Lavalair Exploit

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
    #46
    lol... i know that was stupid stop reminding me i've already passed that stage by far... but i'm still learning dude, im getting there i will prove myself in my community script release
    Mobile chat, iphone chat, android chat, chat, rooms http://www.aiochat.com

    Comment

      #47
      okay dats d spirit man. And make sure u learn method chaining. Myt b useful.

      Comment

        #48
        thanks... method chaining's easy dude :P and useful yes
        Mobile chat, iphone chat, android chat, chat, rooms http://www.aiochat.com

        Comment

          #49
          good to hear ur nw making advice not insult :D

          Comment

            #50
            Oh fu.ck off haha im still insultive :-P

            Comment

              #51
              If all idiots that get hacked they didn't upgrade the holes .

              1/ Don't host a uploader unless it pasted hackers test.. < simple basic file share >

              2/ Search for my name for topic made by me then search anti injection then add this code to your site.

              3/ Don't mod the uploader unless you know what you ARE DOING!!

              4/ Don't forget to add exit(); at end of the page of </body></html> exit();

              5/ All this mite safe your hairy ASS

              So lose your heads and find it again

              common sense
              Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
              Visit: WapMasterz Coming Back Soon!
              _______
              SCRIPTS FOR SALE BY SUBZERO
              Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
              FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
              _______
              Info & Tips
              php.net
              w3schools.com

              Comment

                #52
                kevk3v 15:18 31-05-10
                i learned what i know through editing wapmotor a filesystem script but when i was done i could of only store data on files lol... currently i can code OOP and a bit of mysql mostly with SELECT, CREATE, INSERT and UPDATE still learning mysql... other than that i'm a master at coding php with filesystem thanks to wapmotor...

                i think this can help you... convert "E" or "e" To its ASCII INSERT = INS'ASCII'RT
                Last edited by sm4rtgl0b3; 24.01.11, 13:43.

                Comment

                  #53
                  look at your codes tooo

                  Originally posted by thanatos
                  yah ive notice dat ppl share script wid posible holes. dnt knw if der intention is 2 share or jst 2 play on sumbody. Re: d exit() missing in d modcp and admincp, it is tackled along tym ago by subzero, d only problem wid newbies is dey r so lazy to search. And for sure ders no progress aheads 4 lazy pipol.
                  like those who shared this before hahaha many use this to upload hack scripts and do something at the back end hahahaha

                  Code:
                  <?php
include("pwap_secure.php");
include("pwap_modu.php");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
//header('Content-type: application/vnd.wap.xhtml+xml'); 
echo "<?xml version=\"1.0\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
$bcon = connectdb();
if (!$bcon)
{
    echo "<head>";
    echo "<title>$server</title>";
    echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
    echo "</head>";
    echo "<body>";
    echo "<p align=\"center\">";
    echo "<img src=\"../images/notok.gif\" alt=\"!\"/><br/>";
    echo "<b><strong>Error! Cannot Connect To Database...</strong></b><br/><br/>";
    echo "This error happens usually when backing up the database, please be patient...";
    echo "</p>";
    echo "</body>";
    echo "</html>";
    exit();
}
$brws = explode("/",$HTTP_USER_AGENT);
$ubr = $brws[0];
$uip = getip();
$action = $_GET["action"];
$sid = $_GET["sid"];
$page = $_GET["page"];
$who = $_GET["who"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM pwap_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM pwap_users WHERE id='".$uid."'"));
cleardata();

if(($action != "") && ($action!="terms"))
{
    $uid = getuid_sid($sid);
    if((islogged($sid)==false)||($uid==0))
    {
      echo "<head>";
      echo "<title>$server Error</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "You are not logged in<br/>";
      echo "Or Your session has been expired<br/><br/>";
      echo "<a href=\"index.php\">Login</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
    }
}
 echo "<head>";
    echo "<title>Uploading smilies</title>";
    echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
    echo "</head>";
    echo "<body>";
$upload_directory = 'smilies/';
$reserved = array('.', '..');
$errors = array();
 
//
// Upload
//
if (isset($_POST['upload']))
{
  $upload_directory .= (!ereg('/$', $upload_directory)) ? '/' : '';
  $filename = $_FILES['upload_file']['name'];
  $target_file = $upload_directory . $filename;
 
  if (!isset($_POST['upload_overwrite']))
  {
    if (!in_array($filename, $reserved))
    {
      if (!file_exists($target_file))
      {
        if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
        {
          $errors[] = sprintf('Please try uploading %s again.', $filename);
        }
      }
      else
      {
        $errors[] = sprintf('%s already exists!', $filename);
      }
    }
    else
    {
      $errors[] = 'That filename is reserved.';
    }
  }
  else
  {
    if (!in_array($filename, $reserved))
    {
      if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
      {
        $errors[] = 'Please try again.';
      }
    }
    else
    {
      $errors[] = 'That filename is reserved.';
    }
  }
 
  if (empty($errors))
  {
    echo 'File Uploaded Successfully!<br />';
	mysql_query("INSERT INTO pwap_smilies SET scode='$filename', imgsrc='../smilies/$filename', hidden='0'");
	
  }
  else
  {
    foreach ($errors as $error)
    {
      echo "<b>$error</b><br />\n";
    }
  }
}
?>
<br /><form enctype="multipart/form-data" method="post">
<input type="file" name="upload_file" size="20">
<input type="submit" name="upload" value="Upload">
<br /><span style="font-size:12px">Overwrite? <input type="checkbox" name="upload_overwrite"></span>
</form>
<?
  echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
  echo "</p>";
  echo "</body>";
?>
</html>

                  also protect your site by not hosting file uploaders

                  code your site securely like min0taur

                  Here is how the owner of pinoywap min0taur codes

                  sample of his codes

                  Code:
                  <?php


###################################################################################################
###################################################################################################
###################################################################################################
class Database {


var $server   = ""; //database server
var $user     = ""; //database login name
var $pass     = ""; //database login password
var $database = ""; //database name
var $pre      = ""; //table prefix


#######################
//internal info
var $record = array();

var $error = "";
var $errno = 0;

//table name affected by SQL query
var $field_table= "";

//number of rows affected by SQL query
var $affected_rows = 0;

var $link_id = 0;
var $query_id = 0;


#-#############################################
# desc: constructor
function Database($server, $user, $pass, $database, $pre=''){
	$this->server=$server;
	$this->user=$user;
	$this->pass=$pass;
	$this->database=$database;
	$this->pre=$pre;
}#-#constructor()


#-#############################################
# desc: connect and select database using vars above
# Param: $new_link can force connect() to open a new link, even if mysql_connect() was called before with the same parameters
function connect($new_link=false) {
	$this->link_id=@mysql_connect($this->server,$this->user,$this->pass,$new_link);

	if (!$this->link_id) {//open failed
		echo 'Error Connecting to Database.';
		}

	if(!@mysql_select_db($this->database, $this->link_id)) {//no database
		echo 'Error Selecting Database.';
		}

	// unset the data so it can't be dumped
	$this->server='';
	$this->user='';
	$this->pass='';
	$this->database='';
}#-#connect()


#-#############################################
# desc: close the connection
function close() {
	if(!mysql_close($this->link_id)){
		echo 'Error Closing Database.';
	}
}#-#close()


#-#############################################
# Desc: escapes characters to be mysql ready
# Param: string
# returns: string
function escape($string) {
	if(get_magic_quotes_gpc()) $string = stripslashes($string);
	return mysql_real_escape_string($string);
}#-#escape()


#-#############################################
# Desc: executes SQL query to an open connection
# Param: (MySQL query) to execute
# returns: (query_id) for fetching results etc
function query($sql) {
	// do query
	$this->query_id = @mysql_query($sql, $this->link_id);

	if (!$this->query_id) {
		echo 'SQL Query Error.';
	}
	
	$this->affected_rows = @mysql_affected_rows();

	return $this->query_id;
}#-#query()


#-#############################################
# desc: fetches and returns results one line at a time
# param: query_id for mysql run. if none specified, last used
# return: (array) fetched record(s)
function fetch_array($query_id=-1) {
	// retrieve row
	if ($query_id!=-1) {
		$this->query_id=$query_id;
	}

	if (isset($this->query_id)) {
		$this->record = @mysql_fetch_assoc($this->query_id);
	}else{
		echo 'SQL Fetch Array Error!';
	}

	// unescape records
	if($this->record){
		$this->record=array_map("stripslashes", $this->record);
		//foreach($this->record as $key=>$val) {
		//	$this->record[$key]=stripslashes($val);
		//}
	}
	return $this->record;
}#-#fetch_array()


#-#############################################
# desc: returns all the results (not one row)
# param: (MySQL query) the query to run on server
# returns: assoc array of ALL fetched results
function fetch_all_array($sql) {
	$query_id = $this->query($sql);
	$out = array();

	while ($row = $this->fetch_array($query_id, $sql)){
		$out[] = $row;
	}

	$this->free_result($query_id);
	return $out;
}#-#fetch_all_array()


#-#############################################
# desc: frees the resultset
# param: query_id for mysql run. if none specified, last used
function free_result($query_id=-1) {
	if ($query_id!=-1) {
		$this->query_id=$query_id;
	}
	if(!@mysql_free_result($this->query_id)) {
		echo 'SQL Free Result Error!';
	}
}#-#free_result()


#-#############################################
# desc: does a query, fetches the first row only, frees resultset
# param: (MySQL query) the query to run on server
# returns: array of fetched results
function query_first($query_string) {
	$query_id = $this->query($query_string);
	$out = $this->fetch_array($query_id);
	$this->free_result($query_id);
	return $out;
}#-#query_first()


#-#############################################
# desc: does an update query with an array
# param: table (no prefix), assoc array with data (doesn't need escaped), where condition
# returns: (query_id) for fetching results etc
function query_update($table, $data, $where='1') {
	$q="UPDATE `".$this->pre.$table."` SET ";

	foreach($data as $key=>$val) {
		if(strtolower($val)=='null') $q.= "`$key` = NULL, ";
		elseif(strtolower($val)=='now()') $q.= "`$key` = NOW(), ";
		else $q.= "`$key`='".$this->escape($val)."', ";
	}

	$q = rtrim($q, ', ') . ' WHERE '.$where.';';

	return $this->query($q);
}#-#query_update()


#-#############################################
# desc: does an insert query with an array
# param: table (no prefix), assoc array with data
# returns: id of inserted record, false if error
function query_insert($table, $data) {
	$q="INSERT INTO `".$this->pre.$table."` ";
	$v=''; $n='';

	foreach($data as $key=>$val) {
		$n.="`$key`, ";
		if(strtolower($val)=='null') $v.="NULL, ";
		elseif(strtolower($val)=='now()') $v.="NOW(), ";
		else $v.= "'".$this->escape($val)."', ";
	}

	$q .= "(". rtrim($n, ', ') .") VALUES (". rtrim($v, ', ') .");";

	if($this->query($q)){
		//$this->free_result();
		return mysql_insert_id();
	}
	else return false;

}#-#query_insert()


}//CLASS Database
###################################################################################################

?>
                  Services

                  Are you looking to take your wap or wapsite to a higher level? Do you want to stand out and rise above your competitors?

                  Below is a list of services I offer:

                  Wap Design and Customized Coding -The first way to stand out in a crowd is to have a brilliant and unique design for your wap or wapsite.

                  Rates

                  General consulting – My current hourly rate is $100 / hour.
                  Custom Wapsite Community - My current rate is $500 / Wap Community Development.

                  Comment

                  Previous 1 2 3 4 template Next
                  Working...
                  X