koders_bobers Posted July 22, 2003 Report Share Posted July 22, 2003 novilku intereses peec shito http://misc.hackers.lv/dload.php?fid=1 kodinju no m|sc lapas...nu papeetiiju, viss gjeniaalais ir vienkaarsh ;), bet atklaajaas viena probleema, manupraat, sakaraa ar apache configuraaciju (2.0.46) .... vopshe ir taa, ka vinjam tur bija menju linki - Sākums, Bullshit, Zummm (nu galiigi vienalga) un tagad bija taa, ka lapu atverot atveras Jaunumi, kas ir arii zem Saakums, tas viss it kaa buutu, bet kad uzspiezh uz tiem paareejiem menju linkiem nothing happens, tie Jaunumi, kas atveeraas lapu ielaadeejot, staav kaa staaveejushi, neveras valjaa paareejie incluudotie txt faili, kas ir zem taa bullshit utt. .... uzliku to visu padariishanu uz eclub.lv a tur viss rubiijaas - menju linki veras kaa vajag... it kaa jau man nekaada vajadziiba peec taa m|sc kodinja nav, jo visu taisu pats, bet taada interese, kas man nav apacim nokonfigots kaa vajag (vai tas vispaar ar to saistiits) ... meegjinaaju gan globals on, gan off - vienalga tas pats nu, lai var paskatiities kaads tas kods, ja slinkums vilkt nu teitan gabals no index, taa saucamaa menju: <code><font color="#000000"> <font class="text"> <center> ! <a href="/?id=Jaunumi">Sākums</a> ! <a href="/?id=Bullshit">Bullshit</a> ! <a href="/?id=Zummm">Zummm</a> ! <a href="/?id=Atsauksmes">Atsauksmes</a> ! </center> </font> </code> a te config fails kas incluudots indexaa: <code><font color="#000000"> <font color="#0000CC"><? $pg_author_email </font><font color="#006600">= </font><font color="#CC0000">"[email protected]"</font><font color="#006600">; switch (</font><font color="#0000CC">$id</font><font color="#006600">) { case </font><font color="#CC0000">"Atsauksmes"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Atsauksmes"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Atsauksmes.php"</font><font color="#006600">; break; case </font><font color="#CC0000">"send"</font><font color="#006600">: </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"send.php"</font><font color="#006600">; break; case </font><font color="#CC0000">"Jaunumi"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"JAUNUMI"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Jaunumi.txt"</font><font color="#006600">; break; case </font><font color="#CC0000">"Bumbieris"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Bullshit"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Bullshit.txt"</font><font color="#006600">; break; case </font><font color="#CC0000">"Zubars"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Zummm"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Zummm.txt"</font><font color="#006600">; break; Default: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"JAUNUMI"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Jaunumi.txt"</font><font color="#006600">; } if(</font><font color="#0000CC">$show </font><font color="#006600">== </font><font color="#CC0000">"Bullshit"</font><font color="#006600">) { switch (</font><font color="#0000CC">$id</font><font color="#006600">) { case </font><font color="#CC0000">"A1"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Bullshit 1"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Bullshit/1.txt"</font><font color="#006600">; break; case </font><font color="#CC0000">"A2"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Bullshit 2"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Bullshit/2.txt"</font><font color="#006600">; break; } } if(</font><font color="#0000CC">$show </font><font color="#006600">== </font><font color="#CC0000">"Zummm"</font><font color="#006600">) { switch (</font><font color="#0000CC">$id</font><font color="#006600">) { case </font><font color="#CC0000">"B1"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Zummm 1"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Zummm/1.txt"</font><font color="#006600">; break; case </font><font color="#CC0000">"B2"</font><font color="#006600">: </font><font color="#0000CC">$pg_title </font><font color="#006600">= </font><font color="#CC0000">"Zummm 2"</font><font color="#006600">; </font><font color="#0000CC">$pg_body </font><font color="#006600">= </font><font color="#CC0000">"Zummm/2.txt"</font><font color="#006600">; break; } } </font><font color="#0000CC">?> </font> </font> </code> Link to comment Share on other sites More sharing options...
bassz Posted July 23, 2003 Report Share Posted July 23, 2003 pameegjini shitaa paarveidot config.php failu:http://php.lv/paste/237 Link to comment Share on other sites More sharing options...
koders_bobers Posted July 24, 2003 Author Report Share Posted July 24, 2003 njaaa ar GET viss sanaak... es tik domaaju, kur to var noraadiit (Apachee vai?), lai njemtu pretim arii bez taa get... tnx :) Link to comment Share on other sites More sharing options...
cuuu Posted July 24, 2003 Report Share Posted July 24, 2003 lai ietu bez GET, php.ini jaabuut rindinjai register_globals =On nevis register_globals = Off Tomeer ljoti silti rekomendeeju lietot tos masiivus $_GET, $_POST, $_SESSION, $_COOKIE un taa taalaak. Kaapeec taa - google://"php security" atradiisi 100 un vienu rakstu, kur tas smalki iztirzaats, bet iisumaa tas nepiecieshams droshiibas noluukiem, lai no aarpuses buutu gruutaak tavam skriptam iesmeereet taadas mainiigo veertiibas, kuras tas nemaz nesagaida vai kuras izmanto pats, citiem meerkjiem. Bez tam, uz vairuma publisko serveru php ir konfigureets ar register_globals=Off, taatad taadi skripti, kaa piem. tavs m|sc skripts, uz tiem neies, bet lietojot shos masiivus - ies. Link to comment Share on other sites More sharing options...
tamster Posted July 26, 2003 Report Share Posted July 26, 2003 Njā... arī es kad šo iekš hackers.lv publicēju neiedomājos ka kādam register_globals var būt off. Kur tie laiki :) Bet nu re - m|sc strādāja, mora.serveris.lv vēljoprojām ir :) Un neviens mani nenolamāja par šito primitīvisma kalngalu :) Link to comment Share on other sites More sharing options...
Recommended Posts