Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > Template Shares > Mods & Themes
Reply
  #1  
Old 22-08-11, 19:26
smoky28's Avatar
smoky28 smoky28 is offline
Senior Member
 
Join Date: Aug 2010
Hungary
Posts: 63
Default Security update tsse 5.6
attach a rar file that contains all the root php / include directory upload it
inject_security.php
add inculde/global.php
require_once INC_PATH . '/inject_security.php';
PHP Code:
<?php

function ido($timestamp 0)
{
  if (
$timestamp)
    return 
date("Y-m-d H:i:s"$timestamp);
  else
    return 
date("Y-m-d H:i:s");
}
foreach (
$_POST as $key=>$element) {
if(
$key!=="info")
$cracktrack_post.=$element;
}

$cracktrack urldecode($_SERVER['QUERY_STRING']);
//tiltó lista
$wormprotector = array('chr(''chr=''chr%20''%20chr''wget%20''%20wget''wget(',
'cmd=''%20cmd''cmd%20''rush=''%20rush''rush%20',
'union%20''%20union''union(''union=''echr(''%20echr''echr%20''echr=',
'esystem(''esystem%20''cp%20''%20cp''cp(''mdir%20''%20mdir''mdir(',
'mcd%20''mrd%20''rm%20''%20mcd''%20mrd''%20rm',
'mcd(''mrd(''rm(''mcd=''mrd=''mv%20''rmdir%20''mv(''rmdir(',
'chmod(''chmod%20''%20chmod''chmod(''chmod=''chown%20''chgrp%20''chown(''chgrp(',
'locate%20''grep%20''locate(''grep(''diff%20''kill%20''kill(''killall',
'passwd%20''%20passwd''passwd(''telnet%20''vi(''vi%20',
'insert%20into''select%20''nigga(''%20nigga''nigga%20''fopen''fwrite''%20like''like%20',
'$_request''$_get''$request''$get''.system''HTTP_PHP''&aim''%20getenv''getenv%20',
'new_password''&icq','/etc/password','/etc/shadow''/etc/groups''/etc/gshadow',
'HTTP_USER_AGENT''HTTP_HOST''/bin/ps''wget%20''uname\x20-a''/usr/bin/id',
'/bin/echo''/bin/kill''/bin/''/chgrp''/chown''/usr/bin''g\+\+''bin/python',
'bin/tclsh''bin/nasm''perl%20''traceroute%20''ping%20''/usr/X11R6/bin/xterm''lsof%20',
'/bin/mail''.conf''motd%20''HTTP/1.''.inc.php''config.php''cgi-''file\://''window.open'
'<script>''<SCRIPT>''javascript\://','img src''img%20src','.jsp','ftp.exe',
'xp_enumdsn''xp_availablemedia''xp_filelist''xp_cmdshell''nc.exe''.htpasswd',
'servlet''/etc/passwd''wwwacl''~root''~ftp''.js''.jsp''admin_''.history',
'bash_history''.bash_history''~nobody''server-info''server-status''reboot%20''halt%20',
'powerdown%20''/home/ftp''/home/www''secure_site, ok''chunked''org.apache''/servlet/con',
'<script''<SCRIPT''/robot.txt' ,'/perl' ,'mod_gzip_status''db_mysql.inc''.inc''select%20from',
'select from''drop%20''.system''getenv''http_''_php''php_''phpinfo()''<?php''sql=',
'concat''union''select''drop','UNION''SELECT','WHERE','TRUNCATE''DROP','plaintext','<applet>',
'<body>','<embed>','<frame','<frameset>','<html>','iframe>','<img>','<style>',
'<layer>','<link>','<ilayer>','<meta>','<object>''passhash''user=-1','document.cookie','cookie','tables',
'/**/','<!--','<meta','<META','class','query','(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=
h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)");a.liveFired=this;var J=h.live.slice(0);for(k=0;k<J.length;k++){h=J[k];h.origType.replace(X,"")===a.type?f.push(h.selector):J.splice(k--,1)}f=c(a.target).closest(f,a.currentTarget);o=0;for(x=f.length;o<x;o++){r=f[o];for(k=0;k<J.length;k++){h=J[k];if(r.selector===h.selector&&(!A||A.test(h.namespace))){l=r.elem;e=null;if(h.preType==="mouseenter"||
h.preType==="mouseleave"){a.type=h.preType;e=c(a.relatedTarget).closest(h.selector)[0]}if(!e||e!==l)C.push({elem:l,handleObj:h,level:r.level})}}}o=0;for(x=C.length;o<x;o++){f=C[o];if(d&&f.level>d)break;a.currentTarget=f.elem;a.data=f.handleObj.data;a.handleObj=f.handleObj;A=f.handleObj.origHandler.apply(f.elem,arguments);if(A===false||a.isPropagationStopped()){d=f.level;if(A===false)b=false;if(a.isImmediatePropagationStopped())break}}return b}}function Y(a,b){return(a&&a!=="*"?a+".":"")+b.replace(La,
"`").replace(Ma,"&")}function ma(a,b,d){if(c.isFunction(b))return c.grep(a,function(f,h){return!!b.call(f,h,f)===d});else if(b.nodeType)return c.grep(a,function(f){return f===b===d});else if(typeof b==="string"){var e=c.grep(a,function(f){return f.nodeType===1});if(Na.test(b))return c.filter(b,e,!d);else b=c.filter(b,e)}return c.grep(a,function(f){return c.inArray(f,b)>=0===d})}function na(a,b){var d=0;b.each(function(){if(this.nodeName===(a[d]&&a[d].nodeName)){var e=c.data(a[d++]),f=c.data(this,
e);if(e=e&&e.events){delete f.handle;f.events={};for(var h in e)for(var l in e[h])c.event.add(this,h,e[h][l],e[h][l].data)}}})}function Oa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function oa(a,b,d){var e=b==="width"?a.offsetWidth:a.offsetHeight;if(d==="border")return e;c.each(b==="width"?Pa:Qa,function(){d||(e-=parseFloat(c.css(a,"padding"+this))||0);if(d==="margin")e+=parseFloat(c.css(a,
"margin"+this))||0;else e-=parseFloat(c.css(a,"border"+this+"Width"))||0});return e}function da(a,b,d,e){if(c.isArray(b)&&b.length)c.each(b,function(f,h){d||Ra.test(a)?e(a,h):da(a+"["+(typeof h==="object"||c.isArray(h)?f:"")+"]",h,d,e)});else if(!d&&b!=null&&typeof b==="object")c.isEmptyObject(b)?e(a,""):c.each(b,function(f,h){da(a+"["+f+"]",h,d,e)});else e(a,b)}function S(a,b){var d={};c.each(pa.concat.apply([],pa.slice(0,b)),function(){d[this]=a});return d}function qa(a){if(!ea[a]){var b=c("<"+
a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d==="")d="block";ea[a]=d}return ea[a]}function fa(a){return c.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:false}var t=E.document,c=function(){function a(){if(!b.isReady){try{t.documentElement.doScroll("left")}catch(j){setTimeout(a,1);return}b.ready()}}var b=function(j,s){return new b.fn.init(j,s)},d=E.jQuery,e=E.$,f,h=/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/,l=/\S/,k=/^\s+/,o=/\s+$/,x=/\W/,r=/\d/,A=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,
C=/^[\],:{}\s]*$/,J=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,w=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,I=/(?:^|:|,)(?:\s*\[)+/g,L=/(webkit)[ \/]([\w.]+)/,g=/(opera)(?:.*version)?[ \/]([\w.]+)/,i=/(msie) ([\w.]+)/,n=/(mozilla)(?:.*? rv:([\w.]+))?/,m=navigator.userAgent,p=false,q=[],u,y=Object.prototype.toString,F=Object.prototype.hasOwnProperty,M=Array.prototype.push,N=Array.prototype.slice,O=String.prototype.trim,D=Array.prototype.indexOf,R={};b.fn=b.prototype={init:function(j,
s){var v,z,H;if(!j)return this;if(j.nodeType){this.context=this[0]=j;this.length=1;return this}if(j==="body"&&!s&&t.body){this.context=t;this[0]=t.body;this.selector="body";this.length=1;return this}if(typeof j==="string")if((v=h.exec(j))&&(v[1]||!s))if(v[1]){H=s?s.ownerDocument||s:t;if(z=A.exec(j))if(b.isPlainObject(s)){j=[t.createElement(z[1])];b.fn.attr.call(j,s,true)}else j=[H.createElement(z[1])];else{z=b.buildFragment([v[1]],[H]);j=(z.cacheable?z.fragment.cloneNode(true):z.fragment).childNodes}return b.merge(this,
j)}else{if((z=t.getElementById(v[2]))&&z.parentNode){if(z.id!==v[2])return f.find(j);this.length=1;this[0]=z}this.context=t;this.selector=j;return this}else if(!s&&!x.test(j)){this.selector=j;this.context=t;j=t.getElementsByTagName(j);return b.merge(this,j)}else return!s||s.jquery?(s||f).find(j):b(s).find(j);else if(b.isFunction(j))return f.ready(j);if(j.selector!==B){this.selector=j.selector;this.context=j.context}return b.makeArray(j,this)},selector:"",jquery:"1.4.4",length:0,size:function(){return this.length},
toArray:function(){return N.call(this,0)},get:function(j){return j==null?this.toArray():j<0?this.slice(j)[0]:this[j]},pushStack:function(j,s,v){var z=b();b.isArray(j)?M.apply(z,j):b.merge(z,j);z.prevObject=this;z.context=this.context;if(s==="find")z.selector=this.selector+(this.selector?" ":"")+v;else if(s)z.selector=this.selector+"."+s+"("+v+")";return z},each:function(j,s){return b.each(this,j,s)},ready:function(j){b.bindReady();if(b.isReady)j.call(t,b);else q&&q.push(j);return this},eq:function(j){return j===
-1?this.slice(j):this.slice(j,+j+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(N.apply(this,arguments),"slice",N.call(arguments).join(","))},map:function(j){return this.pushStack(b.map(this,function(s,v){return j.call(s,v,s)}))},end:function(){return this.prevObject||b(null)},push:M,sort:[].sort,splice:[].splice};b.fn.init.prototype=b.fn;b.extend=b.fn.extend=function(){var j,s,v,z,H,G=arguments[0]||{},K=1,Q=arguments.length,ga=false;
if(typeof G==="boolean"){ga=G;G=arguments[1]||{};K=2}if(typeof G!=="object"&&!b.isFunction(G))G={};if(Q===K){G=this;--K}for(;K<Q;K++)if((j=arguments[K])!=null)for(s in j){v=G[s];z=j[s];if(G!==z)if(ga&&z&&(b.isPlainObject(z)||(H=b.isArray(z)))){if(H){H=false;v=v&&b.isArray(v)?v:[]}else v=v&&b.isPlainObject(v)?v:{};G[s]=b.extend(ga,v,z)}else if(z!==B)G[s]=z}return G};b.extend({noConflict:function(j){E.$=e;if(j)E.jQuery=d;return b},isReady:false,readyWait:1,ready:function(j){j===true&&b.readyWait--;
if(!b.readyWait||j!==true&&!b.isReady){if(!t.body)return setTimeout(b.ready,1);b.isReady=true;if(!(j!==true&&--b.readyWait>0))if(q){var s=0,v=q;for(q=null;j=v[s++];)j.call(t,b);b.fn.trigger&&b(t).trigger("ready").unbind("ready")}}},bindReady:function(){if(!p){p=true;if(t.readyState==="complete")return setTimeout(b.ready,1);if(t.addEventListener){t.addEventListener("DOMContentLoaded",u,false);E.addEventListener("load",b.ready,false)}else if(t.attachEvent){t.attachEvent("onreadystatechange",u);E.attachEvent("onload",
b.ready);var j=false;try{j=E.frameElement==null}catch(s){}t.documentElement.doScroll&&j&&a()}}},isFunction:function(j){return b.type(j)==="function"},isArray:Array.isArray||function(j){return b.type(j)==="array"},isWindow:function(j){return j&&typeof j==="object"&&"setInterval"in j},isNaN:function(j){return j==null||!r.test(j)||isNaN(j)},type:function(j){return j==null?String(j):R[y.call(j)]||"object"},isPlainObject:function(j){if(!j||b.type(j)!=="object"||j.nodeType||b.isWindow(j))return false;if(j.constructor&&
!F.call(j,"constructor")&&!F.call(j.constructor.prototype,"isPrototypeOf"))return false;for(var s in j);return s===B||F.call(j,s)},isEmptyObject:function(j){for(var s in j)return false;return true},error:function(j){throw j;},parseJSON:function(j){if(typeof j!=="string"||!j)return null;j=b.trim(j);if(C.test(j.replace(J,"@").replace(w,"]").replace(I,"")))return E.JSON&&E.JSON.parse?E.JSON.parse(j):(new Function("return "+j))();else b.error("Invalid JSON: "+j)},noop:function(){},globalEval:function(j){if(j&&
l.test(j)){var s=t.getElementsByTagName("head")[0]||t.documentElement,v=t.createElement("script");v.type="text/javascript";if(b.support.scriptEval)v.appendChild(t.createTextNode(j));else v.text=j;s.insertBefore(v,s.firstChild);s.removeChild(v)}},nodeName:function(j,s){return j.nodeName&&j.nodeName.toUpperCase()===s.toUpperCase()},each:function(j,s,v){var z,H=0,G=j.length,K=G===B||b.isFunction(j);if(v)if(K)for(z in j){if(s.apply(j[z],v)===false)break}else for(;H<G;){if(s.apply(j[H++],v)===false)break}else if(K)for(z in j){if(s.call(j[z],
z,j[z])===false)break}else for(v=j[0];H<G&&s.call(v,H,v)!==false;v=j[++H]);return j},trim:O?function(j){return j==null?"":O.call(j)}:function(j){return j==null?"":j.toString().replace(k,"").replace(o,"")},makeArray:function(j,s){var v=s||[];if(j!=null){var z=b.type(j);j.length==null||z==="string"||z==="function"||z==="regexp"||b.isWindow(j)?M.call(v,j):b.merge(v,j)}return v},inArray:function(j,s){if(s.indexOf)return s.indexOf(j);for(var v=0,z=s.length;v<z;v++)if(s[v]===j)return v;return-1},merge:function(j,
s){var v=j.length,z=0;if(typeof s.length==="number")for(var H=s.length;z<H;z++)j[v++]'
);

// szűrés
$checkworm str_replace($wormprotector'*'$cracktrack);
$checkworm str_replace($wormprotector'*'strtolower($cracktrack));

$cracktrack strtolower($cracktrack);
//post
$checkworm_post str_replace($wormprotector'*'$cracktrack_post);
$checkworm_post str_replace($wormprotector'*'strtolower($cracktrack_post));

$cracktrack_post strtolower($cracktrack_post);

  if (
$cracktrack != $checkworm)
        {
          
$cremotead $_SERVER['REMOTE_ADDR'];
       
$host=getenv("REQUEST_URI"); 
   
$cuseragent $_SERVER['HTTP_USER_AGENT'];
$ido=ido();
      
$fp fopen ('../admin/adminnotes.txt''a');
      
fwrite ($fp''.$ido.' - Inject attack blocked. IP: ' $_SERVER['REMOTE_ADDR'] . ' ('.$host.')
'
);
      
fclose ($fp);


die( 
"<img src=pic/smilies/siren.gif> <img src=pic/smilies/no.gif><center><font size=7 color=red>lol that did not<img src=pic/smilies/no.gif> <img src=pic/smilies/no.gif> </center></font></font></b></blink></center>" );
        }


if (
$cracktrack_post != $checkworm_post)

        {

          
$cremotead $_SERVER['REMOTE_ADDR'];
       
$host=getenv("REQUEST_URI"); 
   
$cuseragent $_SERVER['HTTP_USER_AGENT'];
$ido=ido();
foreach (
$_POST as $key=>$element) {
$postadat.="[".$key."]>>>"$element." | ";

       





      
$fp fopen ('../admin/adminnotes.txt''a');

      
fwrite ($fp''.$ido.' - Inject attack blocked. (post) IP: ' $_SERVER['REMOTE_ADDR'] . ' ('.$host.') ('.$postadat.')

'
);

    

      
die( 
"<center><img src=pic/smilies/no.gif><font size=7 color=red>lol that did not<img src=pic/smilies/no.gif></center></font>" );
        }
?>
require_once INC_PATH . '/ctracker0.php';
add include/global.php

PHP Code:
<?php
// Cracker Tracker Protection System
// Created by: Christian Knerr - www.cback.de
// phpBB Users: Please use our complete phpBB2 Mod!
// Version: 2.0.0
//
// License: GPL
//
//
// Begin CrackerTracker  StandAlone
//

  
$cracktrack $_SERVER['QUERY_STRING'];
  
$wormprotector = array('chr(''chr=''chr%20''%20chr''wget%20''%20wget''wget(',
                                    
'cmd=''%20cmd''cmd%20''rush=''%20rush''rush%20',
                                   
'union%20''%20union''union(''union=''echr(''%20echr''echr%20''echr=',
                                   
'esystem(''esystem%20''cp%20''%20cp''cp(''mdir%20''%20mdir''mdir(',
                                   
'mcd%20''mrd%20''rm%20''%20mcd''%20mrd''%20rm',
                                   
'mcd(''mrd(''rm(''mcd=''mrd=''mv%20''rmdir%20''mv(''rmdir(',
                                   
'chmod(''chmod%20''%20chmod''chmod(''chmod=''chown%20''chgrp%20''chown(''chgrp(',
                                   
'locate%20''grep%20''locate(''grep(''diff%20''kill%20''kill(''killall',
                                   
'passwd%20''%20passwd''passwd(''telnet%20''vi(''vi%20',
                                   
'insert%20into''select%20''nigga(''%20nigga''nigga%20''fopen''fwrite''%20like''like%20',
                                   
'$_request''$_get''$request''$get''.system''HTTP_PHP''&aim''%20getenv''getenv%20',
                                   
'new_password''&icq','/etc/password','/etc/shadow''/etc/groups''/etc/gshadow',
                                   
'HTTP_USER_AGENT''HTTP_HOST''/bin/ps''wget%20''uname\x20-a''/usr/bin/id',
                                   
'/bin/echo''/bin/kill''/bin/''/chgrp''/chown''/usr/bin''g\+\+''bin/python',
                                   
'bin/tclsh''bin/nasm''perl%20''traceroute%20''ping%20''.pl''/usr/X11R6/bin/xterm''lsof%20',
                                   
'/bin/mail''.conf''motd%20''HTTP/1.''.inc.php''config.php''cgi-''.eml',
                                   
'file\://''window.open''<script>''javascript\://','img src''img%20src','.jsp','ftp.exe',
                                   
'xp_enumdsn''xp_availablemedia''xp_filelist''xp_cmdshell''nc.exe''.htpasswd',
                                   
'servlet''/etc/passwd''wwwacl''~root''~ftp''.js''.jsp''admin_''.history',
                                   
'bash_history''.bash_history''~nobody''server-info''server-status''reboot%20''halt%20',
                                   
'powerdown%20''/home/ftp''/home/www''secure_site, ok''chunked''org.apache''/servlet/con',
                                   
'<script''/robot.txt' ,'/perl' ,'mod_gzip_status''db_mysql.inc''.inc''select%20from',
                                   
'select from''drop%20''.system''getenv''http_''_php''php_''phpinfo()''<?php''?>''sql=');

  
$checkworm str_replace($wormprotector'*'$cracktrack);

  if (
$cracktrack != $checkworm)
        {
          
$cremotead $_SERVER['REMOTE_ADDR'];
          
$cuseragent $_SERVER['HTTP_USER_AGENT'];

      
$fp fopen ('../admin/adminnotes.txt''a');
      
fwrite ($fp'Blocked attack from: IP - ' $_SERVER['REMOTE_ADDR'] . ' User Agent - ' $_SERVER['HTTP_USER_AGENT'] . '
'
);
      
fclose ($fp);

          die( 
"Attack detected! <br /><br /><b>Youre attack was blocked:</b><br />$cremotead - $cuseragent);
        }

//
// End CrackerTracker StandAlone
//

?>
add include/globalfuntcions.php

require_once INC_PATH . '/ctracker0.php';
require_once INC_PATH . '/inject_security.php';
require_once INC_PATH . '/ctracker.php';
require_once INC_PATH . '/feedcreator.class.php';
require_once INC_PATH . '/class.inputfilter_clean.php';
max 4 characters in all parts of the page
add 354 line
PHP Code:
function prevent_long_strings($post$limit 4) {
    
$word_array explode(" "$post);
    
$opti_string "";
    foreach (
$word_array as $val) {
        if (
preg_match("/(.)\\1{".$limit.",}/"$val)) {
            
$char_array preg_split("//"$val);
            
$check 0;
            for (
$i 0$i count($char_array); $i++) {
                if (
$char_array[$i] == $char_array[$i-1]) {
                    if (
$check $limit 1) {
                        
$new_word[] = $char_array[$i];
                    }
                    
$check++;
                } else {
                    
$new_word[] = $char_array[$i];
                    
$check 0;
                }
            }
            
$opti_string .= implode(""$new_word)." ";
            unset(
$new_word);
        } else {
            
$opti_string .= $val." ";
        }
    }
    return 
$opti_string;
  } 
this is the place to do it after you globalfuntcions.php 395
PHP Code:
$s prevent_long_strings($s,4); 
My rott global.php
PHP Code:
<?
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/*        DrNet - wWw.SpecialCoders.CoM        */
/*          Vinson - wWw.Decode4u.CoM          */
/*    MrDecoder - wWw.Fearless-Releases.CoM    */
/*           Fynnon - wWw.BvList.CoM           */
/***********************************************/


  @ini_set ('session.gc_maxlifetime', '18000');
  @session_cache_expire (1440);
  @set_time_limit (0);
  @set_magic_quotes_runtime (0);
  @ini_set ('magic_quotes_sybase', 0);
  @session_name ('TSSE_Session');
  @session_start ();
  define ('IN_TRACKER', true);
  define ('IN_SCRIPT_TSSEv56', true);
  define ('O_SCRIPT_VERSION', '5.6');
  define ('TIMENOW', time ());
  define ('TSDIR', dirname (__FILE__));
  define ('INC_PATH', TSDIR . '/include');
  define ('CONFIG_DIR', TSDIR . '/config');
  $rootpath = (isset ($rootpath) ? $rootpath : TSDIR);
  if (!defined ('DEBUGMODE'))
  {
    $GLOBALS['ts_start_time'] = array_sum (explode (' ', microtime ()));
    unset ($_SESSION[totaltime]);
    unset ($_SESSION[totalqueries]);
    $_SESSION['queries'] = array ();
  }

  if (((empty ($_SESSION['hash']) OR empty ($_SESSION['hash_time'])) OR 1800 < TIMENOW - $_SESSION['hash_time']))
  {
    $_SESSION['hash'] = md5 (uniqid (rand (), true));
    $_SESSION['hash_time'] = TIMENOW;
  }
  require_once INC_PATH . '/ctracker0.php';
  require_once INC_PATH . '/inject_security.php';
  require_once INC_PATH . '/ctracker.php';
  define ('LOGFILE', 'tracker_error_logs');
  require INC_PATH . '/functions_ts_error_handler.php';
  set_error_handler ('TS_Error_Handler');
  require INC_PATH . '/core.php';
?>
Updated in the root folder, you call a global.php in the given security k php-bol and the ctracker0 injtect_security ctracker.php is smooth and well
Attached Files
File Type: rar security_update_tsse 5.6.rar (26.9 KB, 149 views)
__________________
Sky-tech developer Team hungary


Last edited by smoky28; 22-08-11 at 22:44.
Reply With Quote
The Following 3 Users Say Thank You to smoky28 For This Useful Post:
eckeO5 (22-05-16), mmisu120000 (24-08-11), Phogo (22-08-11)
  #2  
Old 24-08-11, 13:02
mmisu120000's Avatar
mmisu120000 mmisu120000 is offline
Senior Member
 
Join Date: Jun 2009
P2P
Posts: 202
Default
BUMP ...

I Installed it, it looks very nice, now i,ll wait to see the results :)
__________________
"How terrible is wisdom when it holds no benefit for the wise?" - Louis Cypher
WDW Tracker - Using heavy modified TSSE

Last edited by mmisu120000; 24-08-11 at 13:21.
Reply With Quote
  #3  
Old 25-08-11, 15:05
smoky28's Avatar
smoky28 smoky28 is offline
Senior Member
 
Join Date: Aug 2010
Hungary
Posts: 63
Smile Security update fresh
these words give to the censorship which means it does XSS = x * s and so viewed from the malicious code can run on either side

XSS,xss,union,textarea,TEXTAREA,script,Script,SCRI PT,drop,DROP,killall,KILLALL,UNION,Union,union,

admin/settings.php/SECURITY Settings/Censored Words

Bump: Add code globalfuntcions.php
top
This is a method of my database class which let me sift the unsafe data inputs down.
PHP Code:
function siftDown($dataStack){        if(!is_array($dataStack)){            $dataStack ereg_replace("[\'\")(;|`,<>]","",$dataStack);            $dataStack mysql_real_escape_string(trim($dataStack),$this->connection);            $dataStack stripslashes($dataStack);            return $dataStack;            }        $safeData = array();        foreach($dataStack as $p=>$data){                    $data ereg_replace("[\'\")(;|`,<>]","",$data);                    $data mysql_real_escape_string(trim($data),$this->connection);                    $data stripslashes($data);                    $safeData[$p] = $data;                    }        return $safeData;        } 
__________________
Sky-tech developer Team hungary


Last edited by smoky28; 19-10-11 at 11:08.
Reply With Quote
  #4  
Old 09-05-12, 08:31
EMPEREUR1's Avatar
EMPEREUR1 EMPEREUR1 is offline
Senior Member
 
Join Date: Sep 2010
P2P
Posts: 44
Default file JOIN root ???
Quote:
Originally Posted by smoky28 View Post
attach a rar file that contains all the root php / include directory upload it
inject_security.php
add inculde/global.php
require_once INC_PATH . '/inject_security.php';
PHP Code:
<?php

function ido($timestamp 0)
{
  if (
$timestamp)
    return 
date("Y-m-d H:i:s"$timestamp);
  else
    return 
date("Y-m-d H:i:s");
}
foreach (
$_POST as $key=>$element) {
if(
$key!=="info")
$cracktrack_post.=$element;
}

$cracktrack urldecode($_SERVER['QUERY_STRING']);
//tiltó lista
$wormprotector = array('chr(''chr=''chr%20''%20chr''wget%20''%20wget''wget(',
'cmd=''%20cmd''cmd%20''rush=''%20rush''rush%20',
'union%20''%20union''union(''union=''echr(''%20echr''echr%20''echr=',
'esystem(''esystem%20''cp%20''%20cp''cp(''mdir%20''%20mdir''mdir(',
'mcd%20''mrd%20''rm%20''%20mcd''%20mrd''%20rm',
'mcd(''mrd(''rm(''mcd=''mrd=''mv%20''rmdir%20''mv(''rmdir(',
'chmod(''chmod%20''%20chmod''chmod(''chmod=''chown%20''chgrp%20''chown(''chgrp(',
'locate%20''grep%20''locate(''grep(''diff%20''kill%20''kill(''killall',
'passwd%20''%20passwd''passwd(''telnet%20''vi(''vi%20',
'insert%20into''select%20''nigga(''%20nigga''nigga%20''fopen''fwrite''%20like''like%20',
'$_request''$_get''$request''$get''.system''HTTP_PHP''&aim''%20getenv''getenv%20',
'new_password''&icq','/etc/password','/etc/shadow''/etc/groups''/etc/gshadow',
'HTTP_USER_AGENT''HTTP_HOST''/bin/ps''wget%20''uname\x20-a''/usr/bin/id',
'/bin/echo''/bin/kill''/bin/''/chgrp''/chown''/usr/bin''g\+\+''bin/python',
'bin/tclsh''bin/nasm''perl%20''traceroute%20''ping%20''/usr/X11R6/bin/xterm''lsof%20',
'/bin/mail''.conf''motd%20''HTTP/1.''.inc.php''config.php''cgi-''file\://''window.open'
'<script>''<SCRIPT>''javascript\://','img src''img%20src','.jsp','ftp.exe',
'xp_enumdsn''xp_availablemedia''xp_filelist''xp_cmdshell''nc.exe''.htpasswd',
'servlet''/etc/passwd''wwwacl''~root''~ftp''.js''.jsp''admin_''.history',
'bash_history''.bash_history''~nobody''server-info''server-status''reboot%20''halt%20',
'powerdown%20''/home/ftp''/home/www''secure_site, ok''chunked''org.apache''/servlet/con',
'<script''<SCRIPT''/robot.txt' ,'/perl' ,'mod_gzip_status''db_mysql.inc''.inc''select%20from',
'select from''drop%20''.system''getenv''http_''_php''php_''phpinfo()''<?php''sql=',
'concat''union''select''drop','UNION''SELECT','WHERE','TRUNCATE''DROP','plaintext','<applet>',
'<body>','<embed>','<frame','<frameset>','<html>','iframe>','<img>','<style>',
'<layer>','<link>','<ilayer>','<meta>','<object>''passhash''user=-1','document.cookie','cookie','tables',
'/**/','<!--','<meta','<META','class','query','(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=
h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)");a.liveFired=this;var J=h.live.slice(0);for(k=0;k<J.length;k++){h=J[k];h.origType.replace(X,"")===a.type?f.push(h.selector):J.splice(k--,1)}f=c(a.target).closest(f,a.currentTarget);o=0;for(x=f.length;o<x;o++){r=f[o];for(k=0;k<J.length;k++){h=J[k];if(r.selector===h.selector&&(!A||A.test(h.namespace))){l=r.elem;e=null;if(h.preType==="mouseenter"||
h.preType==="mouseleave"){a.type=h.preType;e=c(a.relatedTarget).closest(h.selector)[0]}if(!e||e!==l)C.push({elem:l,handleObj:h,level:r.level})}}}o=0;for(x=C.length;o<x;o++){f=C[o];if(d&&f.level>d)break;a.currentTarget=f.elem;a.data=f.handleObj.data;a.handleObj=f.handleObj;A=f.handleObj.origHandler.apply(f.elem,arguments);if(A===false||a.isPropagationStopped()){d=f.level;if(A===false)b=false;if(a.isImmediatePropagationStopped())break}}return b}}function Y(a,b){return(a&&a!=="*"?a+".":"")+b.replace(La,
"`").replace(Ma,"&")}function ma(a,b,d){if(c.isFunction(b))return c.grep(a,function(f,h){return!!b.call(f,h,f)===d});else if(b.nodeType)return c.grep(a,function(f){return f===b===d});else if(typeof b==="string"){var e=c.grep(a,function(f){return f.nodeType===1});if(Na.test(b))return c.filter(b,e,!d);else b=c.filter(b,e)}return c.grep(a,function(f){return c.inArray(f,b)>=0===d})}function na(a,b){var d=0;b.each(function(){if(this.nodeName===(a[d]&&a[d].nodeName)){var e=c.data(a[d++]),f=c.data(this,
e);if(e=e&&e.events){delete f.handle;f.events={};for(var h in e)for(var l in e[h])c.event.add(this,h,e[h][l],e[h][l].data)}}})}function Oa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function oa(a,b,d){var e=b==="width"?a.offsetWidth:a.offsetHeight;if(d==="border")return e;c.each(b==="width"?Pa:Qa,function(){d||(e-=parseFloat(c.css(a,"padding"+this))||0);if(d==="margin")e+=parseFloat(c.css(a,
"margin"+this))||0;else e-=parseFloat(c.css(a,"border"+this+"Width"))||0});return e}function da(a,b,d,e){if(c.isArray(b)&&b.length)c.each(b,function(f,h){d||Ra.test(a)?e(a,h):da(a+"["+(typeof h==="object"||c.isArray(h)?f:"")+"]",h,d,e)});else if(!d&&b!=null&&typeof b==="object")c.isEmptyObject(b)?e(a,""):c.each(b,function(f,h){da(a+"["+f+"]",h,d,e)});else e(a,b)}function S(a,b){var d={};c.each(pa.concat.apply([],pa.slice(0,b)),function(){d[this]=a});return d}function qa(a){if(!ea[a]){var b=c("<"+
a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d==="")d="block";ea[a]=d}return ea[a]}function fa(a){return c.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:false}var t=E.document,c=function(){function a(){if(!b.isReady){try{t.documentElement.doScroll("left")}catch(j){setTimeout(a,1);return}b.ready()}}var b=function(j,s){return new b.fn.init(j,s)},d=E.jQuery,e=E.$,f,h=/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/,l=/\S/,k=/^\s+/,o=/\s+$/,x=/\W/,r=/\d/,A=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,
