|
PHP - Remote Exploit Vulnerability In Bash
Does anyone already fix the bug. I found something interesting in the error_log file this morning
x.x.x.x - - [25/Sep/2014:01:12:34 -0500] "GET /cgi-bin/defaul_p.cgi HTTP/1.0" 404 312 "-" "() { :;}; /bin/ping -c 5 "209.126.230.74"
Similar TutorialsI opened a thread yesterday about an XSS vulnerability when the user is logged in. I'll summarize is in a short quote: Quote http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")> This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break. xyph solved my problem with this: Code: [Select] foreach( $_REQUEST as $key => $val ) $_REQUEST[$key] = htmlentities($val); He warned me it was a risky but I didn't take him that seriously. Well guess he was right. The foreach loop he gave me does protect me from the XSS attack, but it also disables the users to use any kind of code in the pages. Next time xyph warns me its risky, I'll know he means it. Now to my problem, how do I use this foreach loop without disabling the user of using simple html tags? Here's the file (editText.php) where the foreach loop was used: Code: [Select] <?php session_start(); // THE LOOP WAS USED HERE BUT I REMOVED IT DUE TO THE USERS PROBLEM. function getSlug( $page ) { $page = strip_tags( $page ); preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches ); $matches = array_map( "ucfirst", $matches[0] ); $slug = implode( "-", $matches ); return $slug; } $fieldname = $_REQUEST['fieldname']; $encrypt_pass = @file_get_contents("files/password"); if ($_COOKIE['wondercms']!=$encrypt_pass) { echo "You must login before using this function!"; exit; } $content = rtrim(stripslashes($_REQUEST['content'])); // if to only allow specified tags if($fieldname=="title") $content = strip_tags($content); else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>"); $content = trim($content); $content = nl2br($content); if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here."; $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content); if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname"; else $fname = $fieldname; $file = @fopen("files/$fname.txt", "w"); if(!$file) { echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>". "Please set the correct read/write permissions to the files folder.<br/> Find the /files/ folder and CHMOD it to 751.<br /><br /> If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br /> If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>."; exit; } fwrite($file, $content); fclose($file); echo $content; // convert udf-8 hexadecimal to decimal function conv($hex) { $dec = hexdec($hex); return "&#$dec;"; } ?> i just want to ask this simple question let say i have this basic query $place=$_GET['place']; mysql_query("SELECT * FROM table WHERE place='$place'"); this is a nice target for sql injection.. but what if i replace the whole special characters that could be added $replacethis=array("-","`"); $withthis=array("",""); $place=str_replace($replacethis,$withthis,$_GET['place']); mysql_query("SELECT * FROM table WHERE place='$place'"); Are they still able to do the basic sql injection by trying to get the error by adding special character although i didn't use mysql_real_escape_string() ?? then what if i protect the file by changing the setting of the permission to either 644 or 755? thanks in advance Does this code have mySQL Injection vulnerability?
$query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')";
using php5, would this make the code more safe...
foreach($array as $key=>$a){
$array[$key] = mysql_real_escape_string($a);}
$query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')";
or is there another way to make the code safe?
I have a problem which I've been trying to fix for a while now with htmlentities. I've written my own small cms which is available for the public, and recently I recieved a report that it's vulnerable to an XSS attack: http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")> This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break. I've been rolling around the internet trying to find a simple answer how to prevent this XSS attack with HTMLENTITIES. I've even tried writing my own solutions with the htmlentities and it doesn't seem to solve the problem/stop the attack. I'm thinking something like htmlEntities($content); //but again, this won't do the job. Here's the editText.php Code: [Select] <?php session_start(); function getSlug( $page ) { $page = strip_tags( $page ); preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches ); $matches = array_map( "ucfirst", $matches[0] ); $slug = implode( "-", $matches ); return $slug; } $fieldname = $_REQUEST['fieldname']; $encrypt_pass = @file_get_contents("files/password"); if ($_COOKIE['wondercms']!=$encrypt_pass) { echo "You must login before using this function!"; exit; } $content = rtrim(stripslashes($_REQUEST['content'])); // if to only allow specified tags if($fieldname=="title") $content = strip_tags($content); else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>"); $content = trim($content); $content = nl2br($content); if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here."; $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content); if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname"; else $fname = $fieldname; $file = @fopen("files/$fname.txt", "w"); if(!$file) { echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>". "Please set the correct read/write permissions to the files folder.<br/> Find the /files/ folder and CHMOD it to 751.<br /><br /> If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br /> If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>."; exit; } fwrite($file, $content); fclose($file); echo $content; // convert udf-8 hexadecimal to decimal function conv($hex) { $dec = hexdec($hex); return "&#$dec;"; } ?> There are only 3 files altogether, if someone needs index I'll post that too. Hello my mcafee secure gave me a MySQL Database Error Disclosure Vulnerability error found in this code i installed here is the code in question maybe someone can help me find a fix for it thanks pfrom=From pto=To refine=Refine+your+results categories_id=334 search_in_description=1 subsearch=0 max_pages=x%27%3B%22%2C%29%60 THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA. The following is an acceptable solution however it is not optimal. Implement content parsing on data input fields including URL parameters. Remove the following characters from any user or dynamic database input: (examples in VBScript) ' (escape the single quote) input = replace( input, "'", "''" ) " (double quote) input = replace( input, """", "" ) ) (close parenthesis) input = replace( input, ")", "" ) ( (open parenthesis) input = replace( input, "(", "" ) ; (semi-colon) input = replace( input, ";", "" ) - (dash) input = replace( input, "-", "" ) | (pipe) input = replace( input, "|", "" ) On text input it is recommended to append quotes around the user supplied input. Please contact ScanAlert Support if you need further instructions. Code: [Select] <?php require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH); ?> <script language="javascript" src="includes/general.js"></script> <script language="javascript" src="includes/jquery1.2.6.js"></script> <script language="javascript"> <!-- function check_form() { var error_message = "<?php echo JS_ERROR; ?>"; var error_found = false; var error_field; var keywords = document.adv_filter.refine.value; var pfrom = document.adv_filter.pfrom.value; var pto = document.adv_filter.pto.value; var pfrom_float; var pto_float; if (((keywords == '') || (keywords.length < 1)) && ((pfrom == '') || (pfrom.length < 1)) && ((pto == '') || (pto.length < 1))) { error_message = error_message + "* <?php echo ERROR_AT_LEAST_ONE_INPUT; ?>\n"; error_field = document.advanced_search.keywords; error_found = true; } if (pfrom.length > 0) { pfrom_float = parseFloat(pfrom); if (isNaN(pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_FROM_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pfrom; error_found = true; } } else { pfrom_float = 0; } if (pto.length > 0) { pto_float = parseFloat(pto); if (isNaN(pto_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } else { pto_float = 0; } if ((pfrom.length > 0) && (pto.length > 0)) { if ((!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float < pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_LESS_THAN_PRICE_FROM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } if (error_found == true) { alert(error_message); error_field.focus(); return false; } else { return true; } } function popupWindow(url) { window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=450,height=280,screenX=150,screenY=150,top=150,left=150') } //Search Box controls $(document).ready( function() { searchBox(); } ); function searchBox() { $("#refine").focus( function() { if(this.value=='<?php echo REFINE_RESULTS; ?