Thread: Darkseeder PreModded Source
View Single Post
  #11  
Old 13th October 2008, 15:57
johnake's Avatar
johnake johnake is offline
Senior Member
  
Join Date: Dec 2007
Posts: 52
Default
I would like to see a modded source with some security thinking in mind. The following were verified in a very short time:
changeusername.php:

Replace:
PHP Code:
if (get_user_class() < 6
with
PHP Code:
if (get_user_class() < UC_SYSOP
Request mod... kinda dangerous xss&sql injection

adminstuff.php

PHP Code:
if ($CURUSER['class'] < 7
with
PHP Code:
if ($CURUSER['class'] < UC_SYSOP
delacct.php you should either delete it or you have two choices:

1. Put a conditional statement that verifies that the current user's id is equivalent with the one that's gonna be deleted
2. Instead of letting the user deleting his own account you should make a form that asks the staff to do this, with a reason of course.

details.php

find:
PHP Code:
stdhead("Details for torrent \"" $row["name"] . "\""); 
replace with:

PHP Code:
stdhead("Details for torrent \"" htmlspecialchars($row["name"]) . "\""); 
log.php (should not be visible for everyone and):

find:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>$arr[txt]</td></tr>\n"); 
replace with:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>".htmlspecialchars($arr['txt'])."</td></tr>\n"); 
repair.php (everyone could repair the database and sensitive information about the database poped out). So...


PHP Code:
<?php
require_once("include/secrets.php");
require_once("include/bittorrent.php");
dbconn();
loggedinorreturn();

if (get_user_class() < UC_MODERATOR)
  stderr("Error","Permission denied.");


$db mysql_connect($mysql_host$mysql_user$mysql_pass);
$sql "SHOW DATABASES";
$dbs_result mysql_query($sql$db);
if(mysql_num_rows($dbs_result))
{
while($dbs_row=mysql_fetch_assoc($dbs_result))
{
$database $dbs_row["Database"];
echo "\n\nOptimizing database $database : \n";
mysql_select_db($database$db);
$sql "SHOW TABLE STATUS";
$tbls_result mysql_query($sql$db);
if(mysql_num_rows($tbls_result))
{
while($tbls_row=mysql_fetch_assoc($tbls_result))
{
$TableName "`".$tbls_row["Name"]."`";
$sql "REPAIR TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
$sql "OPTIMIZE TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
}
}
}
}
echo "\n\n";
mysql_close($db);
?>
So, secure your files...
__________________
PHP Code:
class mySelf extends World
   {
       public $health;
       private $friends;
       protected $love;
  
   public function __construct()
  {
       $this->health 100;
       $this->friends 2;
       $this->love true;
  }
  protected function __love()
  { 
      //has a bug... for the moment...
      //will fix it later.. until then:
      sleep(15*365*24*3600);
  }

Reply With Quote