What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » Scripting » Pack the script

Pack the script
Author: Message:
mickael9
Full Member
***


Posts: 117
Reputation: 3
33 / Male / Flag
Joined: Jul 2005
RE: RE: Pack the script
quote:
Originally posted by SnuZZer
Hi.
Ofcurse PHP!!
Thanks!!

I changed the script a bit:
code:
<?
$script = $_GET[script];
$tjek = $script.".plsc";

if (file_exists($tjek)) {

header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $script . '.plsc"');
readfile("$script.plsc");

} else {
echo "$tjek blev ikke fundet på serveren.";
}
?>

Bad idea !
code:
<?
$script = $_GET[script]; // no! php search for the 'script' constant
$tjek = $script.".plsc"; // "$script.plsc" is more simple ...

if (file_exists($tjek)) { // and if I insert ../[...] , /home/[...],  C:\[...], http://[...], ftp://[...] ; file_exists will accept a folder too

header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $script . '.plsc"');
readfile("$script.plsc");

} else {
echo "$tjek blev ikke fundet på serveren."; // XSS vulnerability, $tjek = <script>alert("Cookies: " + document.cookie);</script>
}
?>

@Ezra : yes, but if you don't put the Content-Disposition header, you will get a download.php file :p

Edit : a more clean code :
code:
<?php

$script = (get_magic_quotes_gpc() ? stripslashes($_GET['script']) : $_GET['script']);
$scriptfn= "$script.plsc";

$error = 0;

if (empty($script))
    $error = 1;

else if (preg_match('#[/\\\\."]#', $script))
    $error = 2;

else if (!is_file($scriptfn))
   $error = 3;

if ($error === 0)
{
    header("Content-Type: application/x-plsc");
    header('Content-Disposition: attachment; filename="' . $scriptfn . '"');

    readfile($scriptfn);
}
else
{
    $scriptfn = htmlentities($scriptfn);
   
    switch ($error)
    {
        case 1:
            echo "File is empty !";
            break;
        case 2:
            echo "Illegal characters in file : $scriptfn";
            break;
        case 3:
            echo "File not found : $scriptfn";
            break;
    }
}

?>


Just change the error messages ...

This post was edited on 08-20-2006 at 03:39 PM by mickael9.
08-20-2006 03:10 PM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Pack the script - by SnuZZer on 08-19-2006 at 05:48 PM
RE: Pack the script - by Silentdragon on 08-19-2006 at 05:57 PM
RE: Pack the script - by SnuZZer on 08-19-2006 at 05:58 PM
RE: Pack the script - by Silentdragon on 08-19-2006 at 06:03 PM
RE: Pack the script - by haydos on 08-19-2006 at 06:03 PM
RE: Pack the script - by Dempsey on 08-19-2006 at 06:18 PM
RE: Pack the script - by SnuZZer on 08-19-2006 at 07:02 PM
RE: Pack the script - by Silentdragon on 08-19-2006 at 07:09 PM
RE: Pack the script - by CookieRevised on 08-19-2006 at 08:16 PM
RE: Pack the script - by SnuZZer on 08-19-2006 at 09:38 PM
RE: Pack the script - by Silentdragon on 08-19-2006 at 09:41 PM
RE: Pack the script - by Ezra on 08-19-2006 at 09:46 PM
RE: Pack the script - by SnuZZer on 08-19-2006 at 10:01 PM
RE: Pack the script - by Ezra on 08-19-2006 at 10:14 PM
RE: Pack the script - by SnuZZer on 08-19-2006 at 10:18 PM
RE: Pack the script - by Ezra on 08-19-2006 at 10:24 PM
RE: Pack the script - by Supersonicdarky on 08-19-2006 at 11:03 PM
RE: Pack the script - by SnuZZer on 08-20-2006 at 07:37 AM
RE: Pack the script - by alexp2_ad on 08-20-2006 at 10:30 AM
RE: RE: Pack the script - by mickael9 on 08-20-2006 at 11:42 AM
RE: Pack the script - by SnuZZer on 08-20-2006 at 01:56 PM
RE: Pack the script - by Menthix on 08-20-2006 at 02:06 PM
RE: Pack the script - by Ezra on 08-20-2006 at 02:15 PM
RE: RE: Pack the script - by mickael9 on 08-20-2006 at 03:10 PM
RE: Pack the script - by Ezra on 08-20-2006 at 03:23 PM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On