If my website is online, worldwide,
do it is easy to leech??
pls answer.
I need some help pls..
do my .php files can be leech?
if this question or my question is useless,
then it is much easy for you to answer..
pls answer...
I really need your answer.
do .php files can't be leech?
PHP files are server sided and cannot be stolen at the client side unless your website is vulnerable to certain exploits such as LFI/RFI.
design ccs html etc easy to leech,
php fails can't be leeched
Whats your website..?
I am using EasyPHP for my Apache and MySqlOriginally Posted by SuperWaffle
I have added a password for mysql or phpmyadmin...
what other things I need to do?
dont you understand "cannot be stolen"
To reply to your private message cheaterastic:
LFI = Local File Inclusion
RFI = Remote File Inclusion
Basically it's a include which uses the $_GET method to include a certain file, if you don't add certain checks to the $_GET then you are vulnerable to it.
Last edited by Dave; 15-06-11 at 05:12 AM.
$_GET
is danger.
lol...
Thanks a lot..
I know now..
PHP pages can't be stolen, but there are something posible can hacker or cheater do.
if I have a php code/script = $_GET, $_POST and $_COOKIE
- - - - - - - - - - - - - - - - - - - - -
Oh my PHP,
I read fully, and I do understanding of it,
I saw, injecting some .txt to .php
Last edited by cheaterastic; 15-06-11 at 05:24 AM.
Yes the $_GET method is used for LFI, RFI, SQLi, XSS, etc.
If you add certain checks to it then it can be very safe.
Example to check if $_GET is a number only to prevent SQLi.
PHP Code:if(ctype_digit($_GET['id']))
{
echo 'Ha, you are a number!';
// Continue script.
}
else
{
echo 'You are not a number!';
}
Hey... really thanks..
thanks a lot..
but on BlueGunzWeb Website side,
http://forum.ragezone.com/f245/gunz-website-740683/
that website has $_GET and $_POST
do it easy to inject?
I am using it, and I will edit something, I am going to add some pages.
I am just making clear/sure..
I believe it has got anti SQL injection functions and certain checks over the $_GET.
So yea it's safe.
oh thanks..
yeah.
I saw it, and studying it..
I tried to download my php pages,
and the logs starts.
adding log
PHP Code:<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("secure/sql_Injections.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++){
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]]){
if($_SESSION['user']){
fwrite ($fp, "Username: ".$_SESSION['user']."\r\n");
}
$msg = "SQL Injection detected. Your IP has been saved!"; alert($msg);
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
redirect("index.php");
}
}
fclose ($fp);
/*end clear $_GET */
?>
Code:Username: registeruser IP: 192.168.254.110 Method: GET Value: c;profile Script: Time: Sunday 29th 2011f May 2011 11:43:59 PM ==================================
Last edited by cheaterastic; 15-06-11 at 06:07 AM.
i would not suggest you to use that site, that site is weak against attacks(from my personal exp)
use the BlueWeb by SuperWaffle its safe ,good,cool
Last edited by Twist165; 15-06-11 at 06:17 AM.
Reply With Quote