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#refine").val()=='<?php echo REFINE_RESULTS; ?>') { $("#refine").val(''); } } ); $("#refine").blur( function() { if(this.value=='') { this.value='<?php echo REFINE_RESULTS; ?>'; }; } ); $("#pfrom").focus( function() { if(this.value=='<?=PRICE_FROM?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pfrom").val()=='<?=PRICE_FROM?>') { $("#pfrom").val(''); } } ); $("#pfrom").blur( function() { if(this.value=='') { this.value='<?=PRICE_FROM?>'; }; } ); $("#pto").focus( function() { if(this.value=='<?=PRICE_TO?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pto").val()=='<?=PRICE_TO?>') { $("#pto").val(''); } } ); $("#pto").blur( function() { if(this.value=='') { this.value='<?=PRICE_TO?>'; }; } ); } //--> </script> <?php $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; if ($HTTP_POST_VARS['max_pages']) { $hold_max_pages = $HTTP_POST_VARS['max_pages']; } else { $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; } $error = false; if ( (isset($HTTP_POST_VARS['refine']) && empty($HTTP_POST_VARS['refine'])) && (isset($HTTP_POST_VARS['pfrom']) && !is_numeric($HTTP_POST_VARS['pfrom'])) && (isset($HTTP_POST_VARS['pto']) && !is_numeric($HTTP_POST_VARS['pto'])) ) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } else { $pfrom = ''; $pto = ''; $keywords = ''; if (isset($HTTP_POST_VARS['pfrom']) && $HTTP_POST_VARS['pfrom'] !== PRICE_FROM) { $pfrom = $HTTP_POST_VARS['pfrom']; } if (isset($HTTP_POST_VARS['pto']) && $HTTP_POST_VARS['pto'] !== PRICE_TO) { $pto = $HTTP_POST_VARS['pto']; } if (isset($HTTP_POST_VARS['refine']) && $HTTP_POST_VARS['refine'] !== REFINE_RESULTS) { $keywords = $HTTP_POST_VARS['refine']; } $price_check_error = false; if (tep_not_null($pfrom)) { if (!settype($pfrom, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); } } if (tep_not_null($pto)) { if (!settype($pto, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); } } if (($price_check_error == false) && is_float($pfrom) && is_float($pto)) { if ($pfrom >= $pto) { $error = true; $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); } } if (tep_not_null($keywords)) { if (!tep_parse_search_string($keywords, $search_keywords)) { $error = true; $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); } } } if (empty($pfrom) && empty($pto) && empty($keywords)) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } if ((isset($HTTP_POST_VARS['refine']) && (!empty($HTTP_POST_VARS['refine']) || ($HTTP_POST_VARS['refine'] !== REFINE_RESULTS))) || (isset($HTTP_POST_VARS['pfrom']) && is_numeric($HTTP_POST_VARS['pfrom'])) || (isset($HTTP_POST_VARS['pto']) && is_numeric($HTTP_POST_VARS['pto']))) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } $select_str = "select distinct " . $select_column_list . " m.manufacturers_id, p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price "; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $select_str .= ", SUM(tr.tax_rate) as tax_rate "; } $from_str = "from ((" . TABLE_PRODUCTS . " p) left join " . TABLE_MANUFACTURERS . " m using(manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_CATEGORIES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c"; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { if (!tep_session_is_registered('customer_country_id')) { $customer_country_id = STORE_COUNTRY; $customer_zone_id = STORE_ZONE; } $from_str .= " left join " . TABLE_TAX_RATES . " tr on p.products_tax_class_id = tr.tax_class_id left join " . TABLE_ZONES_TO_GEO_ZONES . " gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '" . (int)$customer_country_id . "') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '" . (int)$customer_zone_id . "')"; } $where_str = " where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id "; if (isset($HTTP_POST_VARS['categories_id']) && tep_not_null($HTTP_POST_VARS['categories_id'])) { if (isset($HTTP_POST_VARS['inc_subcat']) && ($HTTP_POST_VARS['inc_subcat'] == '1')) { $subcategories_array = array(); tep_get_subcategories($subcategories_array, $HTTP_POST_VARS['categories_id']); $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; for ($i=0, $n=sizeof($subcategories_array); $i<$n; $i++ ) { $where_str .= " or p2c.categories_id = '" . (int)$subcategories_array[$i] . "'"; } $where_str .= ")"; } else { $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; } } if (isset($HTTP_POST_VARS['manufacturers_id']) && tep_not_null($HTTP_POST_VARS['manufacturers_id'])) { $where_str .= " and m.manufacturers_id = '" . (int)$HTTP_POST_VARS['manufacturers_id'] . "'"; } if (isset($search_keywords) && (sizeof($search_keywords) > 0)) { $where_str .= " and ("; for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ ) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = tep_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . tep_db_input($keyword) . "%' or p.products_model like '%" . tep_db_input($keyword) . "%' or m.manufacturers_name like '%" . tep_db_input($keyword) . "%'"; if (isset($HTTP_POST_VARS['search_in_description']) && ($HTTP_POST_VARS['search_in_description'] == '1')) $where_str .= " or pd.products_description like '%" . tep_db_input($keyword) . "%'"; $where_str .