Upload script question? uploaded PHP script with png ext.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Upload script question? uploaded PHP script with png ext.

Post by volito »

OK here is a strange one !
Someone uploaded a PHP script with a png ext.. "Written and saved as a png file".

Here is a link to png file. I left it on server for now till I figure out if it is a functional script or someone trying to tell me something . "I have a PHP script that allows members to upload pics" Can someone tell me if this script will actually work or what it suppose to do?


http://www.statenislandsoccer.com/uploa ... ck.php.png

Any thoughts?
Author of upload script GONE "I guess there site is down"
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

As it says in the code, it attacks a server. Granted, the loop has been removed, so the attack is extremely minimal, but it is an attack none-the-less.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Looks like the code isn't executing though, so I would assume the uploaded files are not getting execute permissions at least. You might want to add some checks in there to ensure the uploads are really images.
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Post by volito »

agtlewis wrote: You might want to add some checks in there to ensure the uploads are really images.

Please explain or give example? "You mean add to script to double check if it is a image that is being uploaded. Obviously script is allowing anything as long as the ext. is png"


Should I just delete from server and forget it?


thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Here is a class I found on php.net. Perhaps someone can help you integrate it with your current code.

Code: Select all

<?php
class picture
{
       var $save_dir;                    //where file will be saved
       var $filename="spacer.gif";        //default file name initially
       var $error_message="";            //string to be output if neccesary
       var $width;                        //height of final image
       var $height;                      //width of final image

       function picture($save_directory, $file_array, $max_width, $max_height)
       {
               $this->save_dir = $save_directory;               
               $this->width =    $max_width;
               $this->height =  $max_height;

               //--change filename to time - make it unique
               $temp_filename = $file_array['name'];
               $ext = explode('.',$temp_filename);
               $ext = $ext[count($ext)-1];
               $temp_filename = time().".".$ext;

               //--check that it's a jpeg or gif
               if (preg_match('/^(gif|jpe?g)$/',$ext)) {
                       // resize in proportion
                       list($width_orig, $height_orig) = getimagesize($file_array['tmp_name']);
                       if ($this->width && ($width_orig < $height_orig)) {
                               $this->width = ($this->height / $height_orig) * $width_orig;
                       } else {
                               $this->height = ($this->width / $width_orig) * $height_orig;
                       }

                       $image_p = imagecreatetruecolor($this->width, $this->height);                       

                       //handle gifs and jpegs separately
                       if($ext=='gif'){
                           $image = imagecreatefromgif($file_array['tmp_name']);                           
                           imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);
                           imagegif($image_p, $this->save_dir.$temp_filename, 80);
                       }
                       else
                       {
                           $image = imagecreatefromjpeg($file_array['tmp_name']);                           
                           imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);                           
                           imagejpeg($image_p, $this->save_dir.$temp_filename, 80);
                       }

                       imagedestroy($image_p);
                       imagedestroy($image);

                       $this->filename=$temp_filename;

               }else{
                       $this->error_message.="<br> file is not a jpeg or gif picture <br>";
               }
       }
}
?>
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Post by volito »

Thanks for your time.

Would that be possible to add to current code or should I just post code I am using so all can see.


Maybe there is something missing from my code that was over looked by the original writer.



If yes did you post PHP using quote function on boards?

Sorry new here



edited; I just looked at code in my script it is pretty BIG and all wrapped in a index.php

Is it OK to post script here?


Thanks again
Last edited by volito on Mon Mar 06, 2006 10:12 am, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The file on your server is malicious, it should not be used at all. It is designed to attack another server, not work with images.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Yeah post your code using the PHP button to open and close the php brackets.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

volito wrote:
agtlewis wrote: You might want to add some checks in there to ensure the uploads are really images.

Please explain or give example? "You mean add to script to double check if it is a image that is being uploaded. Obviously script is allowing anything as long as the ext. is png"


Should I just delete from server and forget it?


thanks
getimagesize() would determine if it's really an image.

I personally wouldn't delete it... I like to keep things like this for reference. Are you sure it was uploaded via the website? It wouldn't be much use by itself over HTTP unless your web server is really insecure. It could however be executed on a shared host via the shell (or another script). Do you have any areas on your website that execute shell commands... if so, I'd have a look at your securiy measures taken there too ;)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

feyd wrote:The file on your server is malicious, it should not be used at all. It is designed to attack another server, not work with images.
I think someone used his upload form to upload that file.

