Dobrý deň,
ja mám vps, kde som si nahodil administráciu samp serverov, a chcel by som vás poprosiť, že či by ste mi nemohly napísať, že kde je chyba a že čo mám spraviť aby sa nedala hacknúť administrácia samp serverov.
Chyba je v jednom súbore fs.php , cezeň sa dajú mazať súbory ostatných
serverov pomocou url sf.php?samp=slozka/sf&dir=nazov_zlozky/../../../
Tu je ten súbor sf.php :
Kód:
<?php
require_once('auth.php');
require_once('incfs.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>SA:MP Admin Panel v1.0</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<link href="styles.css" rel="stylesheet" type="text/css" />
<link href="banstyle.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><table border="" cellpadding="4" width='70%'>
<table class="bans" width='70%'>
<tr class="header"><td><center><h1>Admin Panel SA:MP Servera ( <?php echo $_SESSION['SESS_FIRST_NAME'];?> ) PORT: ( <?php echo $_SESSION['JEHOPORT'];?> )</h1></center></td></tr>
</td></tr></table>
<center><table border="" cellpadding="4" width='70%'>
<table class="bans" width='70%'>
<tr class="header"><td><center><img src='headertojo.jpg'/></center></td></tr>
</td></tr></table>
<?
require_once('hostingmenu.php');
?>
<center><table border="" cellpadding="4" width='70%'>
<center><table class="bans" width='70%'>
<center><tr class="header">
<form method="post" enctype="multipart/form-data"><td>NahraĹĄ Filterscript</td><th><input type="file" name="fupload" size="30"></th><td><input type="submit" value="NahraĹĄ">
</td></tr>
</td></tr></table> </center>
<?php
if(isset($_FILES['fupload'])) {
if(!strstr($_FILES['fupload']['name'], 'php') && !strstr($_FILES['fupload']['name'], 'phtml')) {
$dir = "/06a8647723d4d285aefdb02ed285220b/".$_SESSION["JEHOPORT"]."/filterscripts";
$cil = $dir . "/" .$_FILES['fupload']['name'];
$name = $_FILES['fupload']['tmp_name'];
$copy = move_uploaded_file($name, $cil);
chmod ($cil, 0777);
if($copy == true){
print("Soubor ".$_FILES['fupload']['name']." bol nahratĂ˝ na server");
}else{
print("Nastala chyba");
}
} else {
print("Neplatný názov / Formát");
}}
?>
<table width="100%">
<?php
$adresar = opendir("/06a8647723d4d285aefdb02ed285220b/" .$_SESSION["JEHOPORT"]. "/filterscripts");
while ($soubor = readdir($adresar)):
if ($soubor == "." || $soubor == "..") continue;
AddFiletableItem("/06a8647723d4d285aefdb02ed285220b/" .$_SESSION["JEHOPORT"]. "/filterscripts/". $soubor, $soubor, 0, 1, 1);
endwhile;
closedir($adresar);
?>
</table>
<?
require_once('dolnalista.php');
?>
tu je auth.php :
Kód:
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: access-denied.php");
exit();
}
?>
Tu je incfs.php :
Kód:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>SA:MP Admin Panel v1.0</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<link href="styles.css" rel="stylesheet" type="text/css" />
<link href="banstyle.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
error_reporting(E_ERROR);
function AddFiletableItem($file, $filename, $edit, $download, $delete) {
echo "<tr>";
$omfg=fs;
$pripona=substr($filename,-3);
if(!is_dir($file)) if($pripona == 'sav' || $pripona == 'ser' || $pripona == 'cfg' || $pripona == 'amx' || $pripona == 'pwn') {} else { $pripona="unknow";} else $pripona='folder';
echo "<th><center></td>";
if(substr($file, 11, 2) == 'fi') $type='fs'; else if(substr($file, 11, 2) == 'ga') $type='gm'; else if(substr($file, 11, 2) == 'sc') $type='sf'; else $type = 'pl';
if($filename == "") {
echo "<th><a href='index.php?samp=slozka/sf&dir=".substr($_GET["dir"], 0, strpos($_GET["dir"], "/"))."'><b>O úroveŠvýše</b></a></th><th> </th><th> </th><th> </th>";
} else {
echo "<center><table border='' cellpadding='4' width='70%'>";
echo "<table class='bans' width='70%'> <th> " .$filename. "";
echo "<tr class='header'><td><a href='fsdel.php?samp=slozka/fdel&file=".$filename. "&type=".$omfg."'><img src='icon/delete.png' border'0'/></a><center>";
echo "</center></td></tr></td></tr></table>";
if(is_dir($file)) {
if($_GET["dir"] == "") echo " ";
else echo " ";
if($delete == '1') echo " ";
} else {
if($spec_dir=='') {
if($edit == '1') echo " ";
if($download == '1') echo " ";
if($delete == '1') echo " ";
} else {
if($edit == '1') echo " ";
if($download == '1') echo " ";
if($delete == '1') echo "";
}
}
}
echo "</tr>";
}
function Warningok($text) {
echo "<center><table border='' cellpadding='4' width='70%'><center><table class='bans' width='70%'><center><tr class='header'><td><img src='icon/ok.png' width'10%' height'40'> <b style='color: #008800;'>".$text."</b></td></tr></td></tr></table></center>";
}
function AddMinitableItem($th, $td) {
echo "<tr><th class='tab1' width='50%'>" .$th. ":</th><td class='tab2'>".$td."</td></tr>";
}
function Warning($text) {
echo "<table><tr><td><img src='icon/alert.png'> <b style='color: #008800;'>".$text."</b></td></tr></table>";
}
function OpravPrava($port) {
chmodDirectory("/svrs/" ,0);
chmodDirectory("/svrs/".$port."/" ,0);
chmod("/svrs/".$port."/samp022svr".$port, 0777);
chmod("/svrs/".$port."/announce", 0777);
chmod("/svrs/".$port."/server.cfg", 0777);
chmod("/svrs/".$port."/nahazovac".$port.".pl", 0777);
chmodDirectory("/svrs/".$port."/scriptfiles/" ,0);
chmodDirectory("/svrs/".$port."/filterscripts/" ,0);
chmodDirectory("/svrs/".$port."/gamemodes/" ,0);
$adresar = opendir("/svrs/" .$port. "/filterscripts");
while ($soubor = readdir($adresar)):
if ($soubor == "." || $soubor == "..") continue;
chmod($soubor, 0777);
endwhile;
closedir($adresar);
$adresar = opendir("/svrs/" .$port. "/gamemodes");
while ($soubor = readdir($adresar)):
if ($soubor == "." || $soubor == "..") continue;
chmod($soubor, 0777);
endwhile;
closedir($adresar);
$adresar = opendir("/svrs/" .$port. "/scriptfiles");
while ($soubor = readdir($adresar)):
if ($soubor == "." || $soubor == "..") continue;
chmod($soubor, 0777);
endwhile;
closedir($adresar);
return 1;
}
function dircopy($srcdir, $dstdir, $offset, $verbose = false) {
// Origional by SkyEye. Remake by AngelKiha.
if(!isset($offset)) $offset=0;
$num = 0;
$fail = 0;
$sizetotal = 0;
$fifail = '';
if(!is_dir($dstdir)) mkdir($dstdir);
if($curdir = opendir($srcdir)) {
while($file = readdir($curdir)) {
if($file != '.' && $file != '..') {
$srcfile = $srcdir . '\\' . $file;
$dstfile = $dstdir . '\\' . $file;
if(is_file($srcfile)) {
if(is_file($dstfile)) $ow = filemtime($srcfile) - filemtime($dstfile); else $ow = 1;
if($ow > 0) {
//if($verbose) echo "Copying '$srcfile' to '$dstfile'...";
if(copy($srcfile, $dstfile)) {
touch($dstfile, filemtime($srcfile)); $num++;
$sizetotal = ($sizetotal + filesize($dstfile));
if($verbose) echo "OK\n";
}
else {
echo "Error: File '$srcfile'!\n";
$fail++;
$fifail = $fifail.$srcfile."|";
}
}
}
else if(is_dir($srcfile)) {
$res = explode(",",$ret);
$ret = dircopy($srcfile, $dstfile, $verbose);
$mod = explode(",",$ret);
$imp = array($res[0] + $mod[0],$mod[1] + $res[1],$mod[2] + $res[2],$mod[3].$res[3]);
$ret = implode(",",$imp);
}
}
}
closedir($curdir);
}
$red = explode(",",$ret);
$ret = ($num + $red[0]).",".(($fail-$offset) + $red[1]).",".($sizetotal + $red[2]).",".$fifail.$red[3];
return $ret;
}
function chmodDirectory( $path = '.', $level = 0 ){ //by bjw.co.nz
$ignore = array( 'cgi-bin', '.', '..' );
$dh = @opendir( $path );
while( false !== ( $file = readdir( $dh ) ) ){ // Loop through the directory
if( !in_array( $file, $ignore ) ){
if( is_dir( "$path/$file" ) ){
chmod("$path/$file",0777);
chmodDirectory( "$path/$file", ($level+1));
} else {
chmod("$path/$file",0777); // desired permission settings
}//elseif
}//if in array
}//while
closedir( $dh );
}//function
function NebezpecnaCesta($cesta)
{
if(substr($cesta, 0, 1) == '.' or substr($cesta, 0, 1) == '/' or substr($cesta, 0, 5) == 'http:' or substr($cesta, 0, 4) == 'ftp:') return 1; else return 0;
}
function control_email($email)
{
$nick = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]'; // znaky tvoĹ™ĂcĂ uĹľivatelskĂ© jmĂ©no
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // jedna komponenta domény
return eregi("^$nick+(\\.$nick+)*@($domain?\\.)+$domain\$", $email);
}
$_SESSION["crazytable"]='p';
function AddