Team BlueWater Game Online Tutorial's
Bine ati venit la Team-BlueWater!!Tutorial's 4 all Games!

XSS Security de Hakeri

View previous topic View next topic Go down

XSS Security de Hakeri

Post  m4s4cru on Tue Aug 02, 2011 12:08 pm

Hi, I will show you at least basic XSS protection against hackers (this does not mean that you will not hack of modules, etc.)
Thus:
Because most of you will know how to put him in his Index will show you

Script itself is that
PHP Code:
$ QueryString = strtolower ($ _SERVER ['QUERY_STRING']);

if (strstr ($ queryString ,"<") OR strstr ($ queryString ,">") OR strstr ($ queryString ,"(") OR strstr ($ queryString ,")") OR
strstr ($ queryString ,"..") OR
strstr ($ queryString ,"%") OR
strstr ($ queryString ,"*") OR
strstr ($ queryString ,"+") OR
strstr ($ queryString ,"!") OR
strstr ($ queryString ,"@")) {
$ Loc = $ _SERVER ['PHP_SELF'];
$ Ip = $ _SERVER ['REMOTE_ADDR'];
$ Date = date ("d-m-Y @ h: i: s");
$ Lfh = "log.txt";
$ Log = fopen ($ lfh, "a +");
fputs ($ log, "Attack Date: $ date | Attacker IP: $ ip | QueryString: $ loc? = $ queryString \ n");
fclose ($ log);
echo "Your attack was saved!"
}
?>
Insert after the

Principle of ny muweb should look like Index-a
PHP Code:
session_start ();
header ("Cache-control: private");
ob_start ();
$ TimeStart = gettimeofday ();
$ TimeStart_uS = $ timeStart ["usec"];
$ TimeStart_S = $ timeStart ["sec"];
require ("config.php");
include ("includes / web_modules.php");
include ("includes / clean_var.php");
include ("includes / login.class.php");
include ("includes / scripts / index.inc");
include ("config.php");

/ / Security
include "includes / Security.php";
$ S = new Security;
$ S-> sanitize_input ();

login ();
logincheck ();
check_user ();
?>
And now add a script like:
PHP Code:
session_start ();
header ("Cache-control: private");
ob_start ();
$ TimeStart = gettimeofday ();
$ TimeStart_uS = $ timeStart ["usec"];
$ TimeStart_S = $ timeStart ["sec"];
require ("config.php");
include ("includes / web_modules.php");
include ("includes / clean_var.php");
include ("includes / login.class.php");
include ("includes / scripts / index.inc");
include ("config.php");


login ();
logincheck ();
check_user ();

$ QueryString = strtolower ($ _SERVER ['QUERY_STRING']);

if (strstr ($ queryString ,"<") OR strstr ($ queryString ,">") OR strstr ($ queryString ,"(") OR strstr ($ queryString ,")") OR
strstr ($ queryString ,"..") OR
strstr ($ queryString ,"%") OR
strstr ($ queryString ,"*") OR
strstr ($ queryString ,"+") OR
strstr ($ queryString ,"!") OR
strstr ($ queryString ,"@")) {
$ Loc = $ _SERVER ['PHP_SELF'];
$ Ip = $ _SERVER ['REMOTE_ADDR'];
$ Date = date ("d-m-Y @ h: i: s");
$ Lfh = "log.txt";
$ Log = fopen ($ lfh, "a +");
fputs ($ log, "Attack Date: $ date | Attacker IP: $ ip | QueryString: $ loc? = $ queryString \ n");
fclose ($ log);
echo "Your attack was saved!"
}
?>

This protection has been tested only MUWEB!
After you save Index-a will make you fail log.txt in the folder with your Uppers and there you will write all attempted attacks on you!

Credits: Web-Tourist
avatar
m4s4cru
Admin
Admin

Mesaje : 172
Data de inscriere : 2011-07-29
Varsta : 26

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum