1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Falling Image Manipulate Attacks

Discussion in 'PHP' started by Yns, Apr 1, 2006.

0
  1. #1
    Nowadays , script kiddies's favorite attack way is image manipulating and stealing cookies from users.(Internet Explorer's weakness.)

    For example , open an image with a a hex editor.Remove image's real source but don't remove first chars (GIF892A) and add your malicius JavaScript code.

    Code is interpreting in IE.So you can say "goodbye" to your cookies.

    Normally , I don't use IE(only is IE vulnerable) but for my site's members can use Ie.So , i wrote a php security class.

    grafik_guvenligi.php
    
<?

// -----------------------------------------------------------------------------------
// * Falling Image Manipulating Attacks
// * @ Yns - yns.zaxaz.com && www.yunusemreyilmaz.com
// * comments : forum.ceviz.net
// -----------------------------------------------------------------------------------

class grafik_kontrol {
	var $grafik;
	var $site_imza = "ceviz.net"; // sign
	var $fonksiyon;
	var $imza_en  = 44; // width
	var $imza_boy = 7;  // height
	var $imza_durumu = 1; // 1 = enable , 2 =disable
	var $kalite = 75; // recommended 75 , must be [0-100] 
	
	// Find file type , choose right function
      	function kontrol($dosya,$tur) {
            	if($tur == 'image/pjpeg' || $tur =='image/jpeg') {
         		$this->grafik    = @imagecreatefromjpeg($dosya);
			$this->fonksiyon = "jpg";
      		} elseif($tur == 'image/gif') {
         		$this->grafik = @imagecreatefromgif($dosya);
			$this->fonksiyon = "gif";
      		} elseif($tur == 'image/png' || $tur =='image/x-png') {
         		$this->grafik = @imagecreatefrompng($dosya);
			$this->fonksiyon = "png";
      		} else {
         		die("Only .JPG , .PNG , .GIF..");
      		} 
    	}    
		
		// RE - create file and if it is enabled add site's sign.		
		function yukle($dosya,$dizin,$isim) {
		$en  = @imagesx($this->grafik);
        	$boy = @imagesy($this->grafik);
		
		if($this->imza_durumu == 1) {
			// Controlling...
			if($en > $this->imza_en && $en > $this->imza_boy) {
				// Create sign graphic			
				$imza = imagecreatetruecolor($this->imza_en,$this->imza_boy);
				$yazi_rengi  = imagecolorallocate($imza, 255, 255, 255);
				imagestring($imza, 1, 0, 0, $this->site_imza, $yazi_rengi);
			
			}	
		
			// Copy image and sign
			if(isset($imza)) {
				imagecopy($this->grafik, $imza, imagesx($this->grafik)-imagesx($imza)-1, imagesy($this->grafik)-imagesy($imza)-1, 0, 0, imagesx($this->grafik), imagesy($imza));
			}
		}
		// Additional Controls
		if(substr(sprintf('%o', fileperms($dizin)), -4) != '777') die("$dizin dizinin chmod ayarlarini 777 yapiniz.");
		if(file_exists("$dizin/$isim")) die(" Bu dosya zaten mevcut");
		
		// Save file..
		if($this->fonksiyon == 'jpg') { 
			@imagejpeg($this->grafik,"$dizin"."/"."$isim",$this->kalite) or die("Gecerli bir .JPG dosyasi degil.");
		} elseif($this->fonksiyon == 'gif') {
			@imagegif ($this->grafik,"$dizin"."/"."$isim") or die("Gecerli bir GIF dosyasi degil.");
		} elseif($this->fonksiyon == 'png') {
			@imagepng($this->grafik,"$dizin"."/"."$isim") or die("Gecerli bir PNG dosyasi degil.");
		}

		// flush memory..
		@imagedestroy($this->grafik);
		}
		
} 

?>
    PHP:
    example usage
    
<?
include'grafik_guvenligi.php';
if(!empty($_FILES)) {
$kontrol = new grafik_kontrol();
$kontrol->kontrol($_FILES["file"]["tmp_name"],$_FILES["file"]["type"]);
$kontrol->yukle($_FILES["file"]["tmp_name"],"test",$_FILES["file"]["name"]);
echo("File uploaded...");
}
?> 

<form method="post" enctype="multipart/form-data">
  File: <input name="file" type="file">
  <input type="submit" value="Send">
</form>
    PHP:
    I hope , it would be useful.
     

    Attached Files:

    Yns, Apr 1, 2006 IP