scuarplex

Hey, i was reading some code and i find this: if(stristr($_SESSION["s"]["user"]["asdasd"]),$someString) How the double/triple [] in $_SESSION works ? PS: I tryied to google it but it was kinda hard to search :X Thanks.

It didn't work either Now the request are exactly the same as the browser request but i still got 400 on my script. I don't know wtf is going on. Anyone could do a simple socket connection script with google to see if anyone can make it? PS: sorry i didn't answer earlier, and thanks btherl for all your help

Solved, i just had to use $_GET instead of $_POST >.<

Hi, in a include i put this: include.php function printIndex() { print ' ... <a href="mypage.php?add=1"><p class="auto-style2"><img alt="" align="middle" height="43" src="images/add.png" width="200"></a></p> <a href="mypage.php?remove=1"><p class="auto-style2"><img alt="" align="middle" height="33" src="images/remove.png" width="340"></a></p> ... '; } And in mypage.php i got: <?php session_start(); include 'include.php'; if(isset($_SESSION["h_user"])) { if(!isset($_POST["remove"]) && !isset($_POST["add"])) {printIndex();} } ?> My problem is that when i click on "mypage.php?add=1" it still uses the function printIndex(), so it's not sending the POST params. ¿What do i have to do to send the params by URL?

Aaa ok, thanks for the tip Oops, i missed that one. I just tried with the \r\n at the end of the line but i'm still getting 400. I just changed the headers to Get,Host,and jump line like you said but i still got squat. The only strange thing that i notice was when i change the protocol with this headers to HTTP/1.0. I still got the 400 error but this time i got the google Bad request web source instead of a php error. I'll attach the expanded capture, but it's a bit tedious. One more thing: I checked the packet when i was sending the GET trough google website and the headers are exactly the same that i write the second time (with the \r\n near Accept-Language ) (I'm using wamp and i aready make sure that the extension is enable on every php.ini there is on my computer). Greets [attachment deleted by admin]

One more thing, update your phpBB3 forum! It's pretty old, and there's already a few XSS in the wild that affects it.

This looks like an automated attack of some russian spammer. Check your apache logs in the time that your files were modified and you'll know exactly how they do it. Also check your upload folder to see if you find any strange file. Uploaders can be bypassed depending on how you code it.

Hi mate, i've been trying to connect to www.google.com on port 80 to keep it simple for now, and i do what you've told me and i've found that i'm getting "400 Bad Request" as response. Also, look this picture: http://s2.postimage.org/n5vk1quoy/bacdchk.jpg As you can notice there's some kind of bad checksum error from my ip to google's IP, maybe that it's provoking the bad request? In the attachment is the capture between my pc and google, and this is the code: function googlear($search,$filtro,$safe) { $search = str_replace(" ","+",$search); //Abrimos el socket $socket = fsockopen( "64.233.163.104", 80, $errno,$errdesc,30); if (!$socket) {print "$errstr ($errno)<br/>\n";die;}; $busqueda = "/search?q=".$search; if($safe = true) { $busqueda = $busqueda . "&safe=active"; } if($filtro != true) { $busqueda = $busqueda . "&filter=0"; } $request = "GET $busqueda HTTP/1.1\r\n"; $request .= "Host: www.google.com/\r\n"; $request .= "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1\r\n"; $request .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; $request .= "Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3"; $request .= "Accept-Encoding: gzip, deflate\r\n"; $request .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"; $request .= "Keep-Alive: 115\r\n"; $request .= "DNT: 1\r\n"; $request .= "Connection: keep-alive\r\n\r\n"; $get = array(); fputs($socket, $request); //stream_set_blocking($socket, 0); while(!feof($socket)) { $get[] = fgets($socket, 1024); } //Cerramos fclose($socket); return count($get); } Greets, and thanks for your answers [attachment deleted by admin]

Check your apache log. Are you using any kind of premade CMS or something like that?

btherl: I did what you told me, and i put the "/" in search and i got exactly the same headers but still i'm getting: "Fatal error: Maximum execution time of 30 seconds exceeded in ..." I've been using wireshark (a sniffer) while i was using this function to see if i was connecting, and this is what i get: It seems like the socket it's connecting, but i still got that error... PS: changed the socket to run on ssl with ssl://encrypted.google.com and 443 as port from the original.

My bad it wasn't solved, but i think i have discovered the problem, it's just that i don't know how to solve it. I think that my problem is that my script is running on windows and the google server it's not. So the end of the line/file will be different and it won't be recognized. Anyone know how to solve this?

It was that, thanks!

Hi, i'm developing an app in wampp, i'm usually use cUrl but this time i wanted to try sockets for a change and more portability. I have followed the basic socket structure but i can't connect. So this is my code: function googlear($search,$filtro,$safe) { //Abrimos el socket $socket = fsockopen( "www.google.com", 80, $errno,$errdesc); if (!$socket) {print "$errstr ($errno)<br/>\n";die;}; $busqueda = "search?q=".$search."&num=100";//Solo me va a tirar 100 resultados por ahora, para ir pasando de pagina arranco de start=0 y voy sumando de a 100 para pasar de pagina. if($safe = true) { $busqueda = $busqueda . "&safe=active"; } if($filtro != true) { $busqueda = $busqueda . "&filter=0"; } $request = "GET $busqueda HTTP/1.1\r\n"; $request .= "Host: www.google.com\r\n"; $request .= "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1\r\n"; $request .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; $request .= "Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3"; $request .= "Accept-Encoding: gzip, deflate\r\n"; $request .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"; $request .= "Connection: keep-alive\r\n"; //Mando las cabeceras con el socket como resource fputs($socket, $request); while(!feof($socket)) { $busqueda[] = fgets($socket, 1024); } //Cerramos fclose($socket); return count($busqueda); } As you can see i'm doing a GET and waiting for the count of lines of the array as result (just to test), but i'm getting "Fatal error: Maximum execution time of 30 seconds exceeded in [...]". It can't take that long to make a GET Request... Any clues?

Hi, im posting here because i'm not sure what function should i use or how to do it. My idea is to search strings such as: ',",%27,SELECT,INSERT,script, and a few other dangerous inputs. If i find any of these in a string then i return true to do a few other things. I'm aware of mysql_real_escape_string, but i don't want to just filter the input. I also been checking out functions such as strstr, but the needle takes only one string to find. Are you guys aware of any functions that i can use to search a few words from one input string? Otherwise i'll just use strstr with a while or something like that. Thanks in advance. (Sorry if this topic don't belong here, i'm not sure.)

Hello, i've been coding a CLI php mailer which i'm using with a webshell. My problem shows up when i execute my mailer, the hole server crash or in the best case scenario it slows down a lot. In the same folder that my script was executing a huge error log appears with this error repeated: I'm not getting why this happens since i just use normal functions like mail(), fread(), etc. I'm not using any sql function or anything like that. Any clues? Another non related thing i wanted to ask was: Is it possible to make an "interactive" cli script? I mean using a similar function like getc() in C or something.

Awesome, that was exactly what i was looking for Thanks.

Mmm in the link that you provide me i only can find references about how to use most of the built in php functions and how to make my own, but what i'm looking for it's how built-in functions were coded, not how to use them. Thanks for the help tho.

Hello, Where can i find the source of the pre made php functions? Greets, Scuar.

Actually i think i need file and the pattern, file() will do the array with the line and with the \n at the end right? Edit: solved with a flag called: "FILE_IGNORE_NEW_LINES". Sorry

Solved, thanks Still, if anyone know how to make a pattern for a jump line, post it please.

Hello, i need to use several ips for an applications and my idea it's to convert them from a text file, to a string and then to an array. My txt would be something like this: So now i have the string, and i was thinking to use preg_split() to convert it into an array. My problem is that patterns are a total mystery to me and i have no clue how to make one. I would basically would need a pattern to split the string on every /n

Aaa thanks mate, the problem was infact within '<b>Somecode:</b> '. The string contained a "ó", which it seems to be the one causing the problem, i just replaced the exploded string for a smaller string to explode an worked perfectly. Solved!

Output: " Notice: Undefined variable: i in C:\wamp\www\[...] on line 42 Array ( [] => Array ( [0] => " And the html code. Oh i forgot to say something about this, my original code works perfectly fine on CLI. Thanks for your response

Hello mates, i've been googling about my problem but i couldn't fix it. Code: ###################################### $web = file_get_contents($tmpUrl); $explodedWeb = explode("<b>Somecode:</b> ",$web); print $explodedWeb [1]; ###################################### I'm just printing it for testing purposes, and the $web var works fine(since tried printing the hole source). Error: "Notice: Undefined offset: 1 in ..." I tried to create an empty array in explodedWeb ("$explodedWeb[]") but didn't work either. Greets.