EDIT: Especially considering they gave it a .png file extension.
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

PHP

Post by volito »

Code: Select all

?>
<?
if (@phpversion() < '4.1.0') {
    $_FILE = $HTTP_POST_FILES;
    $_GET = $HTTP_GET_VARS;
    $_POST = $HTTP_POST_VARS;
}
clearstatcache();
error_reporting(E_ALL & ~E_NOTICE);
$fum_vers = "1.3"; # do not edit this line, the script will not work!!!
$fum_info_full = "File Upload Manager v$fum_vers";

function authDo($auth_userToCheck, $auth_passToCheck) 
{
	global $auth_usern, $auth_passw;
	$auth_encodedPass = md5($auth_passw);
	
	if ($auth_userToCheck == $auth_usern && $auth_passToCheck == $auth_encodedPass) {
	$auth_check = TRUE;
	} else {
	$auth_check = FALSE;
	} 
	return $auth_check;
	}
	
	if (isset($logout)) {
	setcookie ('fum_user', "",time()-3600); 
	setcookie ('fum_pass', "",time()-3600);
	}
		
	if (isset($login)) {
	$auth_password_en = md5($auth_formPass); 
	$auth_username_en = $auth_formUser;

	if (authDo($auth_username_en, $auth_password_en)) { 
	setcookie ('fum_user', $auth_username_en,time()+3600); 
	setcookie ('fum_pass', $auth_password_en,time()+3600); 
	$auth_msg = "<b>Authentication successful!</b> The cookies have been set.<br><br>".
	$auth_msg . "Your password (MD5 encrypted) is: $auth_password_en";
	} else { 
	$auth_msg = "<b>Authentication error!</b>";
	}
}

if (($_GET[act]=="dl")&&$_GET[file]) 
{
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && isset($fum_user) && !isset($logout))) { 
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && authDo($fum_user, $fum_pass))) {

	$value_de=base64_decode($_GET[file]);
	$dl_full=$dir_store."/".$value_de;
	$dl_name=$value_de;

	if (!file_exists($dl_full))
	{ 
	echo"ERROR: Cannot download file, it does not exist.<br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";  
	exit();
	} 
	
	header("Content-Type: application/octet-stream");
	header("Content-Disposition: attachment; filename=$dl_name");
	header("Content-Length: ".filesize($dl_full));
	header("Accept-Ranges: bytes");
	header("Pragma: no-cache");
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Content-transfer-encoding: binary");
			
	@readfile($dl_full);
	
	exit();

	}
	}
}

function getlast($toget)
{
	$pos=strrpos($toget,".");
	$lastext=substr($toget,$pos+1);

	return $lastext;
}

function replace($o)
{
	$o=str_replace("/","",$o);
	$o=str_replace("\\","",$o);
	$o=str_replace(":","",$o);
	$o=str_replace("*","",$o);
	$o=str_replace("?","",$o);
	$o=str_replace("<","",$o);
	$o=str_replace(">","",$o);
	$o=str_replace("\"","",$o);
	$o=str_replace("|","",$o);
	
