Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About sooty2006

  • Rank
  • Birthday 07/23/1989

Previous Fields

  • Languages
    php, learning asp, HTML, some Javascript, CSS, Flash, AJAX, VBSsome C++ console

Contact Methods

  • MSN
  • ICQ

Profile Information

  • Location
    Chester, England
  1. the only file on the 4 domains are index.php with 0KB no text or nothing so it can only be browser relatedi removed all files to make sure that there was nothing wrong with my code or pages added deep in my directories that would inject there. i have read up on google. there is not much infomation on how to solve the problem
  2. ok how would i use htmlspecialchars() on the basis that anything could be sent in the browser url?at the moment the only way a hacker could inject anything is via the browser bar.Cheers.
  3. boen_robot thanks for your quick reply.currently the four domains have been backed up and all files images etc. removed and all have only a index.php page with nothing on or in but still has been injected again. there is know where a user can add any xss scripts, not textboxes or forms.could this injection and file permissions changed from the browser url bar?many thanks.
  4. Good afternoon all, For the past few days i have been battling my skills to overcome someone injecting javascript into my index pages and the file permissions changed to 777.i dont know how to put this as i dont want to put any injected code or anything in this forum post.My sites are been hosted on a VPS server with unlimited hosting domians.I have over 20 domians on this host and 4 of those sites on the index page are having javascript links to a php page injected at the top of the page.these are the only 4 sites being injected never any others no metter what i pput on the directory.Firstly
  5. thanks,still does not work, in my php.ini it shows this for the opend_basedir line;open_basedir =whats the default is it off?if i was to change it to open_basedir = Off this would not create any issues ?Again many thanks.
  6. i have sorted now missing a / symbol but it now wont open because open_basedir is off i host a few sites from my server so dont want to switch it at all. is there a function you can use to set the open_basedir on at the start of opening this page? before i include the mail.php class? [b]Warning[/b]: include() [[url="http://www.milnas-mafia.co.uk/function.include"]function.include[/url]]: open_basedir restriction in effect. File(/Mail/Mail.php) is not within the allowed path(s): (/var/www/vhosts/mysite/httpdocs:/tmp) in [b]/var/www/vhosts/mysite/httpdocs/test.php[/b] on line [b]2[/b][b]Warning
  7. i took a look at the manual before i posted this topic i have followed what it has to say and also i looked up on google i carnt seem to find any examples etc... with more than one directory in the include_path but this is right but for someone uknown reason this does not work
  8. Good evening all,I am trying to modifiy my php.ini config file and am hitting problems.Here is the location of php5 : /usr/share/php5here is the location of PEAR : /usr/share/psa-horde/peari am trying to include them on my unix operating platform like this include_path = ".:/usr/share/php5:/usr/share/psa-horde/pear" but when i try to use the PEAR functions it says (No such file or directory)how should i express the include_path to the server in php.ini ??Many Thanks.
  9. what would be best using i.e more secure?$_POST$_GET$_REQUEST?
  10. thanks ill give it a try !
  11. I have a game website with alot of user textareas and textbox's.Quite recently i have had to ban a person from the site because he was getting data from the server via a textboxsupposably.What i want to do is make sure nothing other than plain text can get through.Here is a typical input form: if(isset($_POST['save'])){if(!$_POST['text']){$message .= "You must enter some text."; }else{mysql_query("UPDATE `users` SET `text` = '$_POST[text]' WHERE `usersid` = '$USER'");$message .= "Text saved!"; }} is there a php function i can use to check the text for stuff that should not be there?Thanks Ag
  12. sooty2006

    user search

    problem solved thanks for your help anyway mate!
  13. sooty2006

    user search

    if anyone needs more infomation let me know if it will help solve this thanks.
  14. sooty2006

    user search

    i have placed on my online website a search for playersthis only works for usernames onlymy form consists of textbox usernameselect genderselect statusselect levelselect groupif a user selects all 4 select boxes it does't display anythingmy mysql statementmysql_query("SELECT * FROM `users` WHERE `username` LIKE '%$_POST[username]%' AND `gender` = '$_POST[gender]' AND `status` = '$_POST[status]' AND `level` = '$_POST[status]' AND `group` = '$_POST[group]'");if a user does't select a select box it will not search for it in the query!what i need is how to do this so it works selecting all the box
  • Create New...