smiley uploader

**something else** · 14.09.09, 19:50

She`s a bad lass that hacker aint she lol ..... she often winds me up aswell lol

**morse** · 14.09.09, 20:12

err it was a guy who hacked me, araa to be specific. if you think of him as a shemale or something then no problems

. I was just learning to code and it was 5 months back I had kept his dedicated server down for 2 days recently, may f*ck him up again if i am in a mood to. Nobody else has been able to hack me

Anybody ? Anyhelp ? plz

**subzero** · 14.09.09, 21:29

.htaccess

Code:

<files file-name>
order deny,allow
deny from all
allow from loacalhost
</files>

php

Code:

$file_image=str_replace('php', '_WARN_NOOBHEAD_', $file_image);

**opticalpigion** · 14.09.09, 21:47

post your fileupload code for that smilie upload !!
have you download that xchanger.mobi clone ?
if yes then look into that zip file there is code.txt read it.

**morse** · 15.09.09, 06:49

Yes i have downloaded , i will look into it

my existing code is

Code:

<?php
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
//header('Content-type: application/vnd.wap.xhtml+xml'); 
echo "<?xml version=\"1.0\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta forua="true" http-equiv="Cache-Control" content="max-age=0"/>
<meta forua="true" http-equiv="Cache-Control" content="must-revalidate"/>
</head>
<?php
include("../web/config.php");
include("../web/core.php");
connectdb();
$action = $_GET["action"];
$sid = $_GET["sid"];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];

if(!isowner(getuid_sid($sid)))
  {
      echo "<head>";
      echo "<title>Error!!!</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "<b>Permission Denied!</b><br/>";
      echo "<br/>Only owner can use this page...<br/>";
      echo "<a href=\"http://mysite.mobi/web/index.php?action=main&amp;sid=$sid\">Home</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
     }
if(islogged($sid)==false)
    {
      echo "<head>";
      echo "<title>Error!!!</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white.css\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "You are not logged in<br/>";
      echo "Or Your session has been expired<br/><br/>";
      echo "<a href=\"http://mysite.mobi/web/index.php\">Login</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
    }

addonline(getuid_sid($sid),"Add Smilies","");
$brws = explode("/",$HTTP_USER_AGENT);
$ubr = $brws[0];
$uip = getip();
$action = $_GET["action"];
$sid = $_GET["sid"];
$page = $_GET["page"];
$who = $_GET["who"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
cleardata();

if(($action != "") && ($action!="terms"))
{
    $uid = getuid_sid($sid);
    if((islogged($sid)==false)||($uid==0))
    {
      echo "<head>";
      echo "<title>Error</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "You are not logged in<br/>";
      echo "Or Your session has been expired<br/><br/>";
      echo "<a href=\"http://mysite.mobi/web/index.php\">Login</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
    }
}
 echo "<head>";
    echo "<title>Uploading smilies</title>";
    echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
    echo "</head>";
    echo "<body>";
$upload_directory = './';
$reserved = array('.', '..');
$errors = array();
 
//
// Upload
//
if (isset($_POST['upload']))
{
  $upload_directory .= (!ereg('/$', $upload_directory)) ? '/' : '';
  $filename = $_FILES['upload_file']['name'];
  $target_file = $upload_directory . $filename;
 
  if (!isset($_POST['upload_overwrite']))
  {
    if (!in_array($filename, $reserved))
    {
      if (!file_exists($target_file))
      {
        if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
        {
          $errors[] = sprintf('Please try uploading %s again.', $filename);
        }
      }
      else
      {
        $errors[] = sprintf('%s already exists!', $filename);
      }
    }
    else
    {
      $errors[] = 'That filename is reserved.';
    }
  }
  else
  {
    if (!in_array($filename, $reserved))
    {
      if (!move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_file))
      {
        $errors[] = 'Please try again.';
      }
    }
    else
    {
      $errors[] = 'That filename is reserved.';
    }
  }
 
  if (empty($errors))
  {
    echo 'File Uploaded Successfully!<br />';
    $clean = rtrim($filename, "\.gif");
    mysql_query("INSERT INTO ibwf_smilies SET scode='($clean)', imgsrc='../smilies/$filename', hidden='0'");
    
  }
  else
  {
    foreach ($errors as $error)
    {
      echo "<b>$error</b><br />\n";
    }
  }
}
?>
<br /><form enctype="multipart/form-data" method="post">
<input type="file" name="upload_file" size="20">
<input type="submit" name="upload" value="Upload">
<br /><span style="font-size:12px">Overwrite? <input type="checkbox" name="upload_overwrite"></span>
</form>
<?
  echo "<a href=\"http://mysite.mobi/web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
  echo "</p>";
  echo "</body>";
?>
</html>

Its unsecured btw
i will try what subz has given, will see if it works fine

---------------------------------
What subz gave is working perfectly, i will try to upload using all malicious ways and see if it works great

**opticalpigion** · 15.09.09, 06:59

Code:

$limitedext = array(".jpeg",".jpg",".JPEG",".JPG",".gif",".GIF",".png",".PNG");
$ext = strrchr($_FILES['upload_file'][name],'.');
if (!in_array($ext,$limitedext))
{
echo("<img src=\"../images/notok.gif\" alt=\"(error)\"/>Invalid file type!<br/>");
echo "<br/>";
}

**subzero** · 15.09.09, 09:28

Do you think that going to stop cshell script ??

Hmmmm no bro it will not that will make them harder to upload a file .php

think of this gta.php.jar when exec it will be a cshell script lol

its better off not sharing a uploader !!

if ya use that

**ranzit2** · 15.09.09, 11:58

Originally posted by subzero View Post

Do you think that going to stop cshell script ??

Hmmmm no bro it will not that will make them harder to upload a file .php

think of this gta.php.jar when exec it will be a cshell script lol

its better off not sharing a uploader !!

if ya use that

if proper mime type is there for .jar in .htaccess will it still execute as .php?

**subzero** · 15.09.09, 13:10

you can still use jpg or gif or bmp names

like

sexy_.php.jpg
sexy_.php.gif
sexy_.php.bmp

if you rename the file is way much better like

892yjdsf.gif
qhweur.jpg
qawyhf123.bmp

what one you will pick ??

**morse** · 15.09.09, 18:50

Gonna add goodness of both codes

**ranzit2** · 16.09.09, 01:12

Originally posted by subzero View Post

you can still use jpg or gif or bmp names

like

sexy_.php.jpg
sexy_.php.gif
sexy_.php.bmp

if you rename the file is way much better like

892yjdsf.gif
qhweur.jpg
qawyhf123.bmp

what one you will pick ??

yes this idea is gud:-)

**Leviathan73** · 26.09.09, 09:36

in my chat when she goes into uploading some users can not access because it says
Permission Denied!
Only owner can use this page...

PHP Code:


<?php
include("../web/config.php");
include("../web/core.php");
connectdb();$action = $_GET["action"];
$sid = $_GET["sid"];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];if(!isowner(getuid_sid($sid)))
  {
      echo "<head>";
      echo "<title>Error!!!</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "<b>Permission Denied!</b><br/>";
      echo "<br/>Only owner can use this page...<br/>";
      echo "<a href=\"../web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
     }
if(islogged($sid)==false)
    {
      echo "<head>";
      echo "<title>Error!!!</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white.css\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "You are not logged in<br/>";
      echo "Or Your session has been expired<br/><br/>";
      echo "<a href=\"../web/index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
     }
addonline(getuid_sid($sid),"Add Smilies","");
$brws = explode("/",$HTTP_USER_AGENT);
$ubr = $brws[0];
$uip = getip();
$action = $_GET["action"];
$sid = $_GET["sid"];
$page = $_GET["page"];
$who = $_GET["who"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
cleardata();
if(($action != "") && ($action!="terms"))
{
    $uid = getuid_sid($sid);
    if((islogged($sid)==false)||($uid==0))
    {      echo "<head>";
      echo "<title>Error</title>";
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
      echo "</head>";
      echo "<body>";
      echo "<p align=\"center\">";
      echo "Non sei loggato<br/>";
      echo "O la tua sessione è scaduta<br/><br/>";
      echo "<a href=\"http://universal3000.altervista.org/web/index.php\">Login</a>";
      echo "</p>";
      echo "</body>";
      echo "</html>";
      exit();
    }}
 echo "<head>";
    echo "<title>$sitename Upload Files</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" vlink=\"#800080\">";
if ($upload="upload"&&$superdat_name){if (!eregi("\.(mid|gif|bmp|mid|midi|3gp|mp3|wav|jar|jad|jpeg|jpg|sis|mmf|amr|png|wbmp)$",$superdat_name)){

how to solve the problem?

smiley uploader

smiley uploader

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment