1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Falling Image Manipulate Attacks

Discussion in 'PHP' started by Yns, Apr 1, 2006.

  1. #1
    Nowadays , script kiddies's favorite attack way is image manipulating and stealing cookies from users.(Internet Explorer's weakness.)

    For example , open an image with a a hex editor.Remove image's real source but don't remove first chars (GIF892A) and add your malicius JavaScript code.

    Code is interpreting in IE.So you can say "goodbye" to your cookies.

    Normally , I don't use IE(only is IE vulnerable) but for my site's members can use Ie.So , i wrote a php security class.
    SEMrush
    grafik_guvenligi.php
    
    <?
    
    // -----------------------------------------------------------------------------------
    // * Falling Image Manipulating Attacks
    // * @ Yns - yns.zaxaz.com && www.yunusemreyilmaz.com
    // * comments : forum.ceviz.net
    // -----------------------------------------------------------------------------------
    
    class grafik_kontrol {
    	var $grafik;
    	var $site_imza = "ceviz.net"; // sign
    	var $fonksiyon;
    	var $imza_en  = 44; // width
    	var $imza_boy = 7;  // height
    	var $imza_durumu = 1; // 1 = enable , 2 =disable
    	var $kalite = 75; // recommended 75 , must be [0-100] 
    	
    	// Find file type , choose right function
          	function kontrol($dosya,$tur) {
                	if($tur == 'image/pjpeg' || $tur =='image/jpeg') {
             		$this->grafik    = @imagecreatefromjpeg($dosya);
    			$this->fonksiyon = "jpg";
          		} elseif($tur == 'image/gif') {
             		$this->grafik = @imagecreatefromgif($dosya);
    			$this->fonksiyon = "gif";
          		} elseif($tur == 'image/png' || $tur =='image/x-png') {
             		$this->grafik = @imagecreatefrompng($dosya);
    			$this->fonksiyon = "png";
          		} else {
             		die("Only .JPG , .PNG , .GIF..");
          		} 
        	}    
    		
    		// RE - create file and if it is enabled add site's sign.		
    		function yukle($dosya,$dizin,$isim) {
    		$en  = @imagesx($this->grafik);
            	$boy = @imagesy($this->grafik);
    		
    		if($this->imza_durumu == 1) {
    			// Controlling...
    			if($en > $this->imza_en && $en > $this->imza_boy) {
    				// Create sign graphic			
    				$imza = imagecreatetruecolor($this->imza_en,$this->imza_boy);
    				$yazi_rengi  = imagecolorallocate($imza, 255, 255, 255);
    				imagestring($imza, 1, 0, 0, $this->site_imza, $yazi_rengi);
    			
    			}	
    		
    			// Copy image and sign
    			if(isset($imza)) {
    				imagecopy($this->grafik, $imza, imagesx($this->grafik)-imagesx($imza)-1, imagesy($this->grafik)-imagesy($imza)-1, 0, 0, imagesx($this->grafik), imagesy($imza));
    			}
    		}
    		// Additional Controls
    		if(substr(sprintf('%o', fileperms($dizin)), -4) != '777') die("$dizin dizinin chmod ayarlarini 777 yapiniz.");
    		if(file_exists("$dizin/$isim")) die(" Bu dosya zaten mevcut");
    		
    		// Save file..
    		if($this->fonksiyon == 'jpg') { 
    			@imagejpeg($this->grafik,"$dizin"."/"."$isim",$this->kalite) or die("Gecerli bir .JPG dosyasi degil.");
    		} elseif($this->fonksiyon == 'gif') {
    			@imagegif ($this->grafik,"$dizin"."/"."$isim") or die("Gecerli bir GIF dosyasi degil.");
    		} elseif($this->fonksiyon == 'png') {
    			@imagepng($this->grafik,"$dizin"."/"."$isim") or die("Gecerli bir PNG dosyasi degil.");
    		}
    
    		// flush memory..
    		@imagedestroy($this->grafik);
    		}
    		
    } 
    
    ?>
    
    PHP:
    example usage
    
    <?
    include'grafik_guvenligi.php';
    if(!empty($_FILES)) {
    $kontrol = new grafik_kontrol();
    $kontrol->kontrol($_FILES["file"]["tmp_name"],$_FILES["file"]["type"]);
    $kontrol->yukle($_FILES["file"]["tmp_name"],"test",$_FILES["file"]["name"]);
    echo("File uploaded...");
    }
    ?> 
    
    <form method="post" enctype="multipart/form-data">
      File: <input name="file" type="file">
      <input type="submit" value="Send">
    </form>
    
    PHP:
    I hope , it would be useful.
     

    Attached Files:

    Yns, Apr 1, 2006 IP
    SEMrush