xxcorrosionxx
09-16-2011, 03:18 PM
I am having some trouble with my session. I am trying to stop people from gaining access to cpanel.php from the web browser. I did it before and now it's giving me problems. I got it to where when you try and view cpanel.php it directs the user to denied.php and if they enter in there details wrong it will bring them to a failed.php page. But my problem is, i think my code is wrong, if i could get some help verifying what error is the problem and a solution i will be grateful! I am updating the milw0rm script, i found a source online and the files are well messed up, and i had to use a google translator to translate the turkish language. So i added some thing's to it but yeah. I have a problem with my session. Thanks in advanced!
login-exec.php:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$code = ($_POST['code']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($code == '') {
$errmsg_arr[] = 'Incorrect captcha Code';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$members = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $members['member_id'];
session_write_close();
header("location: cpanel.php");
exit();
}else {
//Login failed
header("location: failed.php");
exit();
}
}else {
die("Query failed");
}
?>
Auth.php:
<?php
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: denied.php");
exit();
}
?>
cpanel.php:
<SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
var win=null;
function NewWindow(mypage,myname,w,h,pos,infocus){
if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=no,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
win.focus();}
// -->
</script>
<html>
<head>
<title>Milworm - Cpanel</title>
<meta name="description" content="milw0rm exploits and 0day exploits database">
<meta name="keywords" content="exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, shellcode, Zero-day, zeroday, security articles, ezines, zines, security papers">
<link type="text/css" rel="stylesheet" href="../b0x.css">
<link rel="alternate" type="text/xml" title="milw0rm - RSS Feed" href="http://milw0rm.com/rss.php">
<link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon">
<style type="text/css">
<!--
.style17 {font-weight: bold}
.style18 {
color: #00C000;
font-weight: bold;
}
.style19 {
color: #008000;
font-weight: bold;
}
.style21 {
color: #000000;
font-weight: bold;
}
-->
</style>
</head>
<body dir="ltr" alink="#00ff00" background="dot.gif" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">
<center>
<table width="668" border="0" cellpadding="3" cellspacing="3" class="main">
<tbody><tr><td><img src="banner.jpg" alt="milw0rm"></td></tr>
<tr>
<td> <?php
require_once('auth.php');
?>
<div align="left">
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="350"> </td>
<td width="289"> </td>
</tr>
<tr>
<td><div align="center" class="submit"><strong>CONTROL CENTER </strong></div></td>
<td><div align="center" class="submit"><strong>ADMIN REFERENCE </strong></div></td>
</tr>
<tr>
<td height="469" valign="top"><div align="left">
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="admin.php"><img src="admin_img/home.gif" alt="asdasdasd" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="javascript:NewWindow('haber','title','686','555','custom','front');"><img src="admin_img/duyuru.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="javascript:NewWindow('webapps','title','686','555','custom','front');"><img src="admin_img/scriptler.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[</strong> <span class="style17"><a href="./cpanel.php">Home</a> ]</span></p></td>
<td><p align="center"><strong>[ <a href="javascript:NewWindow('haber','title','686','555','custom','front');">Videos</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('webapps','title','686','555','custom','front');">exploit</a> ]</strong></div></td>
</tr>
</table>
<table width="350">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td width="100" height="33"><div align="center"><a href="javascript:NewWindow('local','title','686','555','custom','front');"><img src="admin_img/cserial.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><a href="video"><img src="admin_img/download.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="shellcode"><img src="admin_img/reklam.gif" border="0" /></a><a href="exploit_a.php"></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[<a href="javascript:NewWindow('local','title','686','555','custom','front');">local</a>]</strong></p></td>
<td><p align="center"><strong>[ <a href="video">video</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('shellcode','title','686','555','custom','front');">shellcode</a> ]</strong></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="javascript:NewWindow('dokuman','title','686','555','custom','front');"><img src="admin_img/dokuman.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><strong><a href="index_admin.php"></a></strong><a href="gelen"><img src="admin_img/mail.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="ban"><img src="admin_img/yasak.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('dokuman','title','686','555','custom','front');">dokuman</a></strong> <strong>]</strong></div></td>
<td><div align="center"><strong>[ <a href="gelen">gelenler</a> ]</strong></div></td>
<td><div align="center"><strong>[ <a href="ban">ipban</a> ]</strong></div></td>
</tr>
</table>
</div>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="lamerler"><img src="admin_img/cikis.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><strong><a href="indexadmin" target="_blank"><img src="admin_img/setting.gif" width="31" height="31" border="0"></a></strong></div></td>
<td width="113"><div align="center"><a href="yonetim.php" target="_blank"><img src="admin_img/uyeler.gif" width="31" height="31" border="0"></a></div></td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="lamerler">lamerler</a> ]</span></div></td>
<td><div align="center"><strong>[ <a href="indexadmin" target="_blank">indexadmin</a> ]</strong></div></td>
<td><div align="center"><span class="style19">[ <a href="yonetim.php" target="_blank">yöneticiler</a> ]</span></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="yoneticiekle.php"><img src="admin_img/yorumlar.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="cikis.php"><img src="admin_img/engelli.gif" width="31" height="31" border="0"></a></div></td>
<td width="113"> </td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="yoneticiekle.php">yonetici ekle </a>]</span></div></td>
<td><div align="center"><span class="style18">[ <a href="cikis.php">çıkış </a>]</span></div></td>
<td> </td>
</tr>
</table>
</td>
<td valign="top"><p> </p>
<p align="center" class="submit"><span lang="en">Admin</span></p>
<p align="center"><span lang="en">home page of the panel.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en"><span title="[news] add a new edit news">News</span></span></p>
<p align="center"><span lang="en"><span title="[news] add a new edit news">add a new edit news</span></span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Exploits </span></p>
<p align="center"><span lang="en">add a new exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Local </span></p>
<p align="center"><span lang="en">Add a new local exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">video </span></p>
<p align="center"><span lang="en">add a new video edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Shell codes </span></p>
<p align="center"><span lang="en">Add a new shell, edit the code</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Documentation </span></p>
<p align="center"><span lang="en">Add new, edit a document</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">New Comers </span></p>
<p align="center"><span lang="en"> submitterlardan leaders confirm, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Ip Ban </span></p>
<p align="center"><span lang="en">mahlukatları banlayın harmful to the system you do not want.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Lamer </span></p>
<p align="center"><span lang="en"> trying to connect to the site admin tried k.adı Lamer, passwords and more. (funny:))</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Index Admin</span></p>
<p align="center"><span lang="en">See the site admin's perspective;)</span></p>
<p align="center" class="submit">Managers </p>
<p align="center"><span id="result_box" lang="en">who is the manager on the site information to friends.</span></p></td>
</tr>
<tr></tr>
<tr></tr>
</table>
</div>
</table>
</center>
</body>
</html>
</body>
</html>
login-exec.php:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$code = ($_POST['code']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($code == '') {
$errmsg_arr[] = 'Incorrect captcha Code';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$members = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $members['member_id'];
session_write_close();
header("location: cpanel.php");
exit();
}else {
//Login failed
header("location: failed.php");
exit();
}
}else {
die("Query failed");
}
?>
Auth.php:
<?php
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: denied.php");
exit();
}
?>
cpanel.php:
<SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
var win=null;
function NewWindow(mypage,myname,w,h,pos,infocus){
if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=no,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
win.focus();}
// -->
</script>
<html>
<head>
<title>Milworm - Cpanel</title>
<meta name="description" content="milw0rm exploits and 0day exploits database">
<meta name="keywords" content="exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, shellcode, Zero-day, zeroday, security articles, ezines, zines, security papers">
<link type="text/css" rel="stylesheet" href="../b0x.css">
<link rel="alternate" type="text/xml" title="milw0rm - RSS Feed" href="http://milw0rm.com/rss.php">
<link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon">
<style type="text/css">
<!--
.style17 {font-weight: bold}
.style18 {
color: #00C000;
font-weight: bold;
}
.style19 {
color: #008000;
font-weight: bold;
}
.style21 {
color: #000000;
font-weight: bold;
}
-->
</style>
</head>
<body dir="ltr" alink="#00ff00" background="dot.gif" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">
<center>
<table width="668" border="0" cellpadding="3" cellspacing="3" class="main">
<tbody><tr><td><img src="banner.jpg" alt="milw0rm"></td></tr>
<tr>
<td> <?php
require_once('auth.php');
?>
<div align="left">
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="350"> </td>
<td width="289"> </td>
</tr>
<tr>
<td><div align="center" class="submit"><strong>CONTROL CENTER </strong></div></td>
<td><div align="center" class="submit"><strong>ADMIN REFERENCE </strong></div></td>
</tr>
<tr>
<td height="469" valign="top"><div align="left">
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="admin.php"><img src="admin_img/home.gif" alt="asdasdasd" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="javascript:NewWindow('haber','title','686','555','custom','front');"><img src="admin_img/duyuru.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="javascript:NewWindow('webapps','title','686','555','custom','front');"><img src="admin_img/scriptler.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[</strong> <span class="style17"><a href="./cpanel.php">Home</a> ]</span></p></td>
<td><p align="center"><strong>[ <a href="javascript:NewWindow('haber','title','686','555','custom','front');">Videos</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('webapps','title','686','555','custom','front');">exploit</a> ]</strong></div></td>
</tr>
</table>
<table width="350">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td width="100" height="33"><div align="center"><a href="javascript:NewWindow('local','title','686','555','custom','front');"><img src="admin_img/cserial.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><a href="video"><img src="admin_img/download.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="shellcode"><img src="admin_img/reklam.gif" border="0" /></a><a href="exploit_a.php"></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[<a href="javascript:NewWindow('local','title','686','555','custom','front');">local</a>]</strong></p></td>
<td><p align="center"><strong>[ <a href="video">video</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('shellcode','title','686','555','custom','front');">shellcode</a> ]</strong></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="javascript:NewWindow('dokuman','title','686','555','custom','front');"><img src="admin_img/dokuman.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><strong><a href="index_admin.php"></a></strong><a href="gelen"><img src="admin_img/mail.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="ban"><img src="admin_img/yasak.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('dokuman','title','686','555','custom','front');">dokuman</a></strong> <strong>]</strong></div></td>
<td><div align="center"><strong>[ <a href="gelen">gelenler</a> ]</strong></div></td>
<td><div align="center"><strong>[ <a href="ban">ipban</a> ]</strong></div></td>
</tr>
</table>
</div>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="lamerler"><img src="admin_img/cikis.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><strong><a href="indexadmin" target="_blank"><img src="admin_img/setting.gif" width="31" height="31" border="0"></a></strong></div></td>
<td width="113"><div align="center"><a href="yonetim.php" target="_blank"><img src="admin_img/uyeler.gif" width="31" height="31" border="0"></a></div></td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="lamerler">lamerler</a> ]</span></div></td>
<td><div align="center"><strong>[ <a href="indexadmin" target="_blank">indexadmin</a> ]</strong></div></td>
<td><div align="center"><span class="style19">[ <a href="yonetim.php" target="_blank">yöneticiler</a> ]</span></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center"> </p></td>
<td> </td>
<td> </td>
<tr>
<td width="99" height="33"><div align="center"><a href="yoneticiekle.php"><img src="admin_img/yorumlar.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="cikis.php"><img src="admin_img/engelli.gif" width="31" height="31" border="0"></a></div></td>
<td width="113"> </td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="yoneticiekle.php">yonetici ekle </a>]</span></div></td>
<td><div align="center"><span class="style18">[ <a href="cikis.php">çıkış </a>]</span></div></td>
<td> </td>
</tr>
</table>
</td>
<td valign="top"><p> </p>
<p align="center" class="submit"><span lang="en">Admin</span></p>
<p align="center"><span lang="en">home page of the panel.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en"><span title="[news] add a new edit news">News</span></span></p>
<p align="center"><span lang="en"><span title="[news] add a new edit news">add a new edit news</span></span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Exploits </span></p>
<p align="center"><span lang="en">add a new exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Local </span></p>
<p align="center"><span lang="en">Add a new local exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">video </span></p>
<p align="center"><span lang="en">add a new video edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Shell codes </span></p>
<p align="center"><span lang="en">Add a new shell, edit the code</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Documentation </span></p>
<p align="center"><span lang="en">Add new, edit a document</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">New Comers </span></p>
<p align="center"><span lang="en"> submitterlardan leaders confirm, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Ip Ban </span></p>
<p align="center"><span lang="en">mahlukatları banlayın harmful to the system you do not want.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Lamer </span></p>
<p align="center"><span lang="en"> trying to connect to the site admin tried k.adı Lamer, passwords and more. (funny:))</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Index Admin</span></p>
<p align="center"><span lang="en">See the site admin's perspective;)</span></p>
<p align="center" class="submit">Managers </p>
<p align="center"><span id="result_box" lang="en">who is the manager on the site information to friends.</span></p></td>
</tr>
<tr></tr>
<tr></tr>
</table>
</div>
</table>
</center>
</body>
</html>
</body>
</html>