1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Free online PHP tester

Discussion in 'PHP' started by qwertzguy, Apr 28, 2007.

  1. commandos

    commandos Notable Member

    Messages:
    3,648
    Likes Received:
    329
    Best Answers:
    0
    Trophy Points:
    280
    #21
    i'm not sure if the cc we saw was real , seem he was just testing a cart script that he had :D
     
    commandos, Apr 29, 2007 IP
  2. manilodisan

    manilodisan Peon

    Messages:
    224
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #22
    Anyways...it's dumb...haha
     
    manilodisan, Apr 29, 2007 IP
  3. qwertzguy

    qwertzguy Guest

    Messages:
    9
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #23
    Hi all,
    This whole thread made me laugh a lot. I'm a beginnier in PHP, and I usually program in C++ and as a hobby only.
    First I would like to say thanks :) to nico_swd for kindly deleting stexecute.php avoiding the same hacking on other forums (I must inform you that you were the First forum to hack my website, well done! Even though I must admit it wasn't so hard, kinda of a big mistake of my part in the function blocker script...). However I must inform nico_swd that my credit card does not expire on 05/08 and I don't have any MySQL db at worldispnetwork.com, neither a MySQL db connect to this hosting.
    Also, this hosting is only for tests, so no important or personal files can be found on it :(
    I have now cleaned up the hosting from all the "Hacked by", etc, files and I rewrote the security script, even though I still think you can hack it, but I tried myself and couldn't do it (But as I said, I'm a beginner in PHP and so I don't really know how to hack it myself).
    Another thing is "What is the use of this website?"
    Well, first it was just a test to see if I could do a small project in PHP. Then it turned out that I found it fun to be able to quickly program something in PHP on any computer connected to internet (ex. in a cybercafé or at a friends or even at school). Because PHP is powerful enough to make small utilities with it. So that was the main idea.
    Now, for this website to be a bit more useful, I want to add a saving and loading option and an as-you-write syntax highlighting as well as autocomplete capabilities. (And as you must already have seen, the others folders on that host contains scripts done by other peoples which are "online PHP editors". So I wanted to use some bits of it to complete my website).
    Any suggestions are welcome though! And I really liked your reactions about the use of this website.
    Again thanks to all of you for this "debugging" as I could call it, and I welcome any other trials of hacking and any suggestions (or critics).


    Qwertzguy

    EDIT: One more thing:
    The reason I did this function+first bracket detection was so that users could use a function name insaide a string or as a variable name.
     
    qwertzguy, Apr 30, 2007 IP
  4. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #24
    Wellll.... I went here: http://sql.free.fr and used the login details which I found in your config script and I could access. There was one row in the users table I think which had a credit card number, and there was a field for the expiry date and this was it. I didn't try to access the other host, but I found the URL and username and password for it.

    As for your new version. It's still insecure as you're expecting. See this post:

    http://forums.digitalpoint.com/showpost.php?p=2963065&postcount=8


    My suggestion: Take it off. It's just dangerous to let people eval() their scripts on your host. And it's not a REAL helpful tool, if you ask me. Specially since every code needs to be rewritten because most functions are disabled.
     
    nico_swd, Apr 30, 2007 IP
  5. commandos

    commandos Notable Member

    Messages:
    3,648
    Likes Received:
    329
    Best Answers:
    0
    Trophy Points:
    280
    #25
    i had access to the email on free.fr :) (You did recently a security check ;))

    i think as i mentioned the credit card was just a test on his Cart/Cart.php
     
    commandos, Apr 30, 2007 IP
  6. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #26
    EDIT: ^^ Yeah, maybe it was just a test. But I still found it funny. =p


    Nice try, but still not secure.
    
    
    
    <?php
    
    $f = 'fo' . 'pen';
    $g = 'fge' . 'ts';
    $e = 'fe' . 'of';
    
    $fp = $f ('http://www.google.com', 'rb');
    
    while (!$e ($fp))
    {
        echo $g ($fp);
    }
    
    ?>
    
    PHP:
    EDIT 2:


    qwertzguy, you may want to have a look at this topic: http://forums.digitalpoint.com/showthread.php?t=304518&highlight=eval
     
    nico_swd, Apr 30, 2007 IP
  7. commandos

    commandos Notable Member

    Messages:
    3,648
    Likes Received:
    329
    Best Answers:
    0
    Trophy Points:
    280
    #27
    commandos, Apr 30, 2007 IP
  8. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #28
    I left my signature as well. :D
     
    nico_swd, Apr 30, 2007 IP
  9. commandos

    commandos Notable Member

    Messages:
    3,648
    Likes Received:
    329
    Best Answers:
    0
    Trophy Points:
    280
    #29
    sorry nico i edited after u did will add both again :p

    do u want to add your adsense :p
     
    commandos, Apr 30, 2007 IP
  10. fth83

    fth83 Peon

    Messages:
    68
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #30
    :D Thanks it is good share :)
     
    fth83, Apr 30, 2007 IP
  11. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #31
    Lmao. If he would have advertised more for this, then definitely. :D

    And good job with the defacing. :cool:
     
    nico_swd, Apr 30, 2007 IP
  12. qwertzguy

    qwertzguy Guest

    Messages:
    9
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #32
    Hi,
    Ok, that was a test. I have now deleted all the files from the host and changed the passwords.

    That's wrong! lol. It would be "Ta page n'est pas sécurisée".
    It's actually on the first page on Google and Live.com when you search for "ScriptTester" or for "stester" or for "vankonga". Also it alos has been submitted to more than 50 search engines and posted on more than 20 forums... now it's useless... but I was getting around 10 visits a day (without getting hacked ^^).
    Actually this security test was for another test page of this host and was done almost a year ago now.
    It seems like this guy wanted to do kind of the same thing?

    Otherwise, if I want to use my script for my own usage, how do you recommand me to password protect the pages and script?

    Thanks again.
     
    qwertzguy, Apr 30, 2007 IP
  13. webmaster@newberryautomot

    webmaster@newberryautomot Peon

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #33
    I tried to use it on a file that I have been working on for a while and it did nothing. this is the address to the forum where I posted the code that I really need help with. Take out the spaces on the address.

    http:// forums. digitalpoint.com/ showthread. php?t=321468