no more shell hacking via lava uploader!!!!!!!!!!

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #1

    no more shell hacking via lava uploader!!!!!!!!!!

    ok for those who r complaining that ther lava sites are being hacked via php shells i have a solution for u
    i have remodded the uploader made it so when sumwhen tries bein a script kiddie like MR HUWARD uploading a shell.
    the file gets renamed which renders it as a non executeable. ie shell.php becomes shell.imahackeridiotwhotriedtouploadaphpfile
    u can change the words if u like lol
    what ever.... the aim of the game to to make the php shells non executeables.
    plus ive included a htaccess code that blocks executables with in that folder its placed in
    when a shell is uploaded it will still be on yr server untill u deal with it
    i made this script so it sends all admins an auto inbox alerting them to do sumfn bout the php file that
    was uploaded.and it also gets reported to the mod log.far as i can see its the most safest uploader ive made for lava based sites
    things to do is add an auto bann function i can code it in a few mins but most of u noobs shud be capable of doing it yourselfs.
    please dnt forget to say thanks.

    oh and word of advice to stop session stealing remove the http hotlinking function in core.php
    Attached Files
    17
    nup
    11.76%
    2
    kinda
    29.41%
    5
    very good
    11.76%
    2
    excellent!!
    47.06%
    8









    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

    Tags: None
    #2
    Thanks bro but we try try try to tell them but they all dont listen
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment

      #3
      a noob can do it lol









      Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
      Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

      Comment

        #4
        thanks ozzie, great work
        Why cry for a soul set free?

        Comment

          #5
          i wl ht tnx later..when im on pc

          Comment

            #6
            simply add this in htaccess.. lol .. and users can host php files with out executing it..

            Code:
            php_flag engine off

            Comment

              #7
              Originally posted by huwad View Post
              simply add this in htaccess.. lol .. and users can host php files with out executing it..

              Code:
              php_flag engine off

              done fink ur it ul fukin get ripped apart u lil fukin kid. ur lookin for a smak u are!!!!
              Want something coded email me at sales@webnwaphost.com for a prices.




              Comment

                #8
                if im 1 of the staff here, i will ban this user above me.. LOL.. they keep saying to stop fighting, yet the staff is warfreak..

                Comment

                  #9
                  dont fink ur funny kido. cos my my my ul get what u deserve verys soon.
                  Want something coded email me at sales@webnwaphost.com for a prices.




                  Comment

                    #10
                    uploading a shell file! Is it harmful ?i upload it@ mysite.com/wap/sell.php.jpg then nothing happen! Cuz it is then jpg file not php

                    Comment

                      #11
                      php errors:
                      PHP Code:
                      $superdat_name preg_replace(
                                                         '/[^a-zA-Z0-9\.\$\%\'\`\-\@\{\}\~\!\#\(\)\&\_\^]/'
                                                         ,'',str_replace(array(' ','%20',"'","php"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","php4"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","php5"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","xhtml"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","html"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","wml"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name));
                                   ,                      '',str_replace(array(' ','%20',"'","asp"),array('_','_'"","imahackeridiotwhotriedtouploadaphpfile"),$superdat_name)); 

                      Comment

                        #12
                        Personally i think,

                        This uploader can't blok shell at all. Still available for hacking.. Htaccess the most power thing.. Try change 2 extension to 1 extension only.. Like the hacker upload shell name eg: shell.shtml.jpg use explode func and just take last extension, and rename it to shell.jpg.. Done. Then use .Htaccess in 777 folder such as Add handler.. Ok. Good luck.. My site had been hack a few time by 'WHO' and i very proud with him.. Lol..
                        sigpic
                        Visit my WEBSITE Project: http://www.aspirewap.net

                        Comment

                          #13
                          $image_code = strtolower(file_get_contents($_FILES["file"]["tmp_name"]));
                          $_anti_php = substr_count($image_code,"print") + substr_count($image_code,"echo") + substr_count($image_code,"bla bla bal");
                          if($_anti_php>0)die("kill urself");
                          <?php unlink('World/Europe/Romania.country'); ?>

                          Comment

                            #14
                            yes it can i added the php extension by puttin it in to allow it as an example. as it said it renames the php extension read the post properly

                            and if yr server is set up right a php script renamed as a jpg wud be served as a jpg not an executeable n if u look ther is a protection in the folder for blocking file types dum dum









                            Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                            Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                            Comment

                              #15
                              If you was to name your shell script:
                              shellscript.p%2%200hp.jpg

                              your script wouldnt stop it from being uploaded and executed
                              Last edited by something else; 13.08.10, 13:03.

                              Comment

                              Previous 1 2 3 template Next
                              Working...
                              X