mattachoo

My brother works for a company as a graphic designer. A few years ago, I helped him out with the website by doing the PHP for it so he could add new information dynamically using PHP instead of uploading a new HTML file via FTP (The site gets updated almost every day). He got an email today from the host that a phishing site had been installed on the server. The page looked like a legit log-in screen for a bank, but it stole you information instead. He now needs to go back through and look at the code on the site to find the vulnerability that allowed this malicious user to place this malicious code on the site in the first place. Now I made this site a while ago, and didn't know anything about security much then and don't know too much about it now either. So my question to you guys is, what should I look for? Where might this vulnerability be? Would it be only when I submit forms, or when a form has someone upload information from their harddrive to the server? What might these people have been able to exploit? Keep in mind the malicious user was able to create a whole directory and upload these scripts to that directory. Any help pointing me in the right direction would be helpful. What to look for, how someone might do this, etc. Thanks for the help.

Ah ha! Ok, I'm getting somewhere. It was suggested to me that I put ini_set("display_errors", "1"); error_reporting(E_ALL); at the start of my code. Now I get two error messages when I run my script. Warning: Unknown: open(/var/php_sessions/sess_2a6b97f59f33efcf2366295b4e204ba5, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0 So what should I set the session.save_path to in the ini file? I am going to talk to customer support today. Hopefully they will be able to fix it.

I've worked with sessions before in PHP. All of a sudden, they stopped working. My webhost recently did this "migration" thing where they changed a bunch of stuff (like upgrading from PHP 4 to PHP 5, etc.). Now, sessions don't work at all. I tried a simple test to see if they worked, and guess what, they don't. Here is my example: <?php //first_page.php session_start(); print("<html><pre>"); $_SESSION["MyLogin"] = "FYICenter"; print("A value saved in the session named as MyLogin.\n"); $_SESSION["MyColor"] = "Blue"; print("A value saved in the session named as MyColor.\n"); print("Click <a href=next_page.php>Next Page</a>" ." to retrieve the values.\n"); print("</pre></html>\n"); ?> <?php //next_page.php session_start(); print("<html><pre>"); $myLogin = $_SESSION["MyLogin"]; print("Value of MyLogin has been retrieved: ".$myLogin."\n"); $myColor = $_SESSION["MyColor"]; print("Value of MyColor has been retrieved: ".$myColor."\n"); print('</pre><a href="first_page.php">Click here to go back</a></html>\n'); ?> When I run the script, here is what I get in return: Value of MyLogin has been retrieved: Value of MyColor has been retrieved: Click here to go back\n Absolutely nothing. So my question is, what could be preventing my sessions from working? Also, when I click on the next_page.php link, it transfers a ?PHPSESSID variable in the URL. Maybe this has something to do with the problem? I don't know. Any help will be appreciated. Thanks!

The problem was with the memory_limit value in the php.ini file. Once I increased it from 8M to 16M, the script worked fine.

Hello there! I have a problem here that is bugging the hell out of me and was wondering if anyone could give me some insight. I will try to explain my problem in the greatest amount of detail that I can. I have written a script for a client that allows him to "add new products" to his webpage. In this form, the user can select a hi-res picture of the product for upload. Upon upload, my script takes this image and makes two copies of the image; one of width 50px, and one of width 183px, for thumbnail purposes. The client contacted me for this project before owning webspace himself. So, while I was writing the code, I tested it on my own site. I finished writing all the code, and everything worked fine on my end. Now he has bought the webspace, and I have started transferring all the files over to his site so we can get this thing up and running. This is where the problem comes in. After I transferred the scripts and such over to his site, the image resizing script stopped working. I was able to traack down where my script was failing, and it happens when I try and invoke a imagecreatefromjpeg() function. I have tried contacting the tech support people for the website, but they have been useless to me. Here is the snippet of my code: <?php $shit = "http://www.theguyswebsite.com/images/products/"; // The file $filename = $_POST['fname']; $path_parts = pathinfo($filename); $imageWithExt = $path_parts['basename']; $extension = $path_parts['extension']; $imageWithoutExt = basename($imageWithExt, ".".$extension); //echo "with ".$imageWithExt." without ".$imageWithoutExt."<br>"; list($width2, $height2, $type2, $attr2) = getimagesize($filename); //echo "<h4>width ".$width2." height ".$height2." type ".$type2." attr ".$attr2."</h4>"; //do the second thumbnail $width_2 = 183; $num183 = 183/$width2; $height_2 = $height2*$num183; //working // Resample $image_p2 = imagecreatetruecolor($width_2, $height_2); //////////////////////////////////////////////////////// //CODE FAILS HERE!!! DAMNIT! $image4 = imagecreatefromjpeg($filename); //////////////////////////////////////////// imagecopyresampled($image_p2, $image4, 0, 0, 0, 0, $width_2, $height_2, $width2, $height2); // Output ob_start(); imagejpeg($image_p2, null, 100); $thefile2 = ob_get_contents(); ob_end_clean(); //the thumbnail name will be the //same, only it will have a "_thumb2" added to //the end of its filename $newname2 = $imageWithoutExt.'_thumb2'; $destination2 = 'images/products/'.$newname2.'.jpg'; if (!$handle2 = fopen($destination2, 'w')) { echo 'Cannot Open (' . $destination2 . ')'; } else { if (fwrite($handle2, $thefile2) === FALSE) { echo 'Cannot write to file (' . $destination2 . ')'; } else { echo 'Thumbnail 2 was sucessfully saved!'; } fclose($handle2); fclose($handle); } ?> I know my code is sloppy, and my variable names are a bit weird, but this code works I tell ya! Oh, and I switched out the real website name with theguyswebsite.com, so don't mind that. I know for a fact that this code works. The problem does not lie there. If this snippet won't work, that is because it is a snippet, and not the complete file. The problem doesn't lie with my code, is has to do with the web host. So, my question for you guys is, what could possible make the function imagecreatefromjpeg() fail? I have a hunch there is some funny business going on in my php.ini file that is causing this problem, but I haven't the slightest idea what it actually is. I also know this isn't a function that the web host blocks because my website, (the one where this code executes just fine and does what it is supposed to do), yeah, my website is hosted through the same company. If anyone has any information on this or could give me any insight to where to look to see where the problem in (by looking at the information by doing a phpinfo() maybe?) I would greatly appreciate it. I just can't figure this one out. Sorry for the long post, but I didn't want to leave anything out. Again, thank you very much in advance if you help me out! I almost forgot, I also got this error message one time: Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 5760 bytes) in /usr/local/psa/home/*******/addproduct.php on line 218" Thanks again! -Matt

Nevermind, I'm dumb. What was going in the text field was a huge XML file, and what would screw it up was if the user entered in a (") or a ('), then it would cut it off at the end. Whoops!

no, it timing out would not be a problem here. It takes I dont know, 4 seconds to run. And a max-upload_file is not doing it either. The file is less than 40 kb, and my max upload is I think 8 mb. Still any ideas? I think is happens somewhere in the POST section. Like even though the text area has 30,000 chars, the form can't hold that much data, and it only holds the max amount when it goes into the $_POST var. There should be an easier way to do this. Any help would be much appreciated.

Anyone?

Ok, I have a form where the user enters in a bunch of information in a text area box called 'xmldata' Then, when they submit the form, this is how I process it <?php $xmlString = stripslashes(urldecode($_POST['xmldata'])); if (is_null($xmlString)) { print "No data was sent"; } else { $md5 = md5($xmlString); $filename = "paintings/".$md5.".xml"; $file = fopen($filename, "w+") or die("codename=Cant open XML file"); if(!fwrite($file, $xmlString)){ print "Error writing to XML-file"; } else { require('connect.php'); .................. blahbittyblah ........................ ?> Now this code seems to do the trick for me with small amounts of data, but when the file gets too large, I dunno, I think around 25000 characters or something, it cuts it off. So if the file was 30,000 chars, now the .xml file is 25,000 chars. You can see how this can be frustrating. Any ideas guys? Thanks.

I have a link where when you click it, it unhides a div layer. Here's the code <html> <head> <script language="JavaScript"> <!-- function unhide( id ){ document.all[ id ].style.visibility = "visible"; } --> </script> </head> <body> <a href="javascript:unhide('menu1')">Contact</a> <div id="menu1" style="position:absolute; left:0px; top:125px; width:380px; height:85px; z-index:2; visibility:hidden"><embed src="contact.swf" width="380" height="85"></div> </body> </html> It works fine in firefox and IE, but it doesn't work in safari on macs. Any ideas why?

Yes, this is what I expect the problem to be.  However, I do not know how to change these values in the php.ini file.  More help please! **EDIT** My host doesn't allow for its members to access the ini file.  They would however change it for me.  The upload max file size is now 24mb.  Sweet.

Yeah, you are right, this is a really old code.  I changed it, and it doesn't do anything.  It can still upload small files, but not the big files.  More help please?

I have a simple form that is beings used to upload files.  As of now, it uploads small files just about fine.  Upload a small .gif file, no problem!  Unfortunately, I need it to upload mp3s.  Now, when I upload it, it loads the page for a long time, then eventually displays a blank white page.  And there is no mp3 in the directory when I check in my FTP program.  I think it is timing out on the file size or something.  Something with the php.ini file... I dont really know.  If anyone could help me out on this, it would save me tons of trouble.  THANKS! [code] <?php //upload.php ?> <html> <head> <title>Upload</title> </head> <body><br><br><br><br><br> <table cellpadding="5" cellspacing="1" width="450" align="center"> <tr><td class="large">Upload</td></tr> <!--this row holds everything--> <tr><td> <br><table width="250"><tr><td width="10" align="left"> <form action="doupload.php" method=post enctype="multipart/form-data"> <b>Pass:</b> </td> <td width="90%"><INPUT TYPE=password NAME=password MAXLENGTH=40s></td></tr></table> <br> <br> <table width="250" cellpading="5"> <tr><td class="border3" width="30" align="left"><b>The file:</b></td> <td width="70%"><INPUT TYPE="file" NAME="userfile"></td></tr></table><div align="left"><INPUT TYPE=SUBMIT NAME=post VALUE="Upload" ></form><br> </table></td></tr></table> </body> </html>[/code] doupload.php: [code]<?php //doupload.php $pass = $_POST['password']; $name = $_FILES['userfile']['name']; $size = $_FILES['userfile']['size']; $path = "/var/www/html/mp3s/"; $max_size = 20000000000000000000; $newdate = date("n-j-y"); if (md5($pass)=="7e04d3f879ff349cb8e5d87fe26627db") { if (!isset($_FILES['userfile'])) exit; if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { if ($_FILES['userfile']['size']>$max_size) { echo "The file is too big<br>\n"; exit; } //if (($_FILES['userfile']['type']=="audio/mpeg")) { if (file_exists($path . $_FILES['userfile']['name'])) { echo "The file already exists<br>\n"; exit; } $res = copy($_FILES['userfile']['tmp_name'], $path . $_FILES['userfile']['name']); if (!$res) { echo "upload failed!<br>\n"; exit; } else { echo "upload sucessful<br>\n"; } echo "File Name: ".$_FILES['userfile']['name']."<br>\n"; echo "File Size: ".$_FILES['userfile']['size']." bytes<br>\n"; echo "File Type: ".$_FILES['userfile']['type']."<br>\n"; echo '<a href="/newframeset1.php">Index</a>'; //} else { echo "Wrong file type<br>\n"; exit; } } } else { echo 'WRONG PASSWORD, IDIOT!'; exit; } ?>[/code]

If anyone knows, I would still appreciate it.  Thanks

Well, The script is simply in the root directory.  Here is the phpinfo, if that helps.  [table] [tr] [td]Directive[/td] [td]Local Value[/td] [td]Master Value[/td] [/tr] [tr] [td]safe_mode[/td] [td]On[/td] [td]Off[/td] [/tr] [tr] [td]safe_mode_exec_dir[/td] [td]no value[/td] [td]no value[/td] [/tr] [tr] [td]safe_mode_gid[/td] [td]Off[/td] [td]Off[/td] [/tr] [tr] [td]safe_mode_include_dir[/td] [td]no value[/td] [td]no value[/td] [/tr] [/table] I am using a class called 'ImageSnapshot' (snapshot.class.php), and the part in the class that uses fopen() is as follows: [code] <? function SaveImageAs($destination) { //Saves the image to the desination. Returns true if successful, or false with Err specifying the error. //example: $myimage->SaveImageAs("/docroot/images/newimage.jpg if ($this->ProcessImage()) { if (!$handle = fopen($destination, 'w')) { $this->Err = 'Cannot open file (' . $destination . ')'; return false; } else { if (fwrite($handle, $this->InternalImage) === FALSE) { $this->Err = 'Cannot write to file (' . $destination . ')'; return false; } else { return true; } fclose($handle); } } else { return false; } } ?> [/code] ProcessImage() does the storing part of the image here: [code] <? imagecopyresampled($new_photo, $tmp_image,0,0,$source_x,$source_y, $this->Width, $this->Height, $this->Width, $this->Height); ob_start(); imagejpeg($new_photo,null,$this->Compression); $this->InternalImage = ob_get_contents(); ob_end_clean(); ?>[/code] It stores the image in $this->InternalImage. If you need anything else, ask.  Otherwise if anyone knows why it won't let me do this, PLEASE LET ME KNOW!  Thanks!