How to secure lavalair ALL versions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    this is great thanks.......

    Comment


      #17
      Originally posted by metulj View Post
      that was posted once or twice before...
      so you could really use search
      yep i got it thanks 4 suggest nd 2 riderz bro for posted
      JUST JOIN FOR FUN !
      http://wapmaster2.com

      Comment


        #18
        Mysql OR and AND should be added to the bad words list!

        Comment


          #19
          I think that's n0thing way t0 prevent fr0m hacking..
          our lfe is simple words....
          http://mygenkz.net
          ewanz06@yahoo.com
          PHP Code:
          $output="i am NOoob....";
          $newfile="ewanz.txt";
          $file fopen ($newfile"w");
          fwrite($file$output);
          fclose ($file); 

          Comment


            #20
            i think you need to learn fluent english as i didnt understand a word fo that.
            Want something coded email me at sales@webnwaphost.com for a prices.




            Comment


              #21
              Originally posted by ewanz View Post
              I think that's n0thing way t0 prevent fr0m hacking..
              0mGz wHy Teh Hax0r taLk, pLus by wAy y0u wrIte y0u muSt bE a hAx0r?

              /me goes back to proper ENG-ER-LISH!!

              why not show us how to prevent hacking then?

              Comment


                #22
                Yeah, amylee's right, why dont you post how to prevent hacking, some newbie like me have a doubt bout hacking,

                Comment


                  #23
                  Originally posted by subzero View Post
                  How to secure lavalair ALL versions!!!!!!!

                  Wapspire v1,v2
                  fummobile v1
                  aarawap v1

                  Yes you hear me right they all are lavalair scripts !!!!!

                  First Lets get to know how...

                  Place this in your core.php

                  PHP Code:
                  function check_injection() 
                    { 
                      
                  $badchars = array("DROP","TRUNCATE""SELECT""UPDATE""DELETE" "UNION""WHERE""FROM","INSERT","ORDER BY"); 
                     
                      foreach(
                  $_REQUEST  as $value
                      { 
                        if(
                  in_array(strtoupper($value), $badchars)) 
                        { 
                        
                  $logfile'logs/log.txt'//chmod 777 
                  $IP $_SERVER['REMOTE_ADDR']; 
                  $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
                  $fp fopen($logfile"r+"); 
                  fwrite($fp$logdetailsstrlen($logdetails)); 
                  fclose($fp); 

                         
                  header('Location:http://google.com'); 

                        } 
                        else 
                        { 
                          
                  $check preg_split("//"$value, -1PREG_SPLIT_OFFSET_CAPTURE); 
                  foreach(
                  $check as $char)
                  {
                  if(
                  in_array(strtoupper($char), $badchars))
                  {
                        
                  $logfile'logs/log.txt'
                  $IP $_SERVER['REMOTE_ADDR']; 
                  $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
                  $fp fopen($logfile"r+"); 
                  fwrite($fp$logdetailsstrlen($logdetails)); 
                  fclose($fp); 

                              
                  header('Location:http://google.com'); 
                  }}}} 

                  Add this too ALL of your headers Before <html or <doc type Under core.php include file

                  "
                  include("core.php");
                  check_injection();
                  "

                  Step 2:

                  Do Not Host a UPLOADER

                  Step 3:

                  Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!

                  Step 4:

                  Do not save logs in logs or any txt files to members/owners info

                  Step 5

                  Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit

                  Most guest password is your username as your password you must not sign up like

                  username: john1942
                  password: john1942

                  End of page.......

                  If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
                  how can some1 change shell script into .jpg or .mp3 and using on server to hack?

                  is that works?

                  i think it only works with .php on server and then only shell script opening on server coz i tried to change it into .mp3 and jpg and it does not work
                  Last edited by godzilla; 25.12.09, 19:24.

                  Comment


                    #24
                    what uploader? i have upload form in usergallery.php
                    http://www.youtube.com/watch?v=vsLkpcFKbOk

                    Comment


                      #25
                      Try to upload file named shell.php.jpg ... and u will found out...
                      <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                      Comment


                        #26
                        i dont understand.
                        http://www.youtube.com/watch?v=vsLkpcFKbOk

                        Comment


                          #27
                          hiii

                          Originally posted by arnages View Post
                          Try to upload file named shell.php.jpg ... and u will found out...
                          bro this will also not work shell.php.jpg i upload shell in another way.

                          Comment


                            #28
                            Originally posted by godzilla View Post
                            how can some1 change shell script into .jpg or .mp3 and using on server to hack?

                            is that works?

                            i think it only works with .php on server and then only shell script opening on server coz i tried to change it into .mp3 and jpg and it does not work
                            try to use a file binder

                            Comment


                              #29
                              Originally posted by firemax View Post
                              Here is the tool I used to crack into the target site:
                              this can be done directly in browser. enter ' in the input field to test if it is vulnerable to SQLi. if Unknown SQL error shows then it is prone to SQLi. u can now inject your query.

                              Comment


                                #30
                                But im wondering why is the registration form vulnerable to SQLi if addslashes is on core.php? why doesnt it addslashes on registration if it shud add slashes to GET and POST method?

                                Comment

                                Working...
                                X