	return $o;
}

?>
<!-- <?=$fum_info_full?> -->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><? echo ($title) ? ($title) : ("File Upload Manager"); ?></title>
<link rel="stylesheet" href="<?=$dir_img?>/<?=$style?>.css" type="text/css">
<?
	if ($auth_ReqPass == 1) 
	{ 
		if (isset($login) || isset($logout)) {
			echo("<meta http-equiv='refresh' content='2;url=$_SERVER[PHP_SELF]'>");
		}
	}
?>
</head>
<body bgcolor="#F7F7F7"><br><br>
<center>
<?	
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && isset($fum_user) && !isset($logout))) { 
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && authDo($fum_user, $fum_pass))) {
?>
<table width="560" cellspacing="0" cellpadding="0" border="0">
  <tr>
    <td><font size="3"><b><i><? echo ($title) ? ($title) : ("File Upload Manager"); ?></i></b></font>&nbsp;<font style="text-decoration: bold; font-size: 9px;">v<?=$fum_vers?></font>&nbsp;
<? 
	#--Please do not remove my link/copyright as it is unfair and a breach of the license--#
	echo"<a href=\"http://www.mtnpeak.net\" style=\"text-decoration: none; color: #C0C0C0; font-size: 9px; cursor: default\";>&copy; thepeak</a>"; 
?>
    </td>
   </tr>
</table>
<?
	if (!eregi("777",decoct(fileperms($dir_store))))
	{
		echo"<br><br><b><h4><font color=\"FF0000\">ERROR: cannot access the upload store file directory. please chmod the \"$dir_store\" directory with value 0777 (xrw-xrw-xrw)!</h4></font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">refresh</a>";
	}
	else
	{
		if (!$_FILES[fileupload])
		{
?>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-top:5px;padding-left=5px;padding-bottom:5px;padding-right:5px">
  <form method="post" enctype="multipart/form-data">
  <tr>
    <td>file:</td><td><input type="file" name="fileupload" class="textfield" size="30"></td>
  </tr>
  <tr>
    <td>rename to:</td><td><input type="text" name="rename" class="textfield" size="46"></td>
  </tr>
  <tr>
    <td>file types allowed:</td><td>
	<?
	for($i=0;$i<count($file_ext_allow);$i++)
	{
		if (($i<>count($file_ext_allow)-1))$commas=", ";else $commas="";
		list($key,$value)=each($file_ext_allow);
		echo $value.$commas;
	}
	?>
    </td>
  </tr>
  <tr>
    <td>file size limit:</td>
	<td>
		<b><?
			if ($file_size_ind >= 1048576) 
			{
				$file_size_ind_rnd = round(($file_size_ind/1024000),3) . " MB";
			} 
			elseif ($file_size_ind >= 1024) 
			{	
				$file_size_ind_rnd = round(($file_size_ind/1024),2) . " KB";
			} 
			elseif ($file_size_ind >= 0) 
			{
				$file_size_ind_rnd = $file_size_ind . " bytes";
			} 
			else 
			{
				$file_size_ind_rnd = "0 bytes";
			}
			
			echo "$file_size_ind_rnd";
		?></b>
	</td>
  </tr>
  <tr>
    <td colspan="2"><input type="submit" value="upload" class="button">&nbsp;<input type="reset" value="clear" class="button"></td>
  </tr>
  </form>
</table>
<?
		if ((!$_GET[act]||!$_GET[file])&&$_GET[act]!="delall")
		{
			$opendir = @opendir($dir_store);

			while ($readdir = @readdir($opendir))
			{
				if ($readdir<>"." && $readdir<>".." && $readdir != "index.html")
				{
					$filearr[] = $readdir;
				}
				$sort=array();
				for($i=1;$i<=count($filearr);$i++)
				{
					$key = sizeof($filearr)-$i;
					$file = $filearr[$key];

					$sort[$i]=$file;
				}
				asort($sort);
			}
?>
<br>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-left:5px">
  <tr>
    <td><b>admin tools:</b>
<? 
	if ($file_del_allow != 1 && $auth_ReqPass != 1)
	{
		echo"<i>none</i>";
	}

	if ($file_del_allow == 1 && $file_list_allow == 1 && (count($filearr) >= 1)) 
	{ 
		echo"<a href=\"javascript:;\" onClick=\"cf=confirm('Are you sure you want to delete ALL FILES?');if (cf)window.location='?act=delall'; return false;\" style=\"font-size: 9px;\"><delete all files></a>";
	}
	
	if ($auth_ReqPass == 1) 
	{ 
		echo"&nbsp;<a href=\"$_SERVER[PHP_SELF]?logout=1\" style=\"font-size: 9px;\"><log-out><a>";
	}
?>
    </td>
  </tr>
</table>
<br>
<?	
			if ($file_list_allow == 1 && (count($filearr) >= 1)) 
			{
?>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-left:6px">
  <tr bgcolor="#DBDBDB">
    <td align="left" width="46%">FILE NAME</td>
    <td align="center" width="12%">FILE TYPE</td>
    <td align="center" width="12%">FILE SIZE</td>
    <td align="center" width="30%">FUNCTIONS</td>
  </tr>
<?
				for($i=1;$i<=count($sort);$i++)
				{
					list($key,$value)=each($sort);

					if ($value)
					{
						$value_en = base64_encode($value);
						$value_view=$value;
						
							if (strlen($value) >= 48) 
							{ 
								$value_view = substr($value_view, 0, 45) . '...';
							}
?>
<tr>
    <td width="30%"><?="<a href=\"?act=view&file=$value_en\">$value_view</a>"?></td>
    <td align="center" width="5%"><? echo strtoupper(getlast($value)); ?></td>
    <td align="center" width="5%"><?