= ')'; break; } } $where_str .= " )"; } if (tep_not_null($pfrom)) { if ($currencies->is_set($currency)) { $rate = $currencies->get_value($currency); $pfrom = $pfrom / $rate; } } if (tep_not_null($pto)) { if (isset($rate)) { $pto = $pto / $rate; } } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= " . (double)$pto . ")"; } else { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")"; } if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $where_str .= " group by p.products_id, tr.tax_priority"; } if ( (!isset($HTTP_POST_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_POST_VARS['sort'])) || (substr($HTTP_POST_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $HTTP_POST_VARS['sort'] = $i+1 . 'a'; $order_str = ' order by pd.products_name'; break; } } } else { $sort_col = substr($HTTP_POST_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_POST_VARS['sort'], 1); $order_str = ' order by '; switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $order_str .= "p.products_model " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $order_str .= "pd.products_name " . ($sort_order == 'd' ? "desc" : ""); break; case 'PRODUCT_LIST_MANUFACTURER': $order_str .= "m.manufacturers_name " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $order_str .= "p.products_quantity " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $order_str .= "pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $order_str .= "p.products_weight " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $order_str .= "final_price " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; } } $listing_sql = $select_str . $from_str . $where_str . $order_str; } $listing_split = new splitPageResults($listing_sql, $hold_max_pages, 'p.products_id'); if (($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3'))) { ?> <div class="infoBoxContents" style="padding:0.5em; text-align:center;"> <form name="filter" action="<?php echo tep_href_link(basename($PHP_SELF),tep_get_all_get_params(array('pfrom', 'pto', 'refine', 'page', 'info', 'x', 'y', 'manufacturers_id'))); ?>" method="post"> <label for="pfrom" class="fieldKey"><?=PRICE_RANGE?></label> <input id="pfrom" name="pfrom" value="<?=PRICE_FROM?>" class="fieldValue" style="width:5em" /> - <input id="pto" name="pto" value="<?=PRICE_TO?>" class="fieldValue" style="width:5em" /> <input id="refine" type='text' name='refine' value="<?=REFINE_RESULTS?>" style='width:42%;' class="fieldValue" /> <?php echo tep_draw_hidden_field('categories_id', (int)$current_category_id) . tep_draw_hidden_field('search_in_description', '1') . tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH, "id='subsearch' name='subsearch' style='margin:0 5px;'"); ?> <div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { $filterlist_sql = "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); echo tep_draw_hidden_field('sort', $HTTP_POST_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('manufacturers_id', $options, (isset($HTTP_POST_VARS['manufacturers_id']) ? $HTTP_POST_VARS['manufacturers_id'] : ''), 'onchange="this.form.submit()"'); } } ?> </div><div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php $all = $listing_split->number_of_rows; $page_options = array(array('id' => $hold_max_pages, 'text' => sprintf(SHOWING_RESULTS, $hold_max_pages))); $page_options[] = array('id' => $all, 'text' => sprintf(SHOW_RESULTS, 'All') . " ($all)"); $page_options[] = array('id' => 5, 'text' => sprintf(SHOW_RESULTS, 5)); $page_options[] = array('id' => 15, 'text' => sprintf(SHOW_RESULTS, 15)); $page_options[] = array('id' => 25, 'text' => sprintf(SHOW_RESULTS, 25)); $page_options[] = array('id' => 50, 'text' => sprintf(SHOW_RESULTS, 50)); echo tep_hide_session_id(); echo tep_draw_pull_down_menu('max_pages', $page_options, '', 'onchange="this.form.submit()"'); ?> </div> </form> <div> <?php // Sort columns by ??? You may need to rearrange the numbers in order of your columns in product listing echo SORT_BY . tep_create_sort_heading($HTTP_GET_VARS['sort'], 1, TABLE_HEADING_MODEL) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 4, TABLE_HEADING_PRODUCTS) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 2, TABLE_HEADING_MANUFACTURER) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 5, TABLE_HEADING_PRICE); ?> </div> </div> <div class="smallText" style="display:inline-block; width:49%;"><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></div> <div class="smallText" style="display:inline-block; width:49%; text-align:right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></div> <?php } ?> This is a simple permutation function that i was converting from php:
string_gen(){
declare -a chars=('a' 'b')
max=4
let length=${#chars[@]}-1
n=0
combination=" "
for i in `seq 0 $max`;
do
let n=($n*($length))+($length)
done
remainder=0
for i in `seq 0 $n`;
do
current=$i
combination=" "
while [[ $current > 0 ]]
do
remainder=($current%$length)
echo remainder
if [ $remainder -eq 0 ]; then
combination="$combination"${chars[$length]}
else
combination="$combination"${chars[$remainder]}
current = $current/$length
fi
done
done
echo $combination
}
What is wrong with the syntax?
Link to PHP version: http://stackoverflow...o-certain-lengt
First off I want to thank everyone that is involved here in passing on the knowledge. After all that is what its all about. Okay so I want to do a campaign on password awareness and try to capitalize a little off of it. I came across the Breached_Compilation which is 1.4 billion email and plain text passwords. It has bash scripting in it to search and parse out the info from plain text documents which are in folders then prints the results in terminal. The other thing is that it posts the passwords in clear text. How would I obfuscate a portion of the clear text passwords? What would be the best way to integrate this to PHP? I am new to coding in PHP so any help is very much appreciated. Thanks an advance. Here is the Bash script.
#!/bin/bash
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
if [ "$1" != "" ]; then
letter1=$(echo ${1,,}|cut -b1)
if [[ $letter1 == [a-zA-Z0-9] ]]; then
if [ -f "$dir/data/$letter1" ]; then
grep -ai "^$1" "$dir/data/$letter1"
else
letter2=$(echo ${1,,}|cut -b2)
if [[ $letter2 == [a-zA-Z0-9] ]]; then
if [ -f "$dir/data/$letter1/$letter2" ]; then
grep -ai "^$1" "$dir/data/$letter1/$letter2"
else
letter3=$(echo ${1,,}|cut -b3)
if [[ $letter3 == [a-zA-Z0-9] ]]; then
if [ -f "$dir/data/$letter1/$letter2/$letter3" ]; then
grep -ai "^$1" "$dir/data/$letter1/$letter2/$letter3"
fi
else
if [ -f "$dir/data/$letter1/$letter2/symbols" ]; then
grep -ai "^$1" "$dir/data/$letter1/$letter2/symbols"
fi
fi
fi
else
if [ -f "$dir/data/$letter1/symbols" ]; then
grep -ai "^$1" "$dir/data/$letter1/symbols"
fi
fi
fi
else
if [ -f "$dir/data/symbols" ]; then
grep -ai "^$1" "$dir/data/symbols"
fi
fi
else
echo "[*] Example: ./query name@domain.com"
fi
I would like PHP to kick off the following command: Code: [Select] arp -a|sed 's/ /,/g'>arp.csv I also have an executable makeArpFile.sh: Code: [Select] #!/bin/bash arp -a|sed 's/ /,/g'>arp.csv And I have tried executing it in php with the following: $arp = exec("bash makeArpFile.sh", $output, $exit_code); echo("Last line: " . $arp . "\n"); echo("Output: " . $output . "\n"); echo("Exit Code: " . $exit_code . "\n"); /*returns: Last line: Output: Exit Code: 127 */ I also tried just plain old: $arp = exec("makeArpFile.sh", $output, $exit_code); echo("Last line: " . $arp . "\n"); echo("Output: " . $output . "\n"); echo("Exit Code: " . $exit_code . "\n"); /*returns: Last line: Output: Exit Code: 127 */ I can run plain old arp>arp.txt but I really need it formatted in BSD style (arp -a>arp.txt) in order to be able to parse it properly later. Any thoughts? EDIT: for fun I made a useBash.sh script that executed "bash makeArpFile.sh" still no luck. Hello, I am mounting google drive to my raspberry pi with this command from command line; sudo gdfs -o allow_other /var/www/html/gdfs.creds /media/pi/gdrives İt is working from command line, but it is not work when i execute it from web browser. Here php content;
shell_exec("sudo gdfs -o allow_other /var/www/html/gdfs.creds /media/pi/gdrives");
and i changed my sudoers file giving permission www-data. here is my sudoers file content # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL www-data ALL=NOPASSWD: ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d Can anyone tell me what i am doing wrong ? I'm trying to make colourized output of bash script in php. So far I have this:
<?php
$cmd = '/home/thebalk/FiveM/manage.sh restart';
while (@ ob_end_flush()); // end all output buffers if any
$proc = popen($cmd, 'r');
echo '<pre>';
while (!feof($proc))
{
echo fread($proc, 4096);
@ flush();
}
echo '</pre>';
//
// Converts Bashoutput to colored HTML
//
function convertBash($cmd) {
$dictionary = array(
'[1;30m' => '<span style="color:black">',
