archee Posted February 23, 2007 Author Report Share Posted February 23, 2007 kads nevareetu atsuutit man to double ext. hack skriptu, lai varetu patestet tagad UP serveri.. partaisijis visu esmu un gribas parbaudit! Link to comment Share on other sites More sharing options...
hackerman Posted February 23, 2007 Report Share Posted February 23, 2007 Ja uzliki, ka reneimo to failu, tad skriptu palaist nevarēs :) Link to comment Share on other sites More sharing options...
4e4en Posted February 25, 2007 Report Share Posted February 25, 2007 Es tas biju, kas tev stūķēja failus ar double extension :D :D :D Hackerman> ganjau kautko izdomāšu, lai to apietu :) :) Link to comment Share on other sites More sharing options...
Stopp Posted February 25, 2007 Report Share Posted February 25, 2007 Ja ir atļauts aploudēt tikai noteiktus failu tipus un kods uzģenerē jaunu nosaukumu, paturot paplašinājumu, tad neko apiet tur nav iespējams. Link to comment Share on other sites More sharing options...
4e4en Posted February 25, 2007 Report Share Posted February 25, 2007 bet tas nenozīmē, ka citu caurumu nav :D :D Link to comment Share on other sites More sharing options...
hackerman Posted February 25, 2007 Report Share Posted February 25, 2007 (edited) Skatoties, cik ilgi tu čakarējies ar to png dabūšanu, nedomāju, ka atradīsi, kādu caurumu un uzlauzīsi :) btw nah vispār tev jāčakarē viņa lapa? Edited February 25, 2007 by hackerman Link to comment Share on other sites More sharing options...
Hamlets Posted February 26, 2007 Report Share Posted February 26, 2007 RemoveHandler .php .php5 .php4 .php3 .phtml AddType text/plain .php .php5 .php4 .php3 .phtml Labāk šo ierakstīt .htaccess tajā mapē kur tiek likti faili. Link to comment Share on other sites More sharing options...
Stopp Posted February 26, 2007 Report Share Posted February 26, 2007 Kāda jēga atļaut aploudēt PHP failus? Atļaujam bildes, video/audio, doc/xls/txt/pdf un arhīvus - pietiek. Un nekāda lieka čakara. Link to comment Share on other sites More sharing options...
archee Posted February 26, 2007 Author Report Share Posted February 26, 2007 RemoveHandler .php .php5 .php4 .php3 .phtml AddType text/plain .php .php5 .php4 .php3 .phtml Labāk šo ierakstīt .htaccess tajā mapē kur tiek likti faili. vnk uztaisit jaunu failu, nosaukt to .htaccess un iemest tajaa taas rindinas? P.S. Stopp mosh zini, kas kā jāpamaina? Link to comment Share on other sites More sharing options...
Stopp Posted February 26, 2007 Report Share Posted February 26, 2007 Skaties un $_FILES["fails"]["type"]. Ar if pārbaudi, vai tips atbilst kādam no atļautajiem (izmanto in_array visdrīzāk), ja ir, tad aploudējam, ja nav, tad ne. Var jau vēl pārbaudīt paplašinājumus (tas pats ar in_array būs visērtāk), bet diez vai tā būtu pareizi darīt. Link to comment Share on other sites More sharing options...
andrisp Posted February 26, 2007 Report Share Posted February 26, 2007 Stopp, $_FILES["fails"]["type"] padod browseris, tā kā to var feikot. Link to comment Share on other sites More sharing options...
Stopp Posted February 26, 2007 Report Share Posted February 26, 2007 Uplodējot failu? Tādā ziņā itkā jau var arī tos paplašinājumus pārbaudīt - php fails ar zip paplašinājumu neizdarīs serverim neko sliktu. Link to comment Share on other sites More sharing options...
archee Posted February 27, 2007 Author Report Share Posted February 27, 2007 (edited) uztaiisju funkciju kas rineimo failus randomaa pieskirot nosaukumu izmantojot ciparus 0-9.. bet ir probleema.. :\ uplodeju failu fails.php.png vins veiksmigi tiek parsaukts par 527852.png, bet aizejot uz izvadīto linku http://saits.lv/up/files/527852.png vins man browzerii paraada PHP kodu :\ pagaidām esmu apstājies pie shaada risinaajuma, ko sakat? if ($uploaded_type =="text/php"){ echo "No PHP files!<br>"; $ok=0; } P.S. Ja netikšu galā, tad atliek pēdējais risinājums.. cik jūs prasat, lai uztaisītu parastu PHP upload sisteemu (droshu, valiidu, bez DB izmantoshanas) ar paris ficham, kas ieprieksejos postos izteiktas.. dizains nebus vajadzigs, pats tikshu galā ;) cik Latvju Valuutas prasat par shadu darbu? Neko krutu nevajadzēs.. to kas man ir tikai uzlabotu, bet tomer svaigi kodeetu.. Edited February 27, 2007 by archee Link to comment Share on other sites More sharing options...
hackerman Posted February 27, 2007 Report Share Posted February 27, 2007 Es domāju, ka nav vērts maksāt par upload skriptu... Link to comment Share on other sites More sharing options...
andrisp Posted February 27, 2007 Report Share Posted February 27, 2007 (edited) archee, lai tak rāda to kodu browserī. Galvenais, lai [serveris] nenopārsē. Edited February 27, 2007 by andrisp Link to comment Share on other sites More sharing options...
Recommended Posts