Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Oct 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help Required Immediately - URGENT

    I'm having problems with people upload shell hacking scripts on my replay uploader, they are hacking my website each and every time.

    Here is my script
    http://pastebin.com/JfhBFugN

    Or here's the code:
    Code:
    <?php
    
    /******************************************************************************
    
    Last revision:
    
    - Author: Seven
    
    - Email: zabkar@gmail.com  (Subject DotaParser)
    
    - Date: 7.7.2009 
    
    ******************************************************************************/
    
    ?>
    
    <!DOCTYPE html>
    
    <html>
    
    <head>
    
    <script type="text/javascript">
    
    
    
      var _gaq = _gaq || [];
    
      _gaq.push(['_setAccount', 'UA-31574622-1']);
    
      _gaq.push(['_trackPageview']);
    
    
    
      (function() {
    
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
    
      })();
    
    
    
    </script>
    
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>Ranked Gaming Parser</title>
    
    <meta name='keywords' content="Defense of the Ancients, DotA, Replays, Parser, DotA Replays, DotA Parser, DotA Games, Icefrog, , Replay, Parse Dota, Top Dota Replays, DotA Replay Download, Dota Replay Upload, DotA replay uploads, DotA replay downloads, DotA replay parsing, DotA replay ranking" />
    
    <meta name='description' content="'Ranked Gaming Parser' Is a DotA replay parsing service provided for Defense of the Ancients (DotA) players located throughout the world. Powered by rankedgaming.com; a DotA Ladder, Stat Tracking, and Gaming community." />
    
    <center><img src="http://www.rankedgamingparser.com/RGP.png" alt="Logo"/>
    
    </center>
    
    <link href="style_x.css" rel="stylesheet" type="text/css" media="screen" />
    
    
    
    </head>
    
    
    <center>
    
       <tr>
    
              <td style="height:40px">
    
    		      <a class="menuButtons" href="index.php">Upload Replay</a>
    
    				&nbsp;
    
                  <a class="menuButtons" href="replaydb.php">Replay Database</a>  
    
                                    &nbsp;
    
                  <a class="menuButtons" href="http://www.mymgn.com/board/forumdisplay.php?f=709">RGC Forums</a> 
    
    &nbsp;
    
                  <a class="menuButtons" href="http://shop.rankedgaming.com/shop/">RGC Shop</a> 
    
    &nbsp;
    
                  <a class="menuButtons" href="http://stats.rankedgaming.com/stats/channel.php?c=19">RGC Stats</a> 
    
    	      </td>
    
    	  </tr>
    
      </table></center>
    
    <br>
    
    <body>
    
    <div id="fb-root"></div>
    
    <script>(function(d, s, id) {
    
      var js, fjs = d.getElementsByTagName(s)[0];
    
      if (d.getElementById(id)) return;
    
      js = d.createElement(s); js.id = id;
    
      js.src = "//connect.facebook.net/en_US/all.js#xfbml=1";
    
      fjs.parentNode.insertBefore(js, fjs);
    
    }(document, 'script', 'facebook-jssdk'));</script>
    
    
    
    
    
    <div class="wrapper">
    
    <div class="replay">
    
    <h2> DotA Replay Parser - Upload Replay</h2> 
    
    <?php
    
    $print_info = false;
    
    define("MAX_UPLOAD_SIZE", 3000000);
    
    
    
    // Upload a file
    
    if(isset($_POST['uploadReplay'])) {
    
        if(!isset($_FILES['replay_file']) || !isset($_POST['replay_title']) || !isset($_POST['replay_winner']) || !isset($_POST['replay_text'])) {
    
            echo 'Error: Make sure you\'ve filled out all the fields.';
    
        }
    
        else {
    
           $title = htmlspecialchars(trim($_POST['replay_title']));
    
           $winner = htmlspecialchars(trim($_POST['replay_winner']));
    
           $text = htmlspecialchars(trim($_POST['replay_text'])); 
    
    
    
           // Check that we have a file
    
           $replayUploaded = false;
    
           $replayFile = "";
    
           
    
           if(( !empty($title) && !empty($winner) &&
    
                !empty($_FILES["replay_file"])) && ($_FILES['replay_file']['error'] == 0)) {
    
              //Check if the file is JPEG image and it's size is less than 350Kb
    
              $filename = basename($_FILES['replay_file']['name']);
    
              $ext = substr($filename, strrpos($filename, '.') + 1);
    
              $uniqueID = time();
    
              
    
              
    
              if (($ext == "w3g") && $_FILES["replay_file"]["size"] < MAX_UPLOAD_SIZE) {
    
                 //Determine the path to which we want to save this file
    
                  $newname = dirname(__FILE__).'/replays/'.$uniqueID.'.'.$ext;
    
                  //Check if the file with the same name is already exists on the server
    
                  if (!file_exists($newname)) {
    
                    //Attempt to move the uploaded file to it's new place
    
                    if ((move_uploaded_file($_FILES['replay_file']['tmp_name'], $newname))) {
    
                       $replayFile = $uniqueID.'.'.$ext;
    
                       $replayUploaded = true;
    
                    } 
    
                    else {
    
                       print_message("Error: A problem occurred during file upload!");
    
                    }
    
                  } 
    
                  else {
    
                     print_message("Error: File ".$_FILES["replay_file"]["name"]." already exists");
    
                  }
    
              } 
    
              else {
    
                 print_message("Error: Only .w3g replays under 3 MB are accepted for upload");
    
              }
    
            } 
    
            else {
    
                print_message("Error: Make sure you've filled out all the fields");
    
            }
    
    
    
            // If the replay was uploadead successfully, process it
    
            if( $replayUploaded ) {
    
                @require("reshine.php");
    
    require('replay_saver.php');  
    
                
    
                $replay = new replay('replays/'.$replayFile);
    
                
    
                $replay->extra['title'] = $title;
    
                
    
                /* Determine the winner 
    
                 * If the uploader chose "Automatic" then check if the parser was able to determine a winner,
    
                 * otherwise the winner is set to "Unknown"
    
                 * Alternatively the uploader can set the winner manually
    
                 */
    
                if("Automatic" != $winner) {
    
                    $replay->extra['winner'] = ( $winner == "Sentinel" ? "Sentinel" : "Scourge" );
    
                }
    
                else if(isset($replay->extra['parsed_winner'])) {
    
                    $replay->extra['winner'] = $replay->extra['parsed_winner'];
    
                } 
    
                else {
    
                    $replay->extra['winner'] = "Unknown";
    
                }
    
                
    
                $replay->extra['text'] = $text;
    
                $replay->extra['original_filename'] = $filename;
    
                
    
     
    
                $txt_file = fopen('replays/'.$replayFile.'.txt', 'a');
    
    
    
                flock($txt_file, 2);
    
                fputs($txt_file, serialize($replay));
    
                flock($txt_file, 3);
    
                fclose($txt_file);
    
                
    
                if ( $replay->extra['parsed'] == false ) {
    
                    // Replay not parsed
    
                }
    
                else {
    
                    // Replay saved, display the link.
    
    //Create replay saver object
    
    $replaysaver=new replaysaver($title,$text,$replayFile);
    
    //Call save methode
    
    $replaysaver->saveData();  
    
                    print_message('Replay uploaded successfully. <a href="view_replay.php?file='.$replayFile.'" alt="View replay" > View details </a>');
    
                    $print_info = true;    
    
                }
    
                
    
                
    
            }
    
            
    
            
    
        }
    
    }
    
    
    
    function print_message($msg) {
    
        echo '<div style="padding-left: 10px; padding-bottom: 10px;" >';
    
        echo $msg;
    
        echo '</div>';
    
    }    
    
    ?>
    
    
    
        <div class="content" style="width: 99%;">
    
    
    
            <form enctype="multipart/form-data" action="index.php" method="post">
    
            <fieldset>
    
              <label for="replay_title" >Title*: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label><input name="replay_title" id="replay_title" type="input" />
    
              <br />
    
              <label for="replay_winner" >Winner: &nbsp;&nbsp;&nbsp;&nbsp;</label>
    
                <select name="replay_winner" id="replay_winner"  />
    
                    <option value="Automatic">Automatic </option>
    
                    <option value="Sentinel">Sentinel </option>
    
                    <option value="Scourge">Scourge </option>
    
                </select>
    
              <br />
    
              <label for="replay_text" style="vertical-align: top;" >Description: </label>
    
              <textarea name="replay_text" id="replay_text" cols="65"></textarea>
    
              <br />
    
              <input type="hidden" name="MAX_FILE_SIZE" id="'.MAX_UPLOAD_SIZE.'" value="3000000" />
    
              <label for="replay_file" >File*: </label><input name="replay_file" id="replay_file" type="file" />
    
              <input type="submit" value="Upload" name="uploadReplay" />
    
            </fieldset>
    
          </form>    
    
    
    
    <br>
    
    <br>
    
    <center>
    
    <font size="3" color="red">DotA 6.75 is now fully supported !</font>
    
    <br><br>
    
    <font size="3">
    
    There are currently
    
    <font color="#E34000"> 
    
    <?
    
    $directory = "/home/rgc123/public_html/replays/";
    
    if (glob($directory . "*.w3g") != false)
    
    {
    
     $filecount = count(glob($directory . "*.w3g"));
    
     echo $filecount;
    
    }
    
    else
    
    {
    
     echo 0;
    
    }
    
    ?>
    
    </font>
    
     DotA replays in our database and counting!
    
    <br>
    
    <br>
    
    <div class="fb-like" data-href="http://www.facebook.com/ExtremelyAwesomeLeague" data-send="false" data-width="450" data-show-faces="true" data-font="verdana"></div>
    
    <br>
    
    <br>
    
    
    
    
    
    </center>
    
    
    
    
    
     
    
        </div>
    
      
    
    </div>
    
    
    
    </div>
    
    
    
    
    
    <div class="wrapper"><div class="replay"><h2>
    
    <center>&copy; 2012 Made by <a href="">*****GotRaped</h2></div></div>
    
    <br />
    
    </html>
    
    
    
    </body>
    
    </html>
    Currently my website is down until I resolve this issue.

    My webhost said : "Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.w3g. "

    I don't know how, please fix my script only to allow the upload of ".w3g" with no way for someone to bypassing it.

    Thank you alot !

  • #2
    Senior Coder
    Join Date
    Sep 2010
    Posts
    1,992
    Thanks
    15
    Thanked 233 Times in 233 Posts
    You need to use an application which can read the actual file header while it's still a tmp_name file and only allow ones with the proper header to be
    moved. You can also check the extension as well.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •