Thursday, April 2, 2015

Code grablink up.nsb.vn

Code grablink up.nsb.vn


Code grablink up.nsb.vn

Posted: 01 Apr 2015 11:10 AM PDT




ạo file nsb.php nội dung như sau:

Mã PHP:

<?php
// Coded by Leorius
// Date: 11/18/2012
function getLinkNSB($url,$user="",$pass="")
{
    if(
$user!="" && $pass!="")
    {
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL,"http://up.nsb.vn");
        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
        
curl_setopt($chCURLOPT_COOKIEJAR,"cookie.txt");
        
curl_setopt($chCURLOPT_COOKIEFILE,"cookie.txt");
        
curl_setopt($chCURLOPT_POST1);
        
curl_setopt($chCURLOPT_POSTFIELDS"op=login&login=$user&password=$pass");
        
curl_exec($ch);
    }
    
$source=str_replace(array("\r","\n"),"",file_get_contents($url));
    
preg_match_all("#<input type=\"hidden\" name=\"(.*?)\" value=\"(.*?)\"#i",$source,$data,PREG_SET_ORDER);
    
$post "";
    foreach(
$data as $db)
    {
        
$post.=$db[1]."=".urlencode($db[2])."&";
    }
    unset(
$data,$db);
    
    
$ch curl_init();
    
curl_setopt($chCURLOPT_URL,$url);
    
curl_setopt($chCURLOPT_RETURNTRANSFER1);
    
curl_setopt($chCURLOPT_COOKIEJAR,"cookie.txt"); 
    
curl_setopt($chCURLOPT_COOKIEFILE,"cookie.txt");
    
curl_setopt($chCURLOPT_POST1);
    
curl_setopt($chCURLOPT_POSTFIELDS$post);
    
$source curl_exec($ch);
    
curl_close($ch);
    
preg_match("#file: '(.*?)',#",$source,$url);
    if(isset(
$url[1]))
    {
    return 
$url[1];
    }
    else
    {
    return 
false;
    }
}

if(isset(
$_GET["url"]))
{
    
$url=trim($_GET["url"]);
    
$url base64_decode(base64_decode(base64_decode($url)));
    
header("Location: ".getLinkNSB($url));
   
//header("Location: ".getLinkNSB($url,"username","password"));
}
?>

Nếu có acc premium thì thay đoạn:

Mã PHP:

header("Location: ".getLinkNSB($url)); 

thành:

Mã PHP:

header("Location: ".getLinkNSB($url,"username","password")); 

Sau đó truy cập vào: nsb.php?url=WVVoU01HTkViM1pNTTFaM1RHMDFlbGxwTlRKaW FUZ3haVWh3Y0U1dWFIWmpiVTUzV1c1cmRXRklVblJpUVQwOQ==

Code:

nsb.php?url=[link được base64_encode 3 lần]
Nguồn http://sinhvienit.net/forum/code-gra...vn.228962.html








----------
Nguồn www.yeuquangngai.net

Phòng chống SQL injection qua đường GET & POST

Posted: 01 Apr 2015 11:05 AM PDT




Mã PHP:

<?
/*Khởi tạo InitVars, bao gồm check từ bị cấm, cảnh báo */
class InitVars {
        var 
$deny_words = array('UNION','CHAR','INSERT','DELETE','SELECT','UPDATE','GROUP','ORDER','BENCHMARK','union','char','insert','delete','select','update','group','order','benchmark','UNIOu','UNIoN','UNiON','UnION','uNION','uNIOn','uNIoN','uNiON','unION','uniOn','UNIon','uNiOn','UNion','UnIoN','UnIon','unIoN','DELETe','DELEte','DELete','DElete','Delete','dELETE','deLETE','deleTE','delETE','DeLeTe','dElEtE','dElETE','DELeTe','DElETE','DeLETE','DELEtE','DEletE','DeleTE','DelETE','DEleTE','DELetE','CHAr','CHaR','ChAR','cHAR','chAR','CHar','CahR','chAr','cHAr','chAR','ChAr','INSERt','INSErT','INSeRT','INsERT','InSERT','iNSERT','INSErt','INSerT','INseRT','InsERT','inSERT','INSert','INserT','InseRT','insERT','INsert','InserT','inseRT','Insert','insertT','SELECt','SELEcT','SELeCT','SElECT','SeLECT','sELECT','SELEct','SELecT','SEleCT','SelECT','seLECT','SELect','SElecT','SeleCT','selECT','SElect','SelecT','seleCT','Select','selectT'
,'GROUP','GROUp','GROuP','GRoUP','GrOUP','gROUP','GROup','GRouP','GroUP','grOUP','GRoup','GrouP','groUP','Group','grouP','ORDEr','ORDeR','ORdER','OrDER','oRDER','ORDer','ORdeR','OrdER','orDER','ORder','OrdeR','ordER','Order','ordeR','UPDATe','UPDAtE','UPDaTE','UPdATE','UpDATE','uPDATE','UPDAte','UPDatE','UPdaTE','UpdATE','upDATE','UPDate','UPdatE','UpdaTE','updATE','UPdate','UpdatE','updaTE','Update','updatE','BENCHMARK','BENCHMARk','BENCHMArK','BENCHMaRK','BENCHmARK','BENChMARK','BENcHMARK','BEnCHMARK','BeNCHMARK','bENCHMARK','BENCHMArk','BENCHMarK','BENCHmaRK','BENChmARK','BENchMARK','BEncHMARK','BenCHMARK','beNCHMARK','BENCHMark','BENCHmarK','BENChmaRK','BENchmARK','BEnchMARK','BencHMARK','benCHMARK','BENCHmark','BENChmarK','BENchmaRK','BEnchmARK','BenchMARK','bencHMARK','BENChmark','BENchmarK'
,'BENchmarK','BEnchmaRK','BenchmARK','benchMARK','BENchmark','BEnchmarK','BenchmaRK','benchmARK','BEnchmark','BenchmarK','benchmaRK','Benchmark','benchmarK','BeNcHmArK','bEnChMaRk','BEnCHMaRK','BENChMaRK','truncate','TRUNCATE','TRUNCATe','TRUNCAtE','TRUNCaTE','TRUNcATE','TRUnCATE','TRuNCATE','TrUNCATE','tRUNCATE','TRUNCAte','TRUNCatE','TRUNcaTE','TRUncATE','TRunCATE','TruNCATE','trUNCATE','TRUNCate','TRUNcatE','TRUncaTE','TRuncATE','TrunCATE','truNCATE','TRUNcate','TRUncatE','TRuncaTE','TruncATE','trunCATE','TRUncate','TRuncatE','TruncaTE','truncATE','TRuncate','TruncateE','truncaTE','Truncate','truncatE'
,'groUp','grOup','gRoup','grOUp','gROup','gROUp','ordEr','orDer','oRder','orDEr','oRDer','oRDEr','updaTe','updAte','upDate','uPdate','updATe','upDAte','uPDate','upDATe','uPDAte','uPDATe','uniOn','unIon','uNion','unIOn','uNIon','uNIOn','chAr','cHar','cHAr','inseRt','insErt','inSert','iNsert','insERt','inSErt','iNSert','inSERt','iNSErt','iNSERt','seleCt','selEct','seLect','sElect','selECt','seLEct','sELect','seLECt','sELEct','sELECt','truncaTe','truncAte','trunCate','truNcate','trUncate','tRuncate','truncATe','trunCAte','truNCate','trUNcate','tRUncate','trunCATe','truNCAte','trUNCate','tRUNcate','truNCATe','trUNCAte','tRUNCate','trUNCATe','tRUNCAte','tRUNCATe'
,'GrOuP','gRoUp','GRoUp','GrOUp','OrDeR','oRdEr','gRouP','grOuP','OrDeR','orDeR','oRdeR','UpDaTe','uPdAtE','UPdAtE','uPDatE','upDAtE','UnIoN','uNiOn','uNIoN','UniOn','InSeRt','iNsErT','iNSeRt','InsErT','InSerT','iNsERt','sElEcT','SeLeCt','sELeCt','SelEcT','sElECt','SeLecT','deleTe','delEte','deLete','dElete','delETe','deLEte','dELete','deLETe','dELEte','dELETe','TrUnCaTe','tRuNcAtE','TRunCAte','trUNcaTE','tRUncATe','TruNCatE','trUNcaTE','TRunCAte','TRUnCATe','TRuNCAtE','tRUNcATE','TrUNCaTE','tRuncAte','TRuNcATE','BeNcHmArK','bEnChMaRk','BEncHMarK','beNCmArk','bENcHmARk','BenChMarK','BEncHmaRK','beNChMArk'
,'TRUNCATe','TRUNCAtE','TRUNCaTE','TRUNcATE','TRUnCATE','TRuNCATE','TrUNCATE','tRUNCATE','TRUNCAte','TRUNCatE','TRUNcaTE','TRUncATE','TRunCATE','TruNCATE','trUNCATE','TRUNCate','TRUNcatE','TRUncaTE','TRuncATE','TrunCATE','trunCATE','TRUncate','TRuncatE','TruncaTE','truncATE','TRuncate','TruncaE','truncaTE','Truncate','truncatE');

