key..[sesion will expire]... The session will live with user wil continualy attached with site, only a miscal on hiz mobile wil clear the sesion,than he hv need to login againPHP Code:<?php
$value = 'something from somewhere';
setcookie("TestCookie",$value);
setcookie("TestCookie",$value, time()+0);
setcookie("TestCookie",$value,time()+0, "/~rasmus/",".mysite.com",1)
?>Last edited by manavworld; 19.01.10, 08:53.
Comment
Comment