smiley uploader

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    smiley uploader

    Hi,
    I request here to please provide a smiley uploader, something which will check if the uploaded file is an actual gif or not, will block upload of any other file type, will disallow null character hacking, will not make any changes to any property of the file including the original file name. The uploader I had was exploited by a hacker to upload c99 shell , some 5 months ago, i have searched alot but havent found the easy to use smiley uploader, if anybody as then plz do provide thanks in advance.
    tinyurl.com/earnbymobile
    Easy earning for Indians
    ---------------------
    Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
    goo.gl/6vub3

    #2
    She`s a bad lass that hacker aint she lol ..... she often winds me up aswell lol

    Comment


      #3
      err it was a guy who hacked me, araa to be specific. if you think of him as a shemale or something then no problems . I was just learning to code and it was 5 months back I had kept his dedicated server down for 2 days recently, may f*ck him up again if i am in a mood to. Nobody else has been able to hack me


      Anybody ? Anyhelp ? plz
      Last edited by morse; 14.09.09, 20:14.
      tinyurl.com/earnbymobile
      Easy earning for Indians
      ---------------------
      Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
      goo.gl/6vub3

      Comment


        #4
        .htaccess

        Code:
        <files file-name>
        order deny,allow
        deny from all
        allow from loacalhost
        </files>
        php
        Code:
        $file_image=str_replace('php', '_WARN_NOOBHEAD_', $file_image);
        Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
        Visit: WapMasterz Coming Back Soon!
        _______
        SCRIPTS FOR SALE BY SUBZERO
        Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
        FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
        _______
        Info & Tips
        php.net
        w3schools.com

        Comment


          #5
          post your fileupload code for that smilie upload !!
          have you download that xchanger.mobi clone ?
          if yes then look into that zip file there is code.txt read it.
          sigpic

          Comment


            #6
            Yes i have downloaded , i will look into it
            my existing code is
            Code:
            <?php
            header("Cache-Control: no-cache, must-revalidate");
            header("Pragma: no-cache");
            //header('Content-type: application/vnd.wap.xhtml+xml'); 
            echo "<?xml version=\"1.0\"?>";
            echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
            ?>
            <html xmlns="http://www.w3.org/1999/xhtml">
            <head>
            <meta forua="true" http-equiv="Cache-Control" content="max-age=0"/>
            <meta forua="true" http-equiv="Cache-Control" content="must-revalidate"/>
            </head>
            <?php
            include("../web/config.php");
            include("../web/core.php");
            connectdb();
            $action = $_GET["action"];
            $sid = $_GET["sid"];
            $uid = getuid_sid($sid);
            $theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
            $sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
            $sitename = $sitename[0];
            
            if(!isowner(getuid_sid($sid)))
              {
                  echo "<head>";
                  echo "<title>Error!!!</title>";
                  echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
                  echo "</head>";
                  echo "<body>";
                  echo "<p align=\"center\">";
                  echo "<b>Permission Denied!</b><br/>";
                  echo "<br/>Only owner can use this page...<br/>";
                  echo "<a href=\"http://mysite.mobi/web/index.php?action=main&amp;sid=$sid\">Home</a>";
                  echo "</p>";
                  echo "</body>";
                  echo "</html>";
                  exit();
                 }
            if(islogged($sid)==false)
                {
                  echo "<head>";
                  echo "<title>Error!!!</title>";
                  echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white.css\">";
                  echo "</head>";
                  echo "<body>";
                  echo "<p align=\"center\">";
                  echo "You are not logged in<br/>";
                  echo "Or Your session has been expired<br/><br/>";
                  echo "<a href=\"http://mysite.mobi/web/index.php\">Login</a>";
                  echo "</p>";
                  echo "</body>";
                  echo "</html>";
                  exit();
                }
            
            addonline(getuid_sid($sid),"Add Smilies","");
            $brws = explode("/",$HTTP_USER_AGENT);
            $ubr = $brws[0];
            $uip = getip();
            $action = $_GET["action"];
            $sid = $_GET["sid"];
            $page = $_GET["page"];
            $who = $_GET["who"];
            $sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
            $sitename = $sitename[0];
            $uid = getuid_sid($sid);
            $theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
            cleardata();
            
            if(($action != "") && ($action!="terms"))
            {
                $uid = getuid_sid($sid);
                if((islogged($sid)==false)||($uid==0))
                {
                  echo "<head>";
                  echo "<title>Error</title>";
                  echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
                  echo "</head>";
                  echo "<body>";
                  echo "<p align=\"center\">";
                  echo "You are not logged in<br/>";
                  echo "Or Your session has been expired<br/><br/>";
                  echo "<a href=\"http://mysite.mobi/web/index.php\">Login</a>";
                  echo "</p>";
                  echo "</body>";
                  echo "</html>";
                  exit();
                }
            }
             echo "<head>";
                echo "<title>Uploading smilies</title>";
                echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
                echo "</head>";
                echo "<body>";
            $upload_directory = './';
            $reserved = array('.', '..');
            $errors = array();
             
