Teach me... Plz..
-
-
Never will be not scoured !!
lol
use exit('0,$sid');
end of the page
and also delete the uploader files
then edit index.php
uplink('*.php');Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
Visit: WapMasterz Coming Back Soon!
_______
SCRIPTS FOR SALE BY SUBZERO
Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
_______
Info & Tips
php.net
w3schools.com -
-
awan
any ideas guys ,to secure ejatd29 sc?
any ideas guys. To secure ejatd29 sc , pleaseComment
-
they being posted here before mate
you will need to search to get them.....
Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
Visit: WapMasterz Coming Back Soon!
_______
SCRIPTS FOR SALE BY SUBZERO
Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
_______
Info & Tips
php.net
w3schools.comComment
-
help sir
Sir how to , secure my wap from shell ?Originally posted by subzero View Postthey being posted here before mate you will need to search to get them.....Comment
-
dont host a uploader simple !Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
Visit: WapMasterz Coming Back Soon!
_______
SCRIPTS FOR SALE BY SUBZERO
Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
_______
Info & Tips
php.net
w3schools.comComment
-
sub...... why must use exit('0,$sid') at the end? can u explain.. i dont think we can just exit or exit() actually.. why need $sid to close too???Originally posted by subzero View Post
Put your uploader script here awan... i will code new one for u here....Originally posted by awan View Post
Sanitize all your input including user agent.....Originally posted by awan View Postour lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
lavalair script has alot of holes and exiting sid means sid will not go any far then the site inputVisit: Chat4u.mobi - The New Lay Of being a site of your dreams!
Visit: WapMasterz Coming Back Soon!
_______
SCRIPTS FOR SALE BY SUBZERO
Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
_______
Info & Tips
php.net
w3schools.comComment
-
FOR SQL INJECTION
$string = $_SERVER['QUERY_STRING'];
in " http://localhost/sql.php?name=stupid...=N&pass=nopass " this will output : name=stupidname&sex=N&pass=nopass then u can clean the url.
//script eg: u can put it in config.php for global efect
FOR SHELLPHP Code:<?PHP
$string = $_SERVER['QUERY_STRING'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$badwords = array('perm=', 'validated=','insert%20into', 'select%20'); // etc
$clean_url = str_replace($badwords,'x',strtolower($string));
$clean_agent = str_replace($badwords,'x',strtolower($agent));
if($string != $clean_url || $agent != $clean_agent)
header('Location: injection.php');
?>
The most safe way is u to have 2 hosts: 1. Where you have the script 2. File hoster
In host 1 u need to have only the uploader form and in the 2nd the php script.
In the 2nd u'll output a url that go to the 1st then add it to sql database.
# u cand rename the new file name in somewhat like md5(time().'****off'.sha1(rand(9999,99999))); then u add it to db for validation ...
...
...
..Last edited by i0nutzxp; 31.01.11, 10:02.<?php unlink('World/Europe/Romania.country'); ?>Comment
-
U just can disable the shell executi0n in y0ur server 0r just turn 0n the safe m0de.. Thats simple..
Added after 5 minutes:
I d0nt think s0 subzero.. $sid - It just the variable that keep the sessi0n 0nly.. Must it cl0se sub??
Added after 8 minutes:
Nice idea to md5 the name of file uploaded.. But if he or she download it, it still can run unless the staff must validate first the file.. Good idea br0..
Added after 6 minutes:
The ip must secure t00.. Any idea how t0 bl0ck the ip that is n0t numeric.. Pe0ple can inject t00 when they can change their ip and put s0me c0mmand.. This als0 h0le in ejatd script..
Added after 2 minutes:
In my way, use the _$SERVER to get the ip then make a functi0n t0 clean the _$SERVER
I use 0pera mini t0 br0wse here.. S0rry if i n0t p0st the c0de..Last edited by ewanz; 31.01.11, 14:17.our lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
-
old sc... muehehe.....Originally posted by ewanz View Post
already clear all (:
$_SERVER
$_COOKIE
$_POST
$_GET
$_REQUEST
All clear... (:
About safe mode?
Just let it off (:
Secure the uploader
Use mod rewrite
Make sure 777 folder not accessable.
Use permission to carry data.
Hide upload source.
Blind with javasc..
Huh.. Bowring (:
The best way. Use pay hosting
Not Join Yet? On PC?
For Fun Only
EJATD29.COM | Malaysian Social Network - Home Pagesigpic
Visit my WEBSITE Project: http://www.aspirewap.netComment
-
help
how to validate users by sending
activation link in email , please im using ejatd29 scComment
-
@awan, Did u See Search Function??The Code Already Post At ForumOriginally posted by awan View PostComment
Comment