no more shell hacking via lava uploader!!!!!!!!!!

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #16
    you obviously dont know how to set up a public uploading folder then
    http://mobilezonez.net/share/php.png

    http://mobilezonez.net/share/php.jpg

    http://mobilezonez.net/share/php.gif


    try make those execute then mr smart ass then call me a lier
    and to stop the php files uploading in this code
    PHP Code:
    if (!eregi("\.(php.jpg|php.jad|php.jar|php.gif)$",$superdat_name)){ 
    remove those extensions
    PHP Code:
    if  (!eregi("\.()$",$superdat_name)){ 
    like i said before i made this script to serve a purpose make a php unexecuteable and it works for me if it dont work for u go code yr own crap
    in future i wont be sharing anymore updates here suck my hairy nut sack
    i am trying to show ppl how to make there uploader more secure but hey u think yous can do better go ahead.

    Added after 4 minutes:

    oh and if u have a htaccess in ya share folder with the following
    PHP Code:
    <Files .htaccessl>
    Order Deny,Allow
    Deny from all
    </Files>
    RemoveType .pl .cgi .php .gif .php .jpg .php .png.php .php3 .php4 .php5 .xml .phtml .phtm .html .htm .wml .shtm .shtml
    RemoveHandler     .pl .cgi .php .gif .php .jpg .php .png .php .php3 .php4 .php5 .xml .phtml .phtm .html .htm .wml .shtm .shtml 
    none of those extensions will execute
    point proven........
    Last edited by ozziemale31; 13.08.10, 13:43.









    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

    Comment

      #17
      how about
      shellscript.php.rar
      shellscript.phtml.jpg

      there is so many more extensions that php will execute and so many ways to get around php coding using hex codes
      you safest bet is to use .htaccess eg:
      PHP Code:
      RemoveHandler application/x-httpd-php .php
      <FilesMatch ".(php|php5|php4|php3|phtml|phpt)$">
      SetHandler x-httpd-php5-source
      </FilesMatch>
      <      FilesMatch ".phps$">
      SetHandler x-httpd-php5-source
      </FilesMatch
      this was posted before i seen your additional post (added after 4 mins)
      Last edited by something else; 13.08.10, 13:45.

      Comment

        #18
        just add possible files to the htaccess but if any noob thinks they can make a php.gif file execute on my server have gota be friggen kiddn i been coding now for 5-6 years back since the only avail scrips were the cgi scripts









        Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
        Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

        Comment

          #19
          today php4m hacked so help .............

          how colse hacking ways

          Comment

            #20
            i knw many ways of blocking hacking attempts will help for free









            Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
            Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

            Comment

              #21
              Other..,

              Just use func auto rename.. Or one extension allow only.. And make sure link to download file secure.. So.. The public folder can't be define.. Simple ways..

              Put on uploader..
              $ext = getext($file_name);
              $name = explode(".",$file_name);
              $name_a = "".$name[0]."_ejatd29_com.".$ext."";

              so, something like this will happen.. Upload haha.php.shtml.html.jpg -> haha.jpg

              just take last extension as main extension.. So, no more double or more extension in one name.. Hehe..
              sigpic
              Visit my WEBSITE Project: http://www.aspirewap.net

              Comment

                #22
                The actual renaming of your site name inbetween extension is a really good idea as it also stops url encoding

                eg would stop: shell%2Fphp.gif

                Comment

                  #23
                  i personally wouldnt bother having an uploader cos php shell scripts can be binded inside an image easy and cos the header of the image will still have php tags the server will still execute the script i dont even bother with upload script at all

                  Comment

                    #24
                    2 days before some one called s4udi (ahmed) try to hack one of my client's site.)
                    He easily broke my shild to upload shell But He Can't Execute it.
                    Coz I have the perfect .htaccess file on uploaded folder.:D

                    I think Whatever we use to protect our uploader from uploading shell, it could be broken. we should use .htaccess to prevent it
                    I have used the imageresize option on that uploader. But He somehow escape from it.

                    Comment

                      #25
                      it cant s0lve it.. Ive try with 0ther skill.. Hehe..still can run.. Anyway, d0nt h0st upl0ader if y0ur h0st n0t secure..

                      it still can execute if s0me0ne kn0w t0 escape..
                      our lfe is simple words....
                      http://mygenkz.net
                      ewanz06@yahoo.com
                      PHP Code:
                      $output="i am NOoob....";
                      $newfile="ewanz.txt";
                      $file fopen ($newfile"w");
                      fwrite($file$output);
                      fclose ($file); 

                      Comment

                        #26
                        Ozzie is right..Try what he had taught us..I also have proven it when i tried it before..I tried uploading with those extensions and returned to an error document page..The thing in it is to remove the handler of those extensions so that it will not be executed and will just return error..The one i did before is ofcourse check extensions when uploading..If still the hacker has passed into it through extensions like .php.jpg then that is the time that removing type or handler of that extension in htaccess should work..I don't know if the hacker can still pass into it..
                        Last edited by kiLLeR-eyEd_14; 09.09.10, 23:47.
                        My Blog: http://jhommark.blogspot.com
                        My Facebook: http://www.facebook.com/jhommark
                        My Official Site: http://www.undergroundweb.tk
                        My Community Site: http://undergroundwap.xtreemhost.com

                        Comment

                          #27
                          anysite on the internett can be hacked if u know how and have the means time and patience. nobody is safe from a pro hacker. the best way not to be hacked is not to have a site at all. then u wont have to worry.but the methods i have shown will stop the majority of script kiddies like huward. and most noob wanabe hackers









                          Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                          Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                          Comment

                            #28
                            Use these On your .htaccess file that on upload folder and your site will remain safe from uploading malware like shell if a hacker passed from back end code.
                            PHP Code:
                            <FilesMatch "\.(cgi|py|pl|php|txt|log|sql|bs|asp|ror|swf)">
                            Deny from all
                            </FilesMatch>
                            RemoveType .pl .cgi .php .php3 .php4 .php5 .xml .phtml .html .htm .wml .shtm .shtml .txt
                            RemoveHandler                             .pl .cgi .php .php3 .php4 .php5 .xml .phtml .html .htm .wml .shtm .shtml .txt 

                            Comment

                              #29
                              thats already on the uploader script study it lol. php gets renamed to imawanabehacker it can be replaced with anything u want so the functions already coded in it

                              Originally posted by khan89 View Post
                              Use these On your .htaccess file that on upload folder and your site will remain safe from uploading malware like shell if a hacker passed from back end code.
                              PHP Code:
                              <FilesMatch "\.(cgi|py|pl|php|txt|log|sql|bs|asp|ror|swf)">
                              Deny from all
                              </FilesMatch>
                              RemoveType .pl .cgi .php .php3 .php4 .php5 .xml .phtml .html .htm .wml .shtm .shtml .txt
                              RemoveHandler                               .pl .cgi .php .php3 .php4 .php5 .xml .phtml .html .htm .wml .shtm .shtml .txt 
                              dude look at the damn script b4 posting stuf thats already in it theres a htaccess file with stuff included









                              Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                              Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                              Comment

                                #30
                                I just found this uploader: Upload Files talk about someone trying to hack it badly they even tried the old %00 trick

                                Comment

                                Previous 1 2 3 template Next
                                Working...
                                X