/*Các bạn có thể bổ xung thêm, bây giờ dùng bộ lọc, lọc các từ trên url nhầm tránh ký tự đặc biệt như ',",%,.,*/
//lần 1 là GET, lần 2 là POST nhé
function convert() {
        foreach(
$_GET as $_ind => $_val) {
                global $
$_ind;
                if(
is_array($$_ind)) $$_ind htmlspecialchars(stripslashes($_val));
         }
        foreach(
$_POST as $_ind => $_val) {
                global $
$_ind;
                if(
is_array($$_ind)) $$_ind htmlspecialchars(stripslashes($_val));
          }
}

/*kiểm tra các từ khi nhập vào url, nếu hợp lệ thì không sao, nếu không hợp lệ sẽ đưa ra cảnh báo*/
function checkVars() {
        foreach(
$_GET as $_ind => $_val) {
                        
$_GET[$_ind] = htmlspecialchars(stripslashes($_val));
                        
$exp explode(" ",$_GET[$_ind]);
                        foreach(
$exp as $ind => $val) {
                                if(
in_array($val,$this->deny_words)) $this->antihack("<br/>Đây là thông điệp cảnh báo khi attacker tấn công theo đường GET<br/>");
                        }
        }

        foreach(
$_POST as $_ind => $_val) {
                        
$_POST[$_ind] = htmlspecialchars(stripslashes($_val));
                        
$exp explode(" ",$_POST[$_ind]);
                        foreach(
$exp as $ind => $val) {
if(
in_array($val,$this->deny_words)) $this->antihack("<br/>Đây là thông điệp cảnh báo khi attacker tấn công theo đường POST</br>");
                        }
        }

}

/*Xuất ra thông điệp cảnh báo*/
function antihack($msg) {
    echo 
'<font color="red"><b>ANTI SQL HACKING: </b></font>'.$msg,'<br/><center>END</center>';
    die;
}
}
?>

để xử dụng được anti này, các bạn chèn đoạn func sau vào dưói file config của các bạn hoặc chèn vào file nào mà các bạn muốn anti :d

Mã PHP:

<?
//Anti SQL INJECTION
@include('anti.php');
$stop_injection = new InitVars();
$stop_injection->checkVars();
?>

Nguồn http://ceh.vn/@4rum/Phong-chong-SQL-...hread-6280.ceh








----------
Nguồn www.yeuquangngai.net

No comments:

Post a Comment