'[1;31m' => '<span style="color:red">',
'[1;32m' => '<span style="color:green">',
'[1;33m' => '<span style="color:yellow">',
'[1;34m' => '<span style="color:blue">',
'[1;35m' => '<span style="color:purple">',
'[1;36m' => '<span style="color:cyan">',
'[1;37m' => '<span style="color:white">',
'[m' => '</span>'
);
$htmlString = str_replace(array_keys($dictionary), $dictionary, $cmd);
return $htmlString;
}
?>
and my output looks like this: [1;36m BOT:[0;39m THE [1;32m TheBalkanRP-SRV01-test SERVER [0;39m WAS RUNNING [1;36m BOT:[0;39m STOPPING THE [1;32m TheBalkanRP-SRV01-test SERVER [1;36m BOT:[0;39m GTA V SERVER HAS STOPPED [1;36m BOT:[0;39m REMOVING CACHE FOLDER [1;36m BOT:[1;31m CACHE FOLDER HAS BEEN REMOVED [0;39m [1;36m BOT:[0;39m STARTING THE [1;32m TheBalkanRP-SRV01-test [0;39m SERVER [1;36m BOT:[1;32m SERVER HAS STARTED [0;39m I know my function is not connected with the code above but what is the right way to do it? Thank you! For those not knowing about this, is a new security hole found in all linux/unix based operating systems that should be patched.
http://arstechnica.c...with-nix-in-it/
Hey y'all. Probably a dumb question here but I'm at a loss. I've got a PHP service script that has an include, written as so:
$config = new Config('config/config.json');
The config directory is next to the PHP script and does contain the config.json file, so when I run this from the CLI everything works great. However, I've got about 17 PHP services I need to start and really don't feel like typing them all out, so I've written a shell script that does this: #!bin/bash cd /path/to/my/script /usr/local/bin/php ./my-script.php This does start the service, but it bombs out because it can't find the config.json file. If I change the PHP to
$config = new Config('./config/config.json');
it works as expected from the shell script. Updating the files is technically possible, but fraught right now for reasons I can't really get into (sorry). Anybody know what the difference is, or have any ideas on how to get around this? Edited September 5, 2020 by maxxdI have a PHP file in /var/www/html/ called foobar.php with the following content: Quote
<?php
I set the permissions of the foobar.php file to different settings. I set the owner and group of foobar.php and /tmp/output to different values. I tried modifying the httpd.conf file. When I placed this stanza in the httpd.conf file QuoteLoadModule php7_module /usr/lib64/httpd/modules/libphp7.so I could not restart the httpd service. I tried using just QuoteLoadModule php7_module modules/libphp7.so But this failed too. I thought PHP would interpret the file regardless of how I access it (e.g., via a web page and with the php command from a Linux terminal). How do I get PHP to invoke a Bash command when someone visits a .php web page? Hi everyone, i'm trying to get it so when i visit my webpage called start.php it executes the command (/bigbrotherbot start) in the terminal which then should start the process on my linux machine. I'm currently using this code Code: [Select] <?php shell_exec('sudo /bigbrotherbot start'); ?> This script doesn't appear to do anything though. I'm very new to php and would really appreciate the help. P.S the file bigbrotherbot is the bash script which works if i actually go to the terminal myself and type /bigbrotherbot start yet when i try to make the php do it it doesnt do anything. any ideas? Hey people! I'm currently working on an free API that i will be sharing with the web community in the next few months and had a question that much of this project hinges upon: Is there a way to allow a remote include of one php file from my server? Case: I am allowing 2 ways for users to access the APi: 1. Using AJAX or cURL accessing a REST method over POST or GET (This part is already functional) 2. Allowing an include of the API Library I'm not sure if it will be completely opensource yet, only free, this is why I don't want to simply provide the source files to users. Example of what I would like to do: <?php include('http://mysite.com/myAPI/classLib.php'); ?