    	$value_full = $dir_store."/".$value;
    	$file_size = filesize($value_full);
		
		if ($file_size >= 1048576) 
		{
			$show_filesize = number_format(($file_size / 1048576),2) . " MB";
		} 
		elseif ($file_size >= 1024) 
		{
			$show_filesize = number_format(($file_size / 1024),2) . " KB";
		} 
		elseif ($file_size >= 0) 
		{
			$show_filesize = $file_size . " bytes";
		} 
		else 
		{
			$show_filesize = "0 bytes";
		}

		echo "$show_filesize";
		
?></td>
    <td align="center" width="5%"><?="<a title=\"View File\" href=\"?act=view&file=$value_en\"><view></a>"?> | 
<?
	if ($file_del_allow == 1) 
	{ 
		echo"<a title=\"Download file\" href=\"?act=dl&file=$value_en\"><dl></a>";
 	} 
	else 
	{ 
		echo"<a title=\"Download file\" href=\"?act=dl&file=$value_en\"><download></a>"; 
	} 

	if ($file_del_allow == 1) 
	{ 
		echo"&nbsp;|&nbsp;<a title=\"Delete file\" href=\"javascript:;\" onClick=\"cf=confirm('Are you sure you want to delete this file?');if (cf)window.location='?act=del&file=$value_en'; return false;\"><delete></a>";
	} 
	else 
	{ 
		echo"&nbsp;"; 
	} 
?>
    </td>
</tr>
<?
				}
				else
				{
					echo"<br>";
				}
				}
?>
</table></center>
<?
			}
		}
		elseif (($_GET[act]=="view")&&$_GET[file])
		{
			$value_de = base64_decode($_GET[file]);
			echo"<script language=\"javascript\">\nViewPopup = window.open(\"$dir_store/$value_de\", \"fum_viewfile\", \"toolbar=no,status=no,menubar=no,scrollbars=yes,resizable=yes,location=no,width=640,height=480\")\nViewPopup.document.bgColor=\"#F7F7F7\"\nViewPopup.document.close()\n</script>";
			echo"<br><img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">file opened!</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a><br><br><br>If the file did not display, you must <b>disable</b> your popup manager, or enable javascript in your browser.";
		}
		elseif (($_GET[act]=="del")&&$_GET[file])
		{
			$value_de = base64_decode($_GET[file]);
			@unlink($dir_store."/$value_de");
			echo"<br><img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">file has been deleted!</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
		}
		if ($_GET[act]=="delall")
		{
			$handle = opendir($dir_store);
			while($file=readdir($handle))
			if (($file != ".")&&($file != ".."))
			@unlink($dir_store."/".$file);
			closedir($handle);

			echo"<br><img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">all files have been deleted!</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
		}

	}
	else
	{
		echo"<br><br>";
		$uploadpath=$dir_store."/";
		$source=$_FILES[fileupload][tmp_name];
		$fileupload_name=$_FILES[fileupload][name];
		$weight=$_FILES[fileupload][size];

		for($i=0;$i<count($file_ext_allow);$i++)
		{
			if (getlast($fileupload_name)!=$file_ext_allow[$i])
				$test.="~~";
		}
		$exp=explode("~~",$test);

		if (count($exp)==(count($file_ext_allow)+1))
		{
			echo"<br><img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">ERROR: your file type is not allowed (".getlast($fileupload_name).")</font>, or you didn't specify a file to upload.</b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
		}
		else
		{

			if ($weight>$file_size_ind)
			{
				echo"<br><img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">ERROR: please get the file size less than ".$file_size_ind." BYTES  (".round(($file_size_ind/1024),2)." KB)</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
			}
			else
			{

				foreach($_FILES[fileupload] as $key=>$value)
				{
					echo"<font color=\"#3399FF\">$key</font> : $value <br>";
				}

				echo "<br>";

