 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
upload a PHP file |
 |
 Posted: Mon Oct 19, 2009 12:11 am |
 |
|
| crazynou |
| Advanced user |
 |
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
 |
|
 |
|
i found this script in VICTIM target and i whant to upload a PHP file with it but i have a Error!!!
| Code: | <?php
session_start();
require('config.php');
require_once('include/functions.php');
require_once('include/user_functions.php');
require_once('include/islogged.php');
// define meta tags & common variables
$meta_title = sprintf($lang['upload_avatar'], $userdata['name']);
$meta_description = '';
// end
function resize_then_crop( $filein,$fileout,
$imagethumbsize_w,$imagethumbsize_h,$red,$green,$blue)
{
// Get new dimensions
list($width, $height) = getimagesize($filein);
$new_width = $width * $percent;
$new_height = $height * $percent;
if(preg_match("/.jpg/i", "$filein"))
{
$format = 'image/jpeg';
}
if (preg_match("/.gif/i", "$filein"))
{
$format = 'image/gif';
}
if(preg_match("/.png/i", "$filein"))
{
$format = 'image/png';
}
switch($format)
{
case 'image/jpeg':
$image = imagecreatefromjpeg($filein);
break;
case 'image/gif';
$image = imagecreatefromgif($filein);
break;
case 'image/png':
$image = imagecreatefrompng($filein);
break;
}
$width = $imagethumbsize_w ;
$height = $imagethumbsize_h ;
list($width_orig, $height_orig) = getimagesize($filein);
if ($width_orig < $height_orig) {
$height = ($imagethumbsize_w / $width_orig) * $height_orig;
} else {
$width = ($imagethumbsize_h / $height_orig) * $width_orig;
}
if ($width < $imagethumbsize_w)
//if the width is smaller than supplied thumbnail size
{
$width = $imagethumbsize_w;
$height = ($imagethumbsize_w/ $width_orig) * $height_orig;;
}
if ($height < $imagethumbsize_h)
//if the height is smaller than supplied thumbnail size
{
$height = $imagethumbsize_h;
$width = ($imagethumbsize_h / $height_orig) * $width_orig;
}
$thumb = imagecreatetruecolor($width , $height);
$bgcolor = imagecolorallocate($thumb, $red, $green, $blue);
ImageFilledRectangle($thumb, 0, 0, $width, $height, $bgcolor);
imagealphablending($thumb, true);
imagecopyresampled($thumb, $image, 0, 0, 0, 0,
$width, $height, $width_orig, $height_orig);
$thumb2 = imagecreatetruecolor($imagethumbsize_w , $imagethumbsize_h);
// true color for best quality
$bgcolor = imagecolorallocate($thumb2, $red, $green, $blue);
ImageFilledRectangle($thumb2, 0, 0,
$imagethumbsize_w , $imagethumbsize_h , $white);
imagealphablending($thumb2, true);
$w1 =($width/2) - ($imagethumbsize_w/2);
$h1 = ($height/2) - ($imagethumbsize_h/2);
imagecopyresampled($thumb2, $thumb, 0,0, $w1, $h1,
$imagethumbsize_w , $imagethumbsize_h ,$imagethumbsize_w, $imagethumbsize_h);
if ($fileout !="")imagegif($thumb2, $fileout); //write to file
}
if(!empty($logged_in) && ($logged_in == '1')) {
$query = mysql_query("SELECT * FROM pm_users where username = '".$userdata['username']."'");
$rows = mysql_num_rows($query);
$r = mysql_fetch_array($query);
$avatar = _URL."/"._UPFOLDER."/avatars/".$r['avatar'];
$tdir = _UPFOLDER."/avatars/"; // Path To Thumbnails Directory
$imagethumbsize_w = 80; // thumbnail size (area cropped in middle of image)
$imagethumbsize_h = 80; // thumbnail size (area cropped in middle of image)
if (!isset($_POST['submit'])) { // Image Upload Form Below
$top_videos = top_videos('', _TOPVIDS);
$smarty->assign('top_videos', $top_videos);
$smarty->assign('avatar', $avatar);
$smarty->assign('username', $username);
// --- DEFAULT SYSTEM FILES - DO NOT REMOVE --- //
$smarty->assign('meta_title', $meta_title);
$smarty->assign('meta_description', $meta_description);
$smarty->assign('template_dir', $template_f);
$smarty->display('upload_avatar.tpl');
} else if (isset($_POST['submit'])) { // Uploading/Resizing Script
$url = $_FILES['imagefile']['name']; // Set $url To Equal The Filename For Later Use
if ($_FILES['imagefile']['type'] == "image/png" || $_FILES['imagefile']['type'] == "image/gif" || $_FILES['imagefile']['type'] == "image/jpg" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg") {
$file_ext = strrchr($_FILES['imagefile']['name'], '.'); // Get The File Extention In The Format Of , For Instance, .jpg, .gif or .php
$rand_string = rand(343, 1000);
$new_name = $rand_string."-".$_FILES['imagefile']['name'];
$copy = copy($_FILES['imagefile']['tmp_name'], "$tdir" . $new_name); // Move Image From Temporary Location To Permanent Location
if ($copy) { // If The Script Was Able To Copy The Image To It's Permanent Location
resize_then_crop( "$tdir" . $new_name, $tdir."avatar".$rand_string."-".$userdata['id']."".$file_ext,$imagethumbsize_w,$imagethumbsize_h,"255","255","255");
$ttemp = "$tdir" . $new_name;
@unlink($ttemp); // delete temp image
if($r['avatar'] != 'no_avatar.gif') { // delete old avatar BUT not the default avatar
$old_avatar = "$tdir".$r['avatar'];
@unlink($old_avatar);
}
$err = $lang['ua_msg3']; // Resize successful
$output_img = "avatar".$rand_string."-".$userdata['id']."".$file_ext;
mysql_query("UPDATE pm_users SET avatar = '".$output_img."' WHERE username = '".$userdata['username']."'");
} else {
$err = $lang['ua_msg4']; // Error Message If Upload Failed
}
} else {
$err = $lang['ua_msg5']; // Error Message If Filetype Is Wrong
}
$top_videos = top_videos('', _TOPVIDS);
$smarty->assign('top_videos', $top_videos);
$smarty->assign('err_msg', $err);
$smarty->assign('avatar', $avatar);
$smarty->assign('username', $username);
// --- DEFAULT SYSTEM FILES - DO NOT REMOVE --- //
$smarty->assign('meta_title', $meta_title);
$smarty->assign('meta_description', $meta_description);
$smarty->assign('template_dir', $template_f);
$smarty->display('upload_avatar.tpl');
}
exit;
}
?>
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Oct 19, 2009 7:01 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| With this script you may upload only images. |
|
|
|
|
| Posted: Fri Mar 19, 2010 11:25 pm |
|
|
| EluneZ |
| Regular user |
|
|
| Joined: Mar 16, 2010 |
| Posts: 14 |
| Location: Bulgaria |
|
|
|
|
|
|
| pexli wrote: | | With this script you may upload only images. |
Yes.
Stop reading there:
$url = $_FILES['imagefile']['name']; // Set $url To Equal The Filename For Later Use
if ($_FILES['imagefile']['type'] == "image/png" || $_FILES['imagefile']['type'] == "image/gif" || $_FILES['imagefile']['type'] == "image/jpg" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg") { |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 107
Members: 0
Total: 107