> Anybody have a solution for that?? Thanks in advance, E Hi, I'm writing some software and I'm wanting to store user statistics on my web-server remotely. My application outputs the statistics into a txt file and asks the user if they would like to submit this data to my server to help the project (statistics gathering ) and if they submit it I want the information stored in a mysql database on my web-server. I was thinking about passing the data in through the url in an http request to the page, but there's too much data. I'm interested in finding out if it's possible to upload a file directly to a php script. I could use FTP to place it on my server, but that would require me putting the ftp login into the program, which I don't feel safe about doing that. At least with a php script I'm able to filter and process any input before it's inserted into the database. Is it actually possible to upload directly to my server from a php file in an http request from an application though? Hi guys, I have this problem and id appreciate all your advice in helping solve it. I'm working on a service with is "cloud" hosted. However I want it so when a person employed by Corporation A logs onto myservice.corporationa.com they enter their Corporation A LDAP details but somehow that sends them to myservice.com and authenticates them. I know how to do the get LDAP details part to put on myservice.corporationa.com but no idea how to do the rest and make it send back etc. Any ideas? Many many thanks in advance. (PS - If this all makes sense please do let me know) Ok, the database I have been working on the past few days is located on my websites server (1&1) and today I am trying to get a connection to it on a website that is on a different server, but I am getting my echo statement of saying it can't find the database even though I changed it from "localhost" to the physical address of the database. Any ideas? On my website, I have a download folder containing several files ranging in size from 6Mb to 700Mb. Users have no problems downloading the smaller files but often have problems downloading the files over 500Mb. We also have an archive of all the files located on a sub-domain on a server in England. Those users that are having problems downloading large files from the main site usually have no problem downloading the large files if we send them the URL for the archive. I've added a button that calls the following script so the users can choose where to download from but have no idea how to code the script. Here's what I've tried:
// ukdloader script
<?php
$php_scripts = '../../php/';
require $php_scripts . 'PDO_Connection_Select.php';
require $php_scripts . 'GetUserIpAddr.php';
function ukdloader($l_filename=NULL)
{
$ip = GetUserIpAddr();
if (!$pdo = PDOConnect("foxclone_data"))
{
exit;
}
if( isset( $l_filename ) ) {
echo <a href="http://foxclone.org/".$l_filename"> /* This is the archive site */
$ext = pathinfo($l_filename, PATHINFO_EXTENSION);
$stmt = $pdo->prepare("INSERT INTO download (address, filename,ip_address) VALUES (?, ?, inet_aton('$ip'))");
$stmt->execute([$ip, $ext]) ;
$test = $pdo->query("SELECT id FROM lookup WHERE INET_ATON('$ip') BETWEEN start AND end ORDER BY start DESC, end DESC");
$ref = $test->fetchColumn();
$ref = intval($ref);
$stmt = $pdo->prepare("UPDATE download SET ref = '$ref' WHERE address = '$ip'");
$stmt->execute() ;
}
else {
echo "isset failed";
}
}
ukdloader($_GET["f"]);
exit;
Thanks in advance. |
|||||||