				$dest = ''; 

				if (($source != 'none') && ($source != '' ))
				{
					$dest=$uploadpath.$fileupload_name;
					if ($dest != '')
					{
						if (file_exists($uploadpath.$fileupload_name))
						{
							echo"<br><img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">ERROR: that file has already been uploaded before, please choose another file</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
						}
						else
						{
							if (copy($source,$dest))
							{
								if ($_POST[rename])
								{
									$_POST[rename]=replace($_POST[rename]);
									$exfile=explode(".",$fileupload_name);
									
									if (@rename("$dir_store/$fileupload_name","$dir_store/$_POST[rename].".getlast($fileupload_name))) 
									{
										echo"<br><img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">file has been renamed to $_POST[rename].".getlast($fileupload_name)."!</font></b></font><br>";
									}
								}
								echo"<br><img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">file has been uploaded!</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
							}
							else
							{
								echo"<br><img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\">&nbsp;<b><font size=\"2\">ERROR: cannot upload, please chmod the dir to 777</font></b><br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
							}
						}
					}
				}
			}
		}
	}
}

#/# end of main script, start authentication code IF user not logged in IF $auth_ReqPass is enabled

	} 
	else 
	{
		echo("<p><img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\">&nbsp;Authentication error</p>" .
"<p><a href='$_SERVER[PHP_SELF]?logout=1'>Delete cookies and login again<a></p>");
	}
	} 
	else 
	{

	if (!isset($login) || isset($relogin)) {
?>
<font size="3"><b><i><? echo ($title) ? ($title) : ("File Upload Manager"); ?></i> - Authentication</b></font><br><br>
<table class="table_auth"><tr><td><center>
Please enter the username and password to enter the restricted area.<br>
You must have cookies enabled in your browser to continue.
</center></td></tr></table>
<form action="<?=$_SERVER[PHP_SELF]?>?login=1" method="POST"><p>
Username: <input type="text" name="auth_formUser" size="20"><br>
Password: <input type="password" name="auth_formPass" size="20">
<p><input type="submit" name="submit" class="button" value="Log-In"></p>
</form></center>
<?
	} 
	elseif (isset($login)) 
	{
		echo("<p>$auth_msg</p>" . "<p>You'll be redirected in 2 seconds!</p>");
	}
	}
?>
</body>
</html>
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Post by volito »

OK that's the free script I am using? "copyrighted so hope it's OK to post it"

And yes it is a upload form that puts pictures in a directory and visitors can view.


Are you sure it was uploaded via the website? It wouldn't be much use by itself over HTTP unless your web server is really insecure. It could however be executed on a shared host via the shell (or another script). Do you have any areas on your website that execute shell commands

Most positive checked web server logs and see the post command for that directory.
No shared Host ! only use a few PHP scripts on server - guestbook, email form, message board.


I am not a programmer so not really sure what you mean by shell commands. Just using PHP scripts, Don't have no execute permissions on any folder or directory "going to double check that now' Because I remember some files had to be CHMOD "full permissions"


Thanks again

Edited: Just searched Shell Commands- There are no user interface "GUI" that allows host to execute and control OS commands. "Hope I read that and understood it some what correct" Maybe just the PHP scripts because they do have write permissions and I think on one script it only worked with full permissions. Checking now.


PS: Server Is a windows BOX
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Post by volito »

Uploaded another one and it was license of one of my scripts. Guess this person is bored !

Found these flaws:
url to view a file: /index.php?act=view&file=d2VlLnBocC50eHQ=
url to delete the same file: /index.php?act=del&file=d2VlLnBocC50eHQ=

http://diswww.mit.edu/menelaus.mit.edu/bt/39137


here is server log;
89.52.52.202 - - [06/Mar/2006:08:18:31 -0800] "GET /upload/fileupload/index.php?act=view&file=d2ViYWRtaW4ucGhwLmdpZg== HTTP/1.1" 200 2283

IP from Germany "unless proxy"

so far i enabled password on script.

Any ideas where to add array's to validate uploads?
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

volito, may I ask: how do you use this script? From what I understand from you posts, you place it on your server and let people (anyone) upload pictures? As far as I know that will always be a big security problem. You'd better look around for a more secure script and make sure it is not accessible, by protecting the directory it is in.
volito
Forum Newbie
Posts: 9
Joined: Wed Dec 07, 2005 9:48 pm

Post by volito »

yes! I enabled password protection on script as this person already uploaded anther script. Now I am checking what this person actually did. As all my programs are broadcasting to IP 239.255.255.255. on port 1900 using UDP.

running all test as I type this reply :(
Post Reply