            //
            // Upload
            //
            if (isset($_POST['upload']))
            {
              $upload_directory .= (!ereg('/$', $upload_directory)) ? '/' : '';
              $filename = $_FILES['upload_file']['name'];
              $target_file = $upload_directory . $filename;
             
              if (!isset($_POST['upload_overwrite']))
              {
                if (!in_array($filename, $reserved))
                {
                  if (!file_exists($target_file))
                  {
                    if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
                    {
                      $errors[] = sprintf('Please try uploading %s again.', $filename);
                    }
                  }
                  else
                  {
                    $errors[] = sprintf('%s already exists!', $filename);
                  }
                }
                else
                {
                  $errors[] = 'That filename is reserved.';
                }
              }
              else
              {
                if (!in_array($filename, $reserved))
                {
                  if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
                  {
                    $errors[] = 'Please try again.';
                  }
                }
                else
                {
                  $errors[] = 'That filename is reserved.';
                }
              }
             
              if (empty($errors))
              {
                echo 'File Uploaded Successfully!<br />';
                $clean = rtrim($filename, "\.gif");
                mysql_query("INSERT INTO ibwf_smilies SET scode='($clean)', imgsrc='../smilies/$filename', hidden='0'");
                
              }
              else
              {
                foreach ($errors as $error)
                {
                  echo "<b>$error</b><br />\n";
                }
              }
            }
            ?>
            <br /><form enctype="multipart/form-data" method="post">
            <input type="file" name="upload_file" size="20">
            <input type="submit" name="upload" value="Upload">
            <br /><span style="font-size:12px">Overwrite? <input type="checkbox" name="upload_overwrite"></span>
            </form>
            <?
              echo "<a href=\"http://mysite.mobi/web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
              echo "</p>";
              echo "</body>";
            ?>
            </html>
            Its unsecured btw
            i will try what subz has given, will see if it works fine
            ---------------------------------
            What subz gave is working perfectly, i will try to upload using all malicious ways and see if it works great
            Last edited by morse; 15.09.09, 07:00.
            tinyurl.com/earnbymobile
            Easy earning for Indians
            ---------------------
            Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
            goo.gl/6vub3

            Comment


              #7
              Code:
              $limitedext = array(".jpeg",".jpg",".JPEG",".JPG",".gif",".GIF",".png",".PNG");
              $ext = strrchr($_FILES['upload_file'][name],'.');
              if (!in_array($ext,$limitedext))
              {
              echo("<img src=\"../images/notok.gif\" alt=\"(error)\"/>Invalid file type!<br/>");
              echo "<br/>";
              }
              sigpic

              Comment


                #8
                Do you think that going to stop cshell script ??

                Hmmmm no bro it will not that will make them harder to upload a file .php

                think of this gta.php.jar when exec it will be a cshell script lol

                its better off not sharing a uploader !!

                if ya use that
                Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                Visit: WapMasterz Coming Back Soon!
                _______
                SCRIPTS FOR SALE BY SUBZERO
                Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                _______
                Info & Tips
                php.net
                w3schools.com

                Comment


                  #9
                  Originally posted by subzero View Post
                  Do you think that going to stop cshell script ??

                  Hmmmm no bro it will not that will make them harder to upload a file .php

                  think of this gta.php.jar when exec it will be a cshell script lol

                  its better off not sharing a uploader !!

                  if ya use that
                  if proper mime type is there for .jar in .htaccess will it still execute as .php?
                  she is beautifull than php.and i love her more than php.
                  sigpic

                  Comment


                    #10
                    you can still use jpg or gif or bmp names

                    like

                    sexy_.php.jpg
                    sexy_.php.gif
                    sexy_.php.bmp

                    if you rename the file is way much better like

                    892yjdsf.gif
                    qhweur.jpg
                    qawyhf123.bmp

                    what one you will pick ??
                    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                    Visit: WapMasterz Coming Back Soon!
                    _______
                    SCRIPTS FOR SALE BY SUBZERO
                    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                    _______
                    Info & Tips
                    php.net
                    w3schools.com

                    Comment


                      #11
                      Gonna add goodness of both codes
                      tinyurl.com/earnbymobile
                      Easy earning for Indians
                      ---------------------
                      Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
                      goo.gl/6vub3

                      Comment


                        #12
                        Originally posted by subzero View Post
                        you can still use jpg or gif or bmp names

                        like

                        sexy_.php.jpg
                        sexy_.php.gif
                        sexy_.php.bmp

                        if you rename the file is way much better like

                        892yjdsf.gif
                        qhweur.jpg
                        qawyhf123.bmp

                        what one you will pick ??
                        yes this idea is gud:-)
                        she is beautifull than php.and i love her more than php.
                        sigpic

                        Comment


                          #13
                          in my chat when she goes into uploading some users can not access because it says
                          Permission Denied!
                          Only owner can use this page...
                          PHP Code:
                          <?php
                          include("../web/config.php");
                          include(
                          "../web/core.php");
                          connectdb();$action $_GET["action"];
                          $sid $_GET["sid"];
                          $uid getuid_sid($sid);
                          $theme mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
                          $sitename mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
                          $sitename $sitename[0];if(!isowner(getuid_sid($sid)))
                            {
                                echo 
                          "<head>";
                                echo 
                          "<title>Error!!!</title>";
                                echo 
                          "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
                                echo 
                          "</head>";
                                echo 
                          "<body>";
                                echo 
                          "<p align=\"center\">";
                                echo 
                          "<b>Permission Denied!</b><br/>";
                                echo 
                          "<br/>Only owner can use this page...<br/>";
                                echo 
                          "<a href=\"../web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
                                echo 
                          "</p>";
                                echo 
                          "</body>";
                                echo 
                          "</html>";
                                exit();
                               }
                          if(
                          islogged($sid)==false)
                              {
                                echo 
                          "<head>";
                                echo 
                          "<title>Error!!!</title>";
                                echo 
                          "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white.css\">";
                                echo 
                          "</head>";
                                echo 
                          "<body>";
                                echo 
                          "<p align=\"center\">";
                                echo 
                          "You are not logged in<br/>";
                                echo 
                          "Or Your session has been expired<br/><br/>";
                                echo 
                          "<a href=\"../web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
                                echo 
                          "</p>";
                                echo 
                          "</body>";
                                echo 
                          "</html>";
                                exit();
                               }
                          addonline(getuid_sid($sid),"Add Smilies","");
                          $brws explode("/",$HTTP_USER_AGENT);
                          $ubr $brws[0];
                          $uip getip();
                          $action $_GET["action"];
                          $sid $_GET["sid"];
                          $page $_GET["page"];
                          $who $_GET["who"];
                          $sitename mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
                          $sitename $sitename[0];
                          $uid getuid_sid($sid);
                          $theme mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
                          cleardata();
                          if((
                          $action != "") && ($action!="terms"))
                          {
                              
                          $uid getuid_sid($sid);
                              if((
                          islogged($sid)==false)||($uid==0))
                              {      echo 
                          "<head>";
                                echo 
                          "<title>Error</title>";
                                echo 
                          "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
                                echo 
                          "</head>";
                                echo 
                          "<body>";
                                echo 
                          "<p align=\"center\">";
                                echo 
                          "Non sei loggato<br/>";
                                echo 
                          "O la tua sessione รจ scaduta<br/><br/>";
                                echo 
                          "<a href=\"http://universal3000.altervista.org/web/index.php\">Login</a>";
                                echo 
                          "</p>";
                                echo 
                          "</body>";
                                echo 
                          "</html>";
                                exit();
                              }}
                           echo 
                          "<head>";
                              echo 
                          "<title>$sitename Upload Files</title>";
                          echo 
                          "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
                          echo 
                          "</head>";
                          echo 
                          "<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" vlink=\"#800080\">";
                          if (
                          $upload="upload"&&$superdat_name){if (!eregi("\.(mid|gif|bmp|mid|midi|3gp|mp3|wav|jar|jad|jpeg|jpg|sis|mmf|amr|png|wbmp)$",$superdat_name)){
                          how to solve the problem?

                          Comment

                          Working...
                          X