Why is this

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Why is this

    what do you think uses something) wait to see Wapmaster who know
    Attached Files

    #2
    i dont know
    http://www.youtube.com/watch?v=vsLkpcFKbOk

    Comment


      #3
      Originally posted by valentin2br View Post
      what do you think uses something) wait to see Wapmaster who know
      I think that protects the scripts againsts hackers ... sql injection, shell etc... It`s hard to put that in lavalair ....
      whatmp3.name - search mp3 on mobile

      Comment


        #4
        // Include files and connect to the database.

        Code:
        include("config.php");
        include("core.php");
        $bcon = connectdb();
        if (!$bcon){
        This Function Logs a hacking attempt and deletes the user using there logged in uid.

        Code:
        function crk($l){
        global $CURUSER;
        write_log("Hacking Attempt! User:" . $CURUSER['username'] . " IP:".$_SERVER['REMOTE_ADDR']." - Attempt: ".$l, "delete");
        header("Location: /index.php");
        exit();
        }

        This is another bad words list. Theses are common words used in Cross-site scripting (XSS), RFI (Remote File Inclusion) and LFI (Local File Inclusion) Exploits in web applications which enable malicious attackers to inject malicious data into a site sometimes gaining full control using a Shell injection script (c99,r57).

        Code:
        $ban2 = array(
        "delete from",
        "ibwf_users",
        "<script", 
        "<object", 
        ".write", 
        ".location", 
        ".cookie", 
        ".open", 
        "vbscript:", 
        "<iframe", 
        "<layer", 
        "<style", 
        ":expression", 
        "<base", 
        "id_level", 
        "users_level", 
        "xbt_", 
        "c99.txt", 
        "c99shell", 
        "r57.txt", 
        "r57shell.txt",
        "/home/", 
        "/var/", 
        "/www/", 
        "/etc/", 
        "/bin", 
        "/sbin/", 
        "\$_GET", 
        "\$_POST", 
        "\$_REQUEST", 
        "window.open", 
        "javascript:", 
        "xp_cmdshell",  
        ".htpasswd", 
        ".htaccess", 
        "<?php", 
        "<?", 
        "?>", 
        "</script>"
        );
        This PHP $_SERVER variable contains the URI (URL) from the servers point of view (may be something like index.php?sid=2h5h4h76j7g77)

        Code:
        $cepl = $_SERVER['QUERY_STRING'];
        If a URI (URL) was returned make it all lowercase and remove harmful characters often used in RFI and LFI exploits.

        Code:
        if (!empty($cepl))
        $cepl = strtolower(urldecode(preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $cepl)));
        Bad words list. Used to block Sql injection.

        Code:
        $ban = array();
        $ban["union"] = "select";
        $ban["update"] = "set";
        $ban["drop"] = "table";
        $ban["alter"] = "table";
        $ban["truncate"] = "table";
        $ban["drop"] = "database";
        $ban["create"] = "table";
        $ban["set password for"] = "@";
        Remove those bad words from the url

        Code:
        foreach ($ban as $k => $l)
        if (str_replace($k, '', $cepl) != $cepl && str_replace($l,'',cepl) != $cepl)
        crk($cepl);
        if (str_replace($ban2, '', $cepl) != $cepl) crk($cepl);
        Join the $_REQUEST variables together into a string (THESE CONTAIN $_GET, $_REQUEST,$_COOKIES variables like PHP GLOABALS).

        Code:
        $cepl = implode(" ", $_REQUEST);
        
        if (!empty($cepl))   $cepl = strtolower(urldecode(preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', 
        '', $cepl)));
        Split the string we created earlier and Search and replace all bad word in $_GET, $_POST,$_COOKIE server variables

        Code:
        foreach ($ban as $k => $l)  if (str_replace($k, '', $cepl) != $cepl && str_replace($l, '', $cepl) != $cepl)  crk($cepl);
        If the user has been trying to exploit your site using the cookies delete them.

        Code:
        if (str_replace($ban2, '', $cepl) != $cepl)  crk($cepl);
        Join the cookie variables together into a string.

        Code:
        $cepl = implode(" ", $_COOKIE);
        If there are any cookies returned make them all lowercase and remove harmful characters often used in RFI and LFI exploits.

        Code:
        if (!empty($cepl))  $cepl = strtolower(urldecode(preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $cepl)));
        Separate the cookies string we created earlier and replace badwords.

        Code:
        foreach ($ban as $k => $l) if(str_replace($k, '', $cepl) != $cepl && str_replace($l, '',$cepl) != $cepl) crk($cepl);
        If the user has been trying to exploit your site using the cookies delete them.

        Code:
        if(str_replace($ban2, '', $cepl) !=$cepl)  crk($cepl);
        Last edited by wap2k; 25.12.09, 03:05.

        Comment


          #5
          Dont really understand the thread oh
          http://myfacepals.com
          MYFACEPALS SOCIAL NETWORKsigpic

          Comment


            #6
            it is nice but still cant avoid hacking!
            com site: http://vampist.net
            download site: http://wapdloads.net
            fb: http://www.facebook.com/pmplx

            Comment

            Working...
            X