Post: New Non-Vulnerable Screensnapr Script
Options
12-14-2011, 01:47 AM
#1
0B4M4
Priv8Root 0wner!
Replace this code:
Originally posted by another user
<?php
$img = $_GET["img"];
?>
<?php
if($img=="") { echo ""; } else { echo "<img src='" . $img . "' />"; } ?>
$img = $_GET["img"];
?>
<?php
if($img=="") { echo ""; } else { echo "<img src='" . $img . "' />"; } ?>
With this code:
Originally posted by another user
<?php
// DELINK a variable
function remove_http($url = ''
{
if ($url == 'https://' OR $url == 'https://' OR $url ==
'www'
{
return $url;
}
$matches = substr($url, 0, 7);
if ($matches=='https://')
{
$url = substr($url, 7);
}
else
{
$matches = substr($url, 0,
;
if ($matches=='https://')
$url = substr($url,;
}
return $url;
}
$img = remove_http(strip_tags($_GET["img"]));
if($img=="") { echo ""; } else { echo "<img src='" . $img . "' />"; }
?>
// DELINK a variable
function remove_http($url = ''
{
if ($url == 'https://' OR $url == 'https://' OR $url ==
'www'
{
return $url;
}
$matches = substr($url, 0, 7);
if ($matches=='https://')
{
$url = substr($url, 7);
}
else
{
$matches = substr($url, 0,
;if ($matches=='https://')
$url = substr($url,
;}
return $url;
}
$img = remove_http(strip_tags($_GET["img"]));
if($img=="") { echo ""; } else { echo "<img src='" . $img . "' />"; }
?>
The following user thanked 0B4M4 for this useful post:
The following user thanked Cade for this useful post:
12-14-2011, 03:20 AM
#4
HolyHitmanz
Save Point
just to try it
12-16-2011, 01:44 AM
#7
Pichu
PICHU.
PICHU.
Originally posted by 0B4M4
Hey guys. As you have noticed, the old screensnapr script was vulnerable. A hacker can add a direct URL to the end of ?img= to upload a shell. I will show you how to fix that vulnerability.
Replace this code:
With this code:
Replace this code:
With this code:
could have been uploading a shell to people just by doing that.. well thank you for telling me.
12-16-2011, 03:23 AM
#8
LordOfSpoon™
Banned
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
