ThePhoenixRising Posted September 25, 2011 Share Posted September 25, 2011 A friend told me vaguely that there is a possible insecurity with a RFI, in my dynamic image, that reads a players stats off of a seprate web page, parses it, and prints it on the image: <?php Header ('Content-type: image/jpeg'); Header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); Header('Expires: Thu, 19 Nov 1981 08:52:00 GMT'); Header('Pragma: no-cache'); // get CMID variable from the url $cmid = htmlentities($_GET['cmid']); if ($cmid < 100000 or $cmid > 999999); $cmid = 563853; elseif ($cmid > 100000 and $cmid < 999999); $cmid = $cmid; else $cmid = 563853; // create the image using your own background $image = imagecreatefromjpeg("background.jpg"); // dimensions of the image used $img_width = 600; $img_height = 9; // set the colours $cool = imagecolorallocate($image, 81, 86, 96); $black = imagecolorallocate($image, 0, 0, 0); $white = imagecolorallocate($image, 255, 255, 255); $red = imagecolorallocate($image, 255, 0, 0); $grey = imagecolorallocate($image, 204, 204, 204); $green = imagecolorallocate($image, 206, 129, 18); $blue = imagecolorallocate($image, 0, 0, 255); $yellow = imagecolorallocate($image, 225, 225, 0); $statcolor = $yellow; // set the font and print text $font = 'Verdana.ttf'; /* // counter - CHMOD your counter file to 777 $viewss = file("views.txt"); $views = $viewss[0]; $views++; $fp = fopen("views.txt", "w"); fwrite($fp, $views); fclose($fp); $counter = "$views"; // View Output imagettftext($image, 7, 0, 16, 117, $yellow, $font, "Views:$counter"); */ // Attempt to make web content grabber. function get_url_contents($url){ $crl = curl_init(); $timeout = 5; curl_setopt ($crl, CURLOPT_URL,$url); curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout); $ret = curl_exec($crl); curl_close($crl); return $ret; } // Web content grabber execution. $returned_content = get_url_contents("http://uberstrike.cmune.com/Profile?cmid=$cmid"); // Parsing the returned content for Global Rank. $clanstart = strpos($returned_content, 'Clan:'); $clanend = strpos($returned_content, '</h2>', $clanstart); $clanunref = substr($returned_content, $clanstart, $clanend); $clanrefstart = strpos($clanunref, '['); $clanrefend = strpos($clanunref, ']', $clanrefstart); $clan = substr($clanunref, $clanrefstart, $clanrefend); $clan = html_entity_decode(strip_tags($clan)); // Stripping the parsed Global Rank of HTML. $clan = html_entity_decode(strip_tags($clan)); // Filtering Clan to only show the value number, not text or formatting in between. $clan = str_replace ("C", "", $clan); $clan = str_replace ("l", "", $clan); $clan = str_replace ("a", "", $clan); $clan = str_replace ("n", "", $clan); $clan = str_replace (":", "", $clan); $clan = str_replace (" ", "", $clan); // Parsing the returned content for Name. $namestart = strpos($returned_content, '<span style="color: #FEC42C; font-size: 20px; font-weight: bold;">'); $nameend = strpos($returned_content, '</span>', $namestart); $name = substr($returned_content, $namestart, $nameend-$namestart); // Stripping the parsed Name of HTML elements. $name = html_entity_decode(strip_tags($name)); // Clan and name output. imagettftext($image, 7, 0, 50, 7, $yellow, $font, "$clan" . "$name"); // Parsing the returned content for Global Rank. $rankstart = strpos($returned_content, '<h2 style="font-size:14px; font-weight:bold; text-indent:0px; margin-left:25px;">'); $rankend = strpos($returned_content, '<br />', $rankstart); $rank = substr($returned_content, $rankstart, $rankend-$rankstart); // Stripping the parsed Global Rank of HTML. $rank = html_entity_decode(strip_tags($rank)); // Filtering Rank to only show the value number, not text or formatting in between. $rank = str_replace ("G", "", $rank); $rank = str_replace ("l", "", $rank); $rank = str_replace ("o", "", $rank); $rank = str_replace ("b", "", $rank); $rank = str_replace ("a", "", $rank); $rank = str_replace ("R", "", $rank); $rank = str_replace ("n", "", $rank); $rank = str_replace ("k", "", $rank); $rank = str_replace (":", "", $rank); $rank = str_replace (" ", "", $rank); // Rank Output. imagettftext($image, 7, 0, 230, 7, $yellow, $font, "$rank"); $killstart = strpos($returned_content, '<h3 style="color: #FEC42C;">All time record</h3>'); $killend = strpos($returned_content, '</tr>', $killstart); $kill = substr($returned_content, $killstart, $killend-$killstart); // Stripping the parsed kill of HTML. $kill = html_entity_decode(strip_tags($kill)); // Filtering kill to only show the value number, not text or formatting in between. $kill = str_replace ("K", "", $kill); $kill = str_replace ("i", "", $kill); $kill = str_replace ("l", "", $kill); $kill = str_replace ("A", "", $kill); $kill = str_replace ("t", "", $kill); $kill = str_replace ("m", "", $kill); $kill = str_replace ("e", "", $kill); $kill = str_replace ("r", "", $kill); $kill = str_replace ("o", "", $kill); $kill = str_replace ("d", "", $kill); $kill = str_replace ("c", "", $kill); $kill = str_replace ("s", "", $kill); $kill = str_replace (" ", "", $kill); $kill = trim($kill); // Cannon Stats output. imagettftext($image, 7, 0, 410, 7, $yellow, $font, $kill); // Parsing the returned content for KDR. $KDRstart = strpos($returned_content, '<span title="Kill Death Ratio">KDR</span>'); $KDRend = strpos($returned_content, '</tr>', $KDRstart); $KDR = substr($returned_content, $KDRstart, $KDRend-$KDRstart); // Stripping the parsed KDR of HTML. $KDR = html_entity_decode(strip_tags($KDR)); // Filtering KDR to only show the value number, not text or formatting in between. $KDR = str_replace ("K", "", $KDR); $KDR = str_replace ("D", "", $KDR); $KDR = str_replace ("R", "", $KDR); $KDR = str_replace (" ", "", $KDR); $KDR = trim($KDR); // KDR Output. imagettftext($image, 7, 0, 323, 7, $yellow, $font, "$KDR"); // IP Logger $logfile= 'iplog.html'; $IPlog = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://www.ip2location.com/demo.aspx?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'</a>'; $fplog = fopen($logfile, "a"); fwrite($fplog, $logdetails); fwrite($fplog, "<br>"); fclose($fplog); // output and destroy imagepng($image); imagedestroy($image); ?> Link to comment https://forums.phpfreaks.com/topic/247853-possible-rfi-issue/ Share on other sites More sharing options...
LiquidFusi0n Posted September 25, 2011 Share Posted September 25, 2011 My suggestion would be to run the script and try the RFI yourself. Make sure to test thoroughly. --LiquidFusi0n Link to comment https://forums.phpfreaks.com/topic/247853-possible-rfi-issue/#findComment-1272689 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.