Jump to content

shaukathayder

New Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

    Never

 Content Type 

Everything posted by shaukathayder

  1. shaukathayder
    I am having problems with the security issue of XSS with a site which I have prepared I have a form <table width="100%" border="0" bgcolor=#e3e8ef> <?php if($vld == "no") { ?> <tr> <td height="30" colspan="2"><div align="center" class="papers style2">Illegal characters found! Unable to send mail </div></td> </tr> <?php } ?> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">From </font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <input name="emfrom" value="<?php if (isset($_POST['Submit'])) {echo $_POST['emfrom']; }?>" size="40"> </font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Subject </font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <input name="emsub" size="40" value="<?php if (isset($_POST['Submit'])) {echo $_POST['emsub']; }?>"> </font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">To</font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <select name="emto" > <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>DGP</option> <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>DIGP(A)</option> <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>IGP(SB)</option> </select> </font></td> </tr> <tr> <td colspan="2"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Message Body :</font><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"></font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"></font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <textarea cols=55 name=embody rows=10><?php if (isset($_POST['Submit'])) {echo $_POST['embody']; }?></textarea> </font></td> </tr> <tr bgcolor="#FFFFFF"> <td colspan="2"><div align="center"><img id="siimage" align="center" style="padding-right: 5px; border: 0" src="securimage_show.php?sid=<?php echo md5(time()) ?>" /> <a tabindex="-1" style="border-style: none" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = 'securimage_show.php?sid=' + Math.random(); return false"><img src="images/refresh.gif" alt="Reload Image" border="0" onclick="this.blur()" align="bottom" /></a></div></td> </tr> <tr> <td colspan="2"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Security Code:</font></td> </tr> <tr> <td> </td> <td><input type="text" name="code" size="12" /></td> </tr> <?php if($helpTxt != "") {?> <tr> <td> </td> <td><div align="center" class="style1"> <div align="left"><?php echo $helpTxt?></div> </div></td> </tr> <?php } ?> </table> and on submitting the form I have written the following code $vld="yes"; $myname = cleanInputs($_POST['emfrom']); $myname = htmlspecialchars(htmlentities(strip_tags($myname),ENT_QUOTES)); if(absuse($myname)) $vld="no"; if(CheckWords($myname)) $vld="no"; $myemail = "[email protected]"; $contactname = "Helpline"; $contactemail = cleanInputs($_POST['emto']); $contactemail = htmlspecialchars(htmlentities(strip_tags($contactemail),ENT_QUOTES)); if($vld == "yes") { if(absuse($contactemail)) $vld="no"; if(CheckWordsEmail($contactemail)) $vld="no"; } but the security agency who is doing the security check(XSS issue for the site) still says that there is vulnerabilities for the XSS issues. Can anyone help me out on that issue. I need the solution a little urgent.
  2. shaukathayder
    Can anyone help me on the following code which I tried to run in a WAMP server its not working. piechart.php <?php //////////////////////////////////////////////////////////////// // PHP script made by Rasmus - [www.peters1.dk] // //////////////////////////////////////////////////////////////// $show_label = true; // true = show label, false = don't show label. $show_percent = true; // true = show percentage, false = don't show percentage. $show_text = true; // true = show text, false = don't show text. $show_parts = false; // true = show parts, false = don't show parts. $label_form = 'square'; // 'square' or 'round' label. $width = 199; $background_color = 'FFFFFF'; // background-color of the chart... $text_color = '000000'; // text-color. $colors = array('003366', 'CCD6E0', '7F99B2','F7EFC6', 'C6BE8C', 'CC6600','990000','520000','BFBFC1','808080'); // colors of the slices. $shadow_height = 16; // Height on shadown. $shadow_dark = true; // true = darker shadow, false = lighter shadow... // DON'T CHANGE ANYTHING BELOW THIS LINE... $data = $_GET["data"]; $label = $_GET["label"]; //$data = "10*9*11*10"; //$label = "Denmark*Germany*USA*Sweden"; $height = $width/2; $data = explode('*',$data); if ($label != '') $label = explode('*',$label); for ($i = 0; $i < count($label); $i++) { if ($data[$i]/array_sum($data) < 0.1) $number[$i] = ' '.number_format(($data[$i]/array_sum($data))*100,1,',','.').'%'; else $number[$i] = number_format(($data[$i]/array_sum($data))*100,1,',','.').'%'; if (strlen($label[$i]) > $text_length) $text_length = strlen($label[$i]); } if (is_array($label)) { $antal_label = count($label); $xtra = (5+15*$antal_label)-($height+ceil($shadow_height)); if ($xtra > 0) $xtra_height = (5+15*$antal_label)-($height+ceil($shadow_height)); $xtra_width = 5; if ($show_label) $xtra_width += 20; if ($show_percent) $xtra_width += 45; if ($show_text) $xtra_width += $text_length*8; if ($show_parts) $xtra_width += 35; } $img = imagecreatetruecolor($width+$xtra_width, $height+ceil($shadow_height)+$xtra_height); ImageFill($img, 0, 0, colorHex($img, $background_color)); foreach ($colors as $colorkode) { $fill_color[] = colorHex($img, $colorkode); $shadow_color[] = colorHexshadow($img, $colorkode, $shadow_dark); } $label_place = 5; if (is_array($label)) { for ($i = 0; $i < count($label); $i++) { if ($label_form == 'round' && $show_label) { imagefilledellipse($img,$width+11,$label_place+5,10,10,colorHex($img, $colors[$i % count($colors)])); imageellipse($img,$width+11,$label_place+5,10,10,colorHex($img, $text_color)); } else if ($label_form == 'square' && $show_label) { imagefilledrectangle($img,$width+6,$label_place,$width+16,$label_place+10,colorHex($img, $colors[$i % count($colors)])); imagerectangle($img,$width+6,$label_place,$width+16,$label_place+10,colorHex($img, $text_color)); } if ($show_percent) $label_output = $number[$i].' '; if ($show_text) $label_output = $label_output.$label[$i].' '; if ($show_parts) $label_output = $label_output.$data[$i]; imagestring($img,'2',$width+20,$label_place,$label_output,colorHex($img, $text_color)); $label_output = ''; $label_place = $label_place + 15; } } $centerX = round($width/2); $centerY = round($height/2); $diameterX = $width-4; $diameterY = $height-4; $data_sum = array_sum($data); $start = 270; for ($i = 0; $i < count($data); $i++) { $value += $data[$i]; $end = ceil(($value/$data_sum)*360) + 270; $slice[] = array($start, $end, $shadow_color[$value_counter % count($shadow_color)], $fill_color[$value_counter % count($fill_color)]); $start = $end; $value_counter++; } for ($i=$centerY+$shadow_height; $i>$centerY; $i--) { for ($j = 0; $j < count($slice); $j++) { if ($slice[$j][0] != $slice[$j][1]) ImageFilledArc($img, $centerX, $i, $diameterX, $diameterY, $slice[$j][0], $slice[$j][1], $slice[$j][2], IMG_ARC_PIE); } } for ($j = 0; $j < count($slice); $j++) { if ($slice[$j][0] != $slice[$j][1]) ImageFilledArc($img, $centerX, $centerY, $diameterX, $diameterY, $slice[$j][0], $slice[$j][1], $slice[$j][3], IMG_ARC_PIE); } OutputImage($img); ImageDestroy($img); function colorHex($img, $HexColorString) { $R = hexdec(substr($HexColorString, 0, 2)); $G = hexdec(substr($HexColorString, 2, 2)); $B = hexdec(substr($HexColorString, 4, 2)); return ImageColorAllocate($img, $R, $G, $; } function colorHexshadow($img, $HexColorString, $mork) { $R = hexdec(substr($HexColorString, 0, 2)); $G = hexdec(substr($HexColorString, 2, 2)); $B = hexdec(substr($HexColorString, 4, 2)); if ($mork) { ($R > 99) ? $R -= 100 : $R = 0; ($G > 99) ? $G -= 100 : $G = 0; ($B > 99) ? $B -= 100 : $B = 0; } else { ($R < 220) ? $R += 35 : $R = 255; ($G < 220) ? $G += 35 : $G = 255; ($B < 220) ? $B += 35 : $B = 255; } return ImageColorAllocate($img, $R, $G, $; } function OutputImage($img) { header('Content-type: image/jpg'); ImageJPEG($img,NULL,100); } ?> -----chart.php-------- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[www.w3.org]; <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> <img src="[localhost]; </body> </html> I am call the piechart.php file from within the chart.php file. But when I try to view the file in the browser For IE is a cross mark in the img Whereas in Firefox its is just a blank page. I have GD library installed and using Windows XP and WAMP. Can any one help me on that.. Its urgent...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.