Hi all, This whole thread made me laugh a lot. I'm a beginnier in PHP, and I usually program in C++ and as a hobby only. First I would like to say thanks to nico_swd for kindly deleting stexecute.php avoiding the same hacking on other forums (I must inform you that you were the First forum to hack my website, well done! Even though I must admit it wasn't so hard, kinda of a big mistake of my part in the function blocker script...). However I must inform nico_swd that my credit card does not expire on 05/08 and I don't have any MySQL db at worldispnetwork.com, neither a MySQL db connect to this hosting. Also, this hosting is only for tests, so no important or personal files can be found on it I have now cleaned up the hosting from all the "Hacked by", etc, files and I rewrote the security script, even though I still think you can hack it, but I tried myself and couldn't do it (But as I said, I'm a beginner in PHP and so I don't really know how to hack it myself). Another thing is "What is the use of this website?" Well, first it was just a test to see if I could do a small project in PHP. Then it turned out that I found it fun to be able to quickly program something in PHP on any computer connected to internet (ex. in a cybercafé or at a friends or even at school). Because PHP is powerful enough to make small utilities with it. So that was the main idea. Now, for this website to be a bit more useful, I want to add a saving and loading option and an as-you-write syntax highlighting as well as autocomplete capabilities. (And as you must already have seen, the others folders on that host contains scripts done by other peoples which are "online PHP editors". So I wanted to use some bits of it to complete my website). Any suggestions are welcome though! And I really liked your reactions about the use of this website. Again thanks to all of you for this "debugging" as I could call it, and I welcome any other trials of hacking and any suggestions (or critics). Qwertzguy EDIT: One more thing: The reason I did this function+first bracket detection was so that users could use a function name insaide a string or as a variable name.
Wellll.... I went here: http://sql.free.fr and used the login details which I found in your config script and I could access. There was one row in the users table I think which had a credit card number, and there was a field for the expiry date and this was it. I didn't try to access the other host, but I found the URL and username and password for it. As for your new version. It's still insecure as you're expecting. See this post: http://forums.digitalpoint.com/showpost.php?p=2963065&postcount=8 My suggestion: Take it off. It's just dangerous to let people eval() their scripts on your host. And it's not a REAL helpful tool, if you ask me. Specially since every code needs to be rewritten because most functions are disabled.
i had access to the email on free.fr (You did recently a security check ) i think as i mentioned the credit card was just a test on his Cart/Cart.php
EDIT: ^^ Yeah, maybe it was just a test. But I still found it funny. =p Nice try, but still not secure. <?php $f = 'fo' . 'pen'; $g = 'fge' . 'ts'; $e = 'fe' . 'of'; $fp = $f ('http://www.google.com', 'rb'); while (!$e ($fp)) { echo $g ($fp); } ?> PHP: EDIT 2: qwertzguy, you may want to have a look at this topic: http://forums.digitalpoint.com/showthread.php?t=304518&highlight=eval
Hi, Ok, that was a test. I have now deleted all the files from the host and changed the passwords. That's wrong! lol. It would be "Ta page n'est pas sécurisée". It's actually on the first page on Google and Live.com when you search for "ScriptTester" or for "stester" or for "vankonga". Also it alos has been submitted to more than 50 search engines and posted on more than 20 forums... now it's useless... but I was getting around 10 visits a day (without getting hacked ^^). Actually this security test was for another test page of this host and was done almost a year ago now. It seems like this guy wanted to do kind of the same thing? Otherwise, if I want to use my script for my own usage, how do you recommand me to password protect the pages and script? Thanks again.
I tried to use it on a file that I have been working on for a while and it did nothing. this is the address to the forum where I posted the code that I really need help with. Take out the spaces on the address. http:// forums. digitalpoint.com/ showthread. php?t=321468