Jump to content

sooty2006

Members
  • Content Count

    144
  • Joined

  • Last visited

Community Reputation

0 Neutral

About sooty2006

  • Rank
    Member
  • Birthday 07/23/1989

Previous Fields

  • Languages
    php, learning asp, HTML, some Javascript, CSS, Flash, AJAX, VBSsome C++ console

Contact Methods

  • MSN
    sooty_sexy@hotmail.co.uk
  • ICQ
    0

Profile Information

  • Location
    Chester, England
  1. sooty2006

    injecting script?

    the only file on the 4 domains are index.php with 0KB no text or nothing so it can only be browser relatedi removed all files to make sure that there was nothing wrong with my code or pages added deep in my directories that would inject there. i have read up on google. there is not much infomation on how to solve the problem
  2. sooty2006

    injecting script?

    ok how would i use htmlspecialchars() on the basis that anything could be sent in the browser url?at the moment the only way a hacker could inject anything is via the browser bar.Cheers.
  3. sooty2006

    injecting script?

    boen_robot thanks for your quick reply.currently the four domains have been backed up and all files images etc. removed and all have only a index.php page with nothing on or in but still has been injected again. there is know where a user can add any xss scripts, not textboxes or forms.could this injection and file permissions changed from the browser url bar?many thanks.
  4. sooty2006

    injecting script?

    Good afternoon all, For the past few days i have been battling my skills to overcome someone injecting javascript into my index pages and the file permissions changed to 777.i dont know how to put this as i dont want to put any injected code or anything in this forum post.My sites are been hosted on a VPS server with unlimited hosting domians.I have over 20 domians on this host and 4 of those sites on the index page are having javascript links to a php page injected at the top of the page.these are the only 4 sites being injected never any others no metter what i pput on the directory.Firstly i thought this may have something to do with my coding so i shut one site down and removed everything from the domain folder httpdocs and put one file called index.php with nothing on. so nothing could be submited etc... but the site still ends up having a javscript link injected and file permissions set to 777.i now need to know what my next step is. is this a browser fault or is somehacking my server each time i remove the injected source from the 4 domians i change the server logins ftp logins and database logins so this also takes some time to complete.what should i do now?If you require more infomation please ask, i need to fix asap.Many Thanks.
  5. thanks,still does not work, in my php.ini it shows this for the opend_basedir line;open_basedir =whats the default is it off?if i was to change it to open_basedir = Off this would not create any issues ?Again many thanks.
  6. i have sorted now missing a / symbol but it now wont open because open_basedir is off i host a few sites from my server so dont want to switch it at all. is there a function you can use to set the open_basedir on at the start of opening this page? before i include the mail.php class? [b]Warning[/b]: include() [[url="http://www.milnas-mafia.co.uk/function.include"]function.include[/url]]: open_basedir restriction in effect. File(/Mail/Mail.php) is not within the allowed path(s): (/var/www/vhosts/mysite/httpdocs:/tmp) in [b]/var/www/vhosts/mysite/httpdocs/test.php[/b] on line [b]2[/b][b]Warning[/b]: include(/Mail/Mail.php) [[url="http://www.milnas-mafia.co.uk/function.include"]function.include[/url]]: failed to open stream: Operation not permitted in [b]/var/www/vhosts/mysite/httpdocs/test.php[/b] on line [b]2[/b][b]Warning[/b]: include() [[url="http://www.milnas-mafia.co.uk/function.include"]function.include[/url]]: Failed opening '/Mail/Mail.php' for inclusion (include_path='.:/usr/share/php5:/usr/share/psa-pear') in [b]/var/www/vhosts/mysite/httpdocs/test.php[/b] on line [b]2[/b][b]Fatal error[/b]: Class 'Mail' not found in [b]/var/www/vhosts/mysite/httpdocs/testing_platform/test_mail.php[/b] on line [b]15[/b] Thanks
  7. i took a look at the manual before i posted this topic i have followed what it has to say and also i looked up on google i carnt seem to find any examples etc... with more than one directory in the include_path but this is right but for someone uknown reason this does not work
  8. sooty2006

    modifiying php.ini

    Good evening all,I am trying to modifiy my php.ini config file and am hitting problems.Here is the location of php5 : /usr/share/php5here is the location of PEAR : /usr/share/psa-horde/peari am trying to include them on my unix operating platform like this include_path = ".:/usr/share/php5:/usr/share/psa-horde/pear" but when i try to use the PEAR functions it says (No such file or directory)how should i express the include_path to the server in php.ini ??Many Thanks.
  9. what would be best using i.e more secure?$_POST$_GET$_REQUEST?
  10. thanks ill give it a try !
  11. I have a game website with alot of user textareas and textbox's.Quite recently i have had to ban a person from the site because he was getting data from the server via a textboxsupposably.What i want to do is make sure nothing other than plain text can get through.Here is a typical input form: if(isset($_POST['save'])){if(!$_POST['text']){$message .= "You must enter some text."; }else{mysql_query("UPDATE `users` SET `text` = '$_POST[text]' WHERE `usersid` = '$USER'");$message .= "Text saved!"; }} is there a php function i can use to check the text for stuff that should not be there?Thanks Again.
  12. sooty2006

    user search

    problem solved thanks for your help anyway mate!
  13. sooty2006

    user search

    if anyone needs more infomation let me know if it will help solve this thanks.
  14. sooty2006

    user search

    i have placed on my online website a search for playersthis only works for usernames onlymy form consists of textbox usernameselect genderselect statusselect levelselect groupif a user selects all 4 select boxes it does't display anythingmy mysql statementmysql_query("SELECT * FROM `users` WHERE `username` LIKE '%$_POST[username]%' AND `gender` = '$_POST[gender]' AND `status` = '$_POST[status]' AND `level` = '$_POST[status]' AND `group` = '$_POST[group]'");if a user does't select a select box it will not search for it in the query!what i need is how to do this so it works selecting all the boxes i dont think the mysql statement can handle this much!any ideas? cheers.
×
×
  • Create New...