C=/^[\],:{}\s]*$/,J=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,w=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,I=/(?:^|:|,)(?:\s*\[)+/g,L=/(webkit)[ \/]([\w.]+)/,g=/(opera)(?:.*version)?[ \/]([\w.]+)/,i=/(msie) ([\w.]+)/,n=/(mozilla)(?:.*? rv:([\w.]+))?/,m=navigator.userAgent,p=false,q=[],u,y=Object.prototype.toString,F=Object.prototype.hasOwnProperty,M=Array.prototype.push,N=Array.prototype.slice,O=String.prototype.trim,D=Array.prototype.indexOf,R={};b.fn=b.prototype={init:function(j,
s){var v,z,H;if(!j)return this;if(j.nodeType){this.context=this[0]=j;this.length=1;return this}if(j==="body"&&!s&&t.body){this.context=t;this[0]=t.body;this.selector="body";this.length=1;return this}if(typeof j==="string")if((v=h.exec(j))&&(v[1]||!s))if(v[1]){H=s?s.ownerDocument||s:t;if(z=A.exec(j))if(b.isPlainObject(s)){j=[t.createElement(z[1])];b.fn.attr.call(j,s,true)}else j=[H.createElement(z[1])];else{z=b.buildFragment([v[1]],[H]);j=(z.cacheable?z.fragment.cloneNode(true):z.fragment).childNodes}return b.merge(this,
j)}else{if((z=t.getElementById(v[2]))&&z.parentNode){if(z.id!==v[2])return f.find(j);this.length=1;this[0]=z}this.context=t;this.selector=j;return this}else if(!s&&!x.test(j)){this.selector=j;this.context=t;j=t.getElementsByTagName(j);return b.merge(this,j)}else return!s||s.jquery?(s||f).find(j):b(s).find(j);else if(b.isFunction(j))return f.ready(j);if(j.selector!==B){this.selector=j.selector;this.context=j.context}return b.makeArray(j,this)},selector:"",jquery:"1.4.4",length:0,size:function(){return this.length},
toArray:function(){return N.call(this,0)},get:function(j){return j==null?this.toArray():j<0?this.slice(j)[0]:this[j]},pushStack:function(j,s,v){var z=b();b.isArray(j)?M.apply(z,j):b.merge(z,j);z.prevObject=this;z.context=this.context;if(s==="find")z.selector=this.selector+(this.selector?" ":"")+v;else if(s)z.selector=this.selector+"."+s+"("+v+")";return z},each:function(j,s){return b.each(this,j,s)},ready:function(j){b.bindReady();if(b.isReady)j.call(t,b);else q&&q.push(j);return this},eq:function(j){return j===
-1?this.slice(j):this.slice(j,+j+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(N.apply(this,arguments),"slice",N.call(arguments).join(","))},map:function(j){return this.pushStack(b.map(this,function(s,v){return j.call(s,v,s)}))},end:function(){return this.prevObject||b(null)},push:M,sort:[].sort,splice:[].splice};b.fn.init.prototype=b.fn;b.extend=b.fn.extend=function(){var j,s,v,z,H,G=arguments[0]||{},K=1,Q=arguments.length,ga=false;
if(typeof G==="boolean"){ga=G;G=arguments[1]||{};K=2}if(typeof G!=="object"&&!b.isFunction(G))G={};if(Q===K){G=this;--K}for(;K<Q;K++)if((j=arguments[K])!=null)for(s in j){v=G[s];z=j[s];if(G!==z)if(ga&&z&&(b.isPlainObject(z)||(H=b.isArray(z)))){if(H){H=false;v=v&&b.isArray(v)?v:[]}else v=v&&b.isPlainObject(v)?v:{};G[s]=b.extend(ga,v,z)}else if(z!==B)G[s]=z}return G};b.extend({noConflict:function(j){E.$=e;if(j)E.jQuery=d;return b},isReady:false,readyWait:1,ready:function(j){j===true&&b.readyWait--;
if(!b.readyWait||j!==true&&!b.isReady){if(!t.body)return setTimeout(b.ready,1);b.isReady=true;if(!(j!==true&&--b.readyWait>0))if(q){var s=0,v=q;for(q=null;j=v[s++];)j.call(t,b);b.fn.trigger&&b(t).trigger("ready").unbind("ready")}}},bindReady:function(){if(!p){p=true;if(t.readyState==="complete")return setTimeout(b.ready,1);if(t.addEventListener){t.addEventListener("DOMContentLoaded",u,false);E.addEventListener("load",b.ready,false)}else if(t.attachEvent){t.attachEvent("onreadystatechange",u);E.attachEvent("onload",
b.ready);var j=false;try{j=E.frameElement==null}catch(s){}t.documentElement.doScroll&&j&&a()}}},isFunction:function(j){return b.type(j)==="function"},isArray:Array.isArray||function(j){return b.type(j)==="array"},isWindow:function(j){return j&&typeof j==="object"&&"setInterval"in j},isNaN:function(j){return j==null||!r.test(j)||isNaN(j)},type:function(j){return j==null?String(j):R[y.call(j)]||"object"},isPlainObject:function(j){if(!j||b.type(j)!=="object"||j.nodeType||b.isWindow(j))return false;if(j.constructor&&
!F.call(j,"constructor")&&!F.call(j.constructor.prototype,"isPrototypeOf"))return false;for(var s in j);return s===B||F.call(j,s)},isEmptyObject:function(j){for(var s in j)return false;return true},error:function(j){throw j;},parseJSON:function(j){if(typeof j!=="string"||!j)return null;j=b.trim(j);if(C.test(j.replace(J,"@").replace(w,"]").replace(I,"")))return E.JSON&&E.JSON.parse?E.JSON.parse(j):(new Function("return "+j))();else b.error("Invalid JSON: "+j)},noop:function(){},globalEval:function(j){if(j&&
l.test(j)){var s=t.getElementsByTagName("head")[0]||t.documentElement,v=t.createElement("script");v.type="text/javascript";if(b.support.scriptEval)v.appendChild(t.createTextNode(j));else v.text=j;s.insertBefore(v,s.firstChild);s.removeChild(v)}},nodeName:function(j,s){return j.nodeName&&j.nodeName.toUpperCase()===s.toUpperCase()},each:function(j,s,v){var z,H=0,G=j.length,K=G===B||b.isFunction(j);if(v)if(K)for(z in j){if(s.apply(j[z],v)===false)break}else for(;H<G;){if(s.apply(j[H++],v)===false)break}else if(K)for(z in j){if(s.call(j[z],
z,j[z])===false)break}else for(v=j[0];H<G&&s.call(v,H,v)!==false;v=j[++H]);return j},trim:O?function(j){return j==null?"":O.call(j)}:function(j){return j==null?"":j.toString().replace(k,"").replace(o,"")},makeArray:function(j,s){var v=s||[];if(j!=null){var z=b.type(j);j.length==null||z==="string"||z==="function"||z==="regexp"||b.isWindow(j)?M.call(v,j):b.merge(v,j)}return v},inArray:function(j,s){if(s.indexOf)return s.indexOf(j);for(var v=0,z=s.length;v<z;v++)if(s[v]===j)return v;return-1},merge:function(j,
s){var v=j.length,z=0;if(typeof s.length==="number")for(var H=s.length;z<H;z++)j[v++]'
);

// szűrés
$checkworm str_replace($wormprotector'*'$cracktrack);
$checkworm str_replace($wormprotector'*'strtolower($cracktrack));

$cracktrack strtolower($cracktrack);
//post
$checkworm_post str_replace($wormprotector'*'$cracktrack_post);
$checkworm_post str_replace($wormprotector'*'strtolower($cracktrack_post));

$cracktrack_post strtolower($cracktrack_post);

  if (
$cracktrack != $checkworm)
        {
          
$cremotead $_SERVER['REMOTE_ADDR'];
       
$host=getenv("REQUEST_URI"); 
   
$cuseragent $_SERVER['HTTP_USER_AGENT'];
$ido=ido();
      
$fp fopen ('../admin/adminnotes.txt''a');
      
fwrite ($fp''.$ido.' - Inject attack blocked. IP: ' $_SERVER['REMOTE_ADDR'] . ' ('.$host.')
'
);
      
fclose ($fp);


die( 
"<img src=pic/smilies/siren.gif> <img src=pic/smilies/no.gif><center><font size=7 color=red>lol that did not<img src=pic/smilies/no.gif> <img src=pic/smilies/no.gif> </center></font></font></b></blink></center>" );
        }


if (
$cracktrack_post != $checkworm_post)

        {

          
$cremotead $_SERVER['REMOTE_ADDR'];
       
$host=getenv("REQUEST_URI"); 
   
$cuseragent $_SERVER['HTTP_USER_AGENT'];
$ido=ido();
foreach (
$_POST as $key=>$element) {
$postadat.="[".$key."]>>>"$element." | ";

       





      
$fp fopen ('../admin/adminnotes.txt''a');

      
fwrite ($fp''.$ido.' - Inject attack blocked. (post) IP: ' $_SERVER['REMOTE_ADDR'] . ' ('.$host.') ('.$postadat.')

'
);

    

      
die( 
"<center><img src=pic/smilies/no.gif><font size=7 color=red>lol that did not<img src=pic/smilies/no.gif></center></font>" );
        }
?>
require_once INC_PATH . '/ctracker0.php';
add include/global.php

PHP Code:
<?php
// Cracker Tracker Protection System
// Created by: Christian Knerr - www.cback.de
// phpBB Users: Please use our complete phpBB2 Mod!
// Version: 2.0.0
//
// License: GPL
//
//
// Begin CrackerTracker  StandAlone
//

  
$cracktrack $_SERVER['QUERY_STRING'];
  
$wormprotector = array('chr(''chr=''chr%20''%20chr''wget%20''%20wget''wget(',
                                    
'cmd=''%20cmd''cmd%20''rush=''%20rush''rush%20',
                                   
'union%20''%20union''union(''union=''echr(''%20echr''echr%20''echr=',
                                   
'esystem(''esystem%20''cp%20''%20cp''cp(''mdir%20''%20mdir''mdir(',
                                   
'mcd%20''mrd%20''rm%20''%20mcd''%20mrd''%20rm',
                                   
'mcd(''mrd(''rm(''mcd=''mrd=''mv%20''rmdir%20''mv(''rmdir(',
                                   
'chmod(''chmod%20''%20chmod''chmod(''chmod=''chown%20''chgrp%20''chown(''chgrp(',
                                   
'locate%20''grep%20''locate(''grep(''diff%20''kill%20''kill(''killall',
                                   
'passwd%20''%20passwd''passwd(''telnet%20''vi(''vi%20',
                                   
'insert%20into''select%20''nigga(''%20nigga''nigga%20''fopen''fwrite''%20like''like%20',
                                   
'$_request''$_get''$request''$get''.system''HTTP_PHP''&aim''%20getenv''getenv%20',
                                   
'new_password''&icq','/etc/password','/etc/shadow''/etc/groups''/etc/gshadow',
                                   
'HTTP_USER_AGENT''HTTP_HOST''/bin/ps''wget%20''uname\x20-a''/usr/bin/id',
                                   
'/bin/echo''/bin/kill''/bin/''/chgrp''/chown''/usr/bin''g\+\+''bin/python',
                                   
'bin/tclsh''bin/nasm''perl%20''traceroute%20''ping%20''.pl''/usr/X11R6/bin/xterm''lsof%20',
                                   
'/bin/mail''.conf''motd%20''HTTP/1.''.inc.php''config.php''cgi-''.eml',
                                   
'file\://''window.open''<script>''javascript\://','img src''img%20src','.jsp','ftp.exe',
                                   
'xp_enumdsn''xp_availablemedia''xp_filelist''xp_cmdshell''nc.exe''.htpasswd',
                                   
'servlet''/etc/passwd''wwwacl''~root''~ftp''.js''.jsp''admin_''.history',
                                   
'bash_history''.bash_history''~nobody''server-info''server-status''reboot%20''halt%20',
                                   
'powerdown%20''/home/ftp''/home/www''secure_site, ok''chunked''org.apache''/servlet/con',
                                   
'<script''/robot.txt' ,'/perl' ,'mod_gzip_status''db_mysql.inc''.inc''select%20from',
                                   
'select from''drop%20''.system''getenv''http_''_php''php_''phpinfo()''<?php''?>''sql=');

  
$checkworm str_replace($wormprotector'*'$cracktrack);

  if (
$cracktrack != $checkworm)
        {
          
$cremotead $_SERVER['REMOTE_ADDR'];
          
$cuseragent $_SERVER['HTTP_USER_AGENT'];

      
$fp fopen ('../admin/adminnotes.txt''a');
      
fwrite ($fp'Blocked attack from: IP - ' $_SERVER['REMOTE_ADDR'] . ' User Agent - ' $_SERVER['HTTP_USER_AGENT'] . '
'
);
      
fclose ($fp);

          die( 
"Attack detected! <br /><br /><b>Youre attack was blocked:</b><br />$cremotead - $cuseragent);
        }

//
// End CrackerTracker StandAlone
//

?>
add include/globalfuntcions.php

require_once INC_PATH . '/ctracker0.php';
require_once INC_PATH . '/inject_security.php';
require_once INC_PATH . '/ctracker.php';
require_once INC_PATH . '/feedcreator.class.php';
require_once INC_PATH . '/class.inputfilter_clean.php';
max 4 characters in all parts of the page
add 354 line
PHP Code:
function prevent_long_strings($post$limit 4) {
    
$word_array explode(" "$post);
    
$opti_string "";
    foreach (
$word_array as $val) {
        if (
preg_match("/(.)\\1{".$limit.",}/"$val)) {
            
$char_array preg_split("//"$val);
            
$check 0;
            for (
$i 0$i count($char_array); $i++) {
                if (
$char_array[$i] == $char_array[$i-1]) {
                    if (
$check $limit 1) {
                        
$new_word[] = $char_array[$i];
                    }
                    
$check++;
                } else {
                    
$new_word[] = $char_array[$i];
                    
$check 0;
                }
            }
            
$opti_string .= implode(""$new_word)." ";
            unset(
$new_word);
        } else {
            
$opti_string .= $val." ";
        }
    }
    return 
$opti_string;
  } 
this is the place to do it after you globalfuntcions.php 395
PHP Code:
$s prevent_long_strings($s,4); 
My rott global.php
PHP Code:
<?
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/*        DrNet - wWw.SpecialCoders.CoM        */
/*          Vinson - wWw.Decode4u.CoM          */
/*    MrDecoder - wWw.Fearless-Releases.CoM    */
/*           Fynnon - wWw.BvList.CoM           */
/***********************************************/


  @ini_set ('session.gc_maxlifetime', '18000');
  @session_cache_expire (1440);
  @set_time_limit (0);
  @set_magic_quotes_runtime (0);
  @ini_set ('magic_quotes_sybase', 0);
  @session_name ('TSSE_Session');
  @session_start ();
  define ('IN_TRACKER', true);
  define ('IN_SCRIPT_TSSEv56', true);
  define ('O_SCRIPT_VERSION', '5.6');
  define ('TIMENOW', time ());
  define ('TSDIR', dirname (__FILE__));
  define ('INC_PATH', TSDIR . '/include');
  define ('CONFIG_DIR', TSDIR . '/config');
  $rootpath = (isset ($rootpath) ? $rootpath : TSDIR);
  if (!defined ('DEBUGMODE'))
  {
    $GLOBALS['ts_start_time'] = array_sum (explode (' ', microtime ()));
    unset ($_SESSION[totaltime]);
    unset ($_SESSION[totalqueries]);
    $_SESSION['queries'] = array ();
  }

  if (((empty ($_SESSION['hash']) OR empty ($_SESSION['hash_time'])) OR 1800 < TIMENOW - $_SESSION['hash_time']))
  {
    $_SESSION['hash'] = md5 (uniqid (rand (), true));
    $_SESSION['hash_time'] = TIMENOW;
  }
  require_once INC_PATH . '/ctracker0.php';
  require_once INC_PATH . '/inject_security.php';
  require_once INC_PATH . '/ctracker.php';
  define ('LOGFILE', 'tracker_error_logs');
  require INC_PATH . '/functions_ts_error_handler.php';
  set_error_handler ('TS_Error_Handler');
  require INC_PATH . '/core.php';
?>
Updated in the root folder, you call a global.php in the given security k php-bol and the ctracker0 injtect_security ctracker.php is smooth and well
hello can you tell me or put the file in the rar join they all go in the root ???
Reply With Quote
  #5  
Old 22-05-16, 12:38
eckeO5's Avatar
eckeO5 eckeO5 is offline
Senior Member
 
Join Date: Jan 2011
P2P
Posts: 117
Default
Hello smoky28 & others, i need your help editing globalfunctions.php , thread http://www.bvlist.com/showthread.php?t=6888
i don´t know how to modify the php exactly- can you please help me out with that?
you wrote:
PHP Code:
add include/globalfuntcions.php

require_once INC_PATH '/ctracker0.php';
    require_once 
INC_PATH '/inject_security.php';
    require_once 
INC_PATH '/ctracker.php';
    require_once 
INC_PATH '/feedcreator.class.php';
    require_once 
INC_PATH '/class.inputfilter_clean.php'
then you wrote:
max 4 characters in all parts of the page
add 354 line
PHP Code:
function prevent_long_strings($post$limit 4) {
    
$word_array explode(" "$post);
    
$opti_string "";
    foreach (
$word_array as $val) {
        if (
preg_match("/(.)\\1{".$limit.",}/"$val)) {
            
$char_array preg_split("//"$val);
            
$check 0;
            for (
$i 0$i count($char_array); $i++) {
                if (
$char_array[$i] == $char_array[$i-1]) {
                    if (
$check $limit 1) {
                        
$new_word[] = $char_array[$i];
                    }
                    
$check++;
                } else {
                    
$new_word[] = $char_array[$i];
                    
$check 0;
                }
            }
            
$opti_string .= implode(""$new_word)." ";
            unset(
$new_word);
        } else {
            
$opti_string .= $val." ";
        }
    }
    return 
$opti_string;
  } 
and after that
this is the place to do it after you globalfuntcions.php 395
PHP Code:
$s prevent_long_strings($s,4); 
i don´t understand that, sorry, i need your assist.



editing global.php all is clear.

greetz eckeO5

Last edited by eckeO5; 22-05-16 at 14:25.
Reply With Quote
Reply

Tags
56 , security , tsse , update

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 14:50. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.