r57 shell script

ewanz replied

14.01.10, 15:49
yeah... thanks bro..
Leave a comment:
makvanpor2000 replied

28.12.09, 19:44
Originally posted by amylee View Post

get the php.ini in a text editor, ctrl + f for safe_mode then change off to on, ctrl + s to save and restart apache and your ****ing sorted

simplez

have tried it,but its working, that way is nt it, pls help
Leave a comment:
xola replied

23.12.09, 04:33
Originally posted by makvanpor2000 View Post

I dont understand the use of thumb

google it okay, its the best place for you to ask such questions
Leave a comment:
makvanpor2000 replied

21.12.09, 07:30
I dont understand the use of thumb
Leave a comment:
amylee replied

21.12.09, 05:19
Originally posted by ewanz View Post

H0w t0 set it?

get the php.ini in a text editor, ctrl + f for safe_mode then change off to on, ctrl + s to save and restart apache and your ****ing sorted

simplez
Leave a comment:
ewanz replied

20.12.09, 18:57
Originally posted by amylee View Post

in php.ini

H0w t0 set it?
Leave a comment:
xcoderx replied

09.11.09, 16:35
one code from myside

add it to your upload.php or wheresoever

PHP Code:

$fishy = array (".php", ".php.jpg", ".php.jpeg", ".php.gif", ".php.png", ".phtml", ".php3", ".php4",".js",".js.php",".js.png",".php5", ".js.gif", ".js.jpeg",".vb",".vb.png",".vb.jpeg",".vb.gif", ".sis", ".sisx", ".nth", ".thm"); foreach ($fishy as $item) { if(preg_match("/$item\$/i", $_FILES['uploaded']['name'])) { echo "<p align=\"center\">"; echo "Oops seems like you are trying to upload something fishy, <br/> Sorry we do not allow such files.<br/>"; echo "<a href=\"gallery.php?action=main&sid=$sid\">Back to Gallery</a><br/>";

simple and easy way to block unwanted extensions from being uploaded. hope its useful to some of you.
Leave a comment:
amylee replied

09.11.09, 05:26
Originally posted by makvanpor2000 View Post

Where can i turn on my safe mode in my server

in php.ini
Leave a comment:
makvanpor2000 replied

08.11.09, 13:01
Where can i turn on my safe mode in my server
Leave a comment:
xola replied

08.11.09, 09:01
Okay thank you ranzit and killer,
Leave a comment:
kiLLeR-eyEd_14 replied

07.11.09, 02:09
Originally posted by xola View Post

okay and what is the best configuration to stop the excution of the phpshell that we may look out for in a webserver??

check on ur server if they disabled some functions to protect from c99 or r57 shell script attacks..Like shell_exec, passthru, etc..Mostly, web servers disable them..And what ranzit2 said..Turn on ur safe_mode..

Last edited by kiLLeR-eyEd_14; 07.11.09, 02:12.
Leave a comment:
ranzit2 replied

06.11.09, 09:16
Originally posted by xola View Post

okay and what is the best configuration to stop the excution of the phpshell that we may look out for in a webserver??

safe mode on can prevent rest i dnt knw.
Leave a comment:
xola replied

06.11.09, 05:11
Originally posted by amylee View Post

thats useless, i can execute a phpshell with a sisx, nth, thm extentions with a few modifications to firefox's mime types
as long as the extention is executable the shell can be run unless stopped by a properly configured webserver and not just solely relying on htaccess rules

okay and what is the best configuration to stop the excution of the phpshell that we may look out for in a webserver??
Leave a comment:
amylee replied

06.11.09, 01:54
thats useless, i can execute a phpshell with a sisx, nth, thm extentions with a few modifications to firefox's mime types
as long as the extention is executable the shell can be run unless stopped by a properly configured webserver and not just solely relying on htaccess rules
Leave a comment:
kiLLeR-eyEd_14 replied

05.11.09, 15:03
This is what ozi posted..Make an htaccess file in the upload directory and put this:

PHP Code:

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> <Files images> deny from all </Files> <Files *.php> deny from all </Files> <Files *.php.*> deny from all </Files> <Files *.php.php.*> deny from all </Files>

this file ignores any file uploaded with a .php in filename or extension..In my site, aside from that thing..i also made my uploader more secure to be m0re sure and so that hackers go crazy..

Last edited by kiLLeR-eyEd_14; 05.11.09, 15:07.
Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: