Jump to content

Zaseth

Members
 View Profile  See their activity

  • Content count

    26

  • Joined

  • Last visited

Posts posted by Zaseth

  1. Posted · Report reply

    8 hours ago, Lynx said:

    > PHP 3.7.

     

    God can you stop posting everything you find on Google.

     

    NOTE: RIPS 0.5 development is abandoned since 2013 due to its fundamental limitations. A complete rebuilt solution is available from RIPS Technologies that overcomes these limitations and performs state-of-the-art security analysis.

     

    Compared Feature RIPS 0.5 Next Generation
    Supported PHP Language  PHP 3-4, no OOP

       PHP 3-7

     

    Look, If you don't like this thread then just don't comment on it. There's a paid version that is upto date.

  2. Posted · Report reply

    Something I created when I was bored. Don't even take it serious though. 

    <?php
// By Zaseth. FTP not tested.
$ftp_server = "ftp.example.com";
$conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server"); 

if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
    echo 'Seems to be Windows.';
    echo exec('dir');
} else {
    echo 'Seems to be a distribution of Linux.';
    $output = shell_exec('ls -lart');
    echo "<pre>$output</pre>";
    echo exec('whoami');
}
echo "------------------------";
$filename = 'Kitsune.sql';

if (file_exists($filename)) {
    echo "Seems to be Kitsune.";
} else {
    echo "This doesnt seem to be $filename";
}
 


$myfile = fopen("Login.xml", "r") or die("Unable to open file!");
echo "------------------------";
echo fread($myfile,filesize("Login.xml"));
fclose($myfile);

$myfile3 = fopen("Database.xml", "r") or die("Unable to open file!");
echo "------------------------";
echo fread($myfile3,filesize("Database.xml"));
fclose($myfile3);

$myfile2 = fopen("Kitsune\Logging\Logs\Warn.txt", "r") or die("Unable to open file!");
echo "------------------------";
echo fread($myfile2,filesize("Kitsune\Logging\Logs\Warn.txt"));
fclose($myfile2);

?>

     

  6. Posted · Report reply

    So SWFObject & SWFAddress are both used in the CP play page.

    These ''Javascript'' frameworks are for prettifying (and importing) SWF files into a homepage.

    Now this is a format of SWFObject's usage: 

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
	<head>
		<title></title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
		<script type="text/javascript" src="swfobject.js"></script>
		<script type="text/javascript">
			swfobject.registerObject("myFlashContent", "9.0.0");
		</script>
	</head>
	<body>
		<div>
			<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="800" height="600" id="myFlashContent">
				<param name="movie" value="untitled.swf" />
				<!--[if !IE]>-->
				<object type="application/x-shockwave-flash" data="untitled.swf" width="800" height="600">
				<!--<![endif]-->
					<a href="http://www.adobe.com/go/getflashplayer">
						<img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" />
					</a>
				<!--[if !IE]>-->
				</object>
				<!--<![endif]-->
			</object>
		</div>
	</body>
</html>

    So now you are thinking probably: It's a large piece of code. Is there any way to actually generate this with a ton of options?

    Well yes, there is and you can find that here: https://raw.githubusercontent.com/swfobject/swfobject/master/swfobject_generator/html/index.html

    SWFAddress is there for using hyperlinks. Basically adding #xdd into your URL.

    These are both pretty small projects and frameworks, but CP always used them.

    You can find SWFAddress here: http://www.asual.com/swfaddress/ 

    • Like 1

  22. Posted · Report reply

    2 minutes ago, Kevin said:

    I edited your topic to put your code inside the code tags, make sure you do so whenever you post code.

    Nice topic Zaseth, I am sure this will help a lot of users who want to make their own registration/login form.

    I'm on a phone so Lmao. Dropping a lot of my stuff in content releases tomorrow.

  23. Posted · Report reply

    I've seen a lot of people also using insecure crossdomain.xml configs. This file is for domains that can connect etc. When it's insecure, an attacker can upload malicious SWF content.

     

    Insecure crossdomain.xml:

    <?xml version="1.0"?>
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cross-domain-policy>

    The following is a correct crossdomain.xml: 

    <?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.xdd.com" />
<allow-access-from domain="xdd.com" />
</cross-domain-policy>

  24. Posted · Report reply

    Really simple small 'tutorial'

    Now as an example, I've seen people use this: 

    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- form contents --> </form>

    Please NEVER use this. This is vulnerable to XSS because there's no htmlentities. The xss code gets reflected and executed.

    What you should do: 

    <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">

    What happens is that the htmlentities breaks the <script> part of a xss injection. The injection then will not work. 

    You can also use strip_tags.

    Example of mysql real escaping: 

    $xdd = $_POST["xdd"];

$xdd = mysqli_real_escape_string($xdd);

$xdd = htmlentities($xdd);

    You can also add some javascript stuff to your register. I created some javascript register here: https://pastebin.com/EWs5RgSS

    This includes:

    Disallow special characters

    Max length

    Password generator

    Email can only contain regex

    These also make xss impossible

    • Like 1
×