zackcez Posted June 19, 2008 Share Posted June 19, 2008 Well, this is my script: <? $bd_host = ""; // Database host $bd_usuario = ""; // Database username $bd_password = ""; // Database password $bd_base = ""; // Database name $con = mysql_connect($bd_host, $bd_usuario, $bd_password); mysql_select_db($bd_base, $con); $user = $_GET['user']; $sql = "SELECT * FROM users WHERE playerName='$user'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $attack = $row["Attacklvl"]; $def = $row["Defencelvl"]; $str = $row["Strengthlvl"]; $hp = $row["Hitpointslvl"]; $range = $row["Rangelvl"]; $prayer = $row["Prayerlvl"]; $mage = $row["Magiclvl"]; $cook = $row["Cookinglvl"]; $fletching = $row["Fletchinglvl"]; $fish = $row["Fishinglvl"]; $fm = $row["Firemakinglvl"]; $crafting = $row["Craftinglvl"]; $smithing = $row["Smithinglvl"]; $mining = $row["Mininglvl"]; $herblore = $row["Herblorelvl"]; $agility = $row["Agilitylvl"]; $thieving = $row["Thievinglvl"]; $slayer = $row["Slayerlvl"]; $farming = $row["Farminglvl"]; $rc = $row["Runecraftlvl"]; $wc = $row["Woodcuttinglvl"]; $rights = $row["playerRights"]; $need = 2079; $left = $need - ($row[Attacklvl] + $row[Defencelvl] + $row[Woodcuttinglvl] + $row[strengthlvl] + $row[Hitpointslvl] + $row[Rangelvl] + $row[Prayerlvl] + $row[Magiclvl] + $row[Cookinglvl] + $row[Fletchinglvl] + $row[Fishinglvl] + $row[Firemakinglvl] + $row[Craftinglvl] + $row[smithinglvl] + $row[Mininglvl] + $row[Herblorelvl] + $row[Agilitylvl] + $row[Thievinglvl] + $row[slayerlvl] + $row[Farminglvl] + $row[Runecraftlvl]); $total = $row[Attacklvl] + $row[Defencelvl] + $row[Woodcuttinglvl] + $row[strengthlvl] + $row[Hitpointslvl] + $row[Rangelvl] + $row[Prayerlvl] + $row[Magiclvl] + $row[Cookinglvl] + $row[Fletchinglvl] + $row[Fishinglvl] + $row[Firemakinglvl] + $row[Craftinglvl] + $row[smithinglvl] + $row[Mininglvl] + $row[Herblorelvl] + $row[Agilitylvl] + $row[Thievinglvl] + $row[slayerlvl] + $row[Farminglvl] + $row[Runecraftlvl]; $totalxp = $row[Attackxp] + $row[Woodcuttingxp] + $row[Defencexp] + $row[strengthxp] + $row[Hitpointsxp] + $row[Rangexp] + $row[Prayerxp] + $row[Magicxp] + $row[Cookingxp] + $row[Fletchingxp] + $row[Fishingxp] + $row[Firemakingxp] + $row[Craftingxp] + $row[smithingxp] + $row[Miningxp] + $row[Herblorexp] + $row[Agilityxp] + $row[Thievingxp] + $row[slayerxp] + $row[Farmingxp] + $row[Runecraftxp]; mysql_close($con); header('Content-type: image/png'); $img = imagecreatefrompng('sigbackground.png'); $black = imagecolorallocate($img, 0, 0, 0); $width = imagesx($img); $height = imagesy($img); imagestring($img, 1, 10, 5, "Attack: $attack", $black); imagestring($img, 1, 10, 17, "Defence: $def", $black); imagestring($img, 1, 10, 29, "Strength: $str", $black); imagestring($img, 1, 10, 41, "Hitpoints: $hp", $black); imagestring($img, 1, 10, 53, "Range: $range", $black); imagestring($img, 1, 10, 65, "Prayer: $prayer", $black); imagestring($img, 1, 10, 77, "Magic: $mage", $black); imagestring($img, 1, 10, 89, "Cooking: $cook", $black); imagestring($img, 1, 10, 101, "Woodcutting: $wc", $black); imagestring($img, 1, 10, 113, "Fletching: $fletching", $black); imagestring($img, 1, 10, 125, "Fishing: $fish", $black); imagestring($img, 1, 10, 137, "Firemaking: $fm", $black); imagestring($img, 1, 110, 5, "Mining: $mining", $black); imagestring($img, 1, 110, 17, "Herblore: $herblore", $black); imagestring($img, 1, 110, 29, "Agility: $agility", $black); imagestring($img, 1, 110, 41, "Thieving: $thieving", $black); imagestring($img, 1, 110, 53, "Slayer: $slayer", $black); imagestring($img, 1, 110, 65, "Farming: $farming", $black); imagestring($img, 1, 110, 77, "Runecraft: $rc", $black); //s row imagestring($img, 7, 230, 3, "Server Name", $black); imagestring($img, 2, 230, 18, "Username: $user", $white); if ($rights == 3) { imagestring($img, 2, 230, 30, "Rank: Owner", $white); } else if ($rights == 2) { imagestring($img, 2, 230, 30, "Rank: Administrator", $white); } else if ($rights == 1) { imagestring($img, 2, 230, 30, "Rank: Moderator", $white); } else { imagestring($img, 2, 230, 30, "Rank: Player", $white); } imagestring($img, 2, 230, 42, "Total Level: $total", $white); imagestring($img, 2, 230, 54, "Total Xp: $totalxp", $white); if ($total == 1980) { imagestring($img, 2, 230, 66, "You're Maxed Out!", $white); } else { imagestring($img, 2, 230, 66, "$left Lvls To Max!", $white); } imagepng($img); imagedestroy($img); ?> This is the output: http://pantheongaming.net/negativeone/demos/sigs/sig.php?user= I'd really appreciate it if the database didn't get "owned" lol. Just please tell me what exactly I can do to make it secure Link to comment https://forums.phpfreaks.com/topic/110877-known-volnerable/ Share on other sites More sharing options...
0perator Posted June 19, 2008 Share Posted June 19, 2008 omg runescape for the epic lose. anyway, here goes. $user = str_replace("select", "", str_replace("union", "", mysql_real_escape_string($_GET['user']))); that should make it safe for use i know that is uber long and tedious, but better than gettin haxx0red, amirite? Link to comment https://forums.phpfreaks.com/topic/110877-known-volnerable/#findComment-568901 Share on other sites More sharing options...
zackcez Posted June 19, 2008 Author Share Posted June 19, 2008 Not RuneScape, private servers Link to comment https://forums.phpfreaks.com/topic/110877-known-volnerable/#findComment-568907 Share on other sites More sharing options...
phpSensei Posted June 22, 2008 Share Posted June 22, 2008 Honestly, I have never played runescape once because it seems like a big waste of time. get Xbox or Ps3... gawd/ to make this post helpful: not all functions are supported on all servers with <? tags Link to comment https://forums.phpfreaks.com/topic/110877-known-volnerable/#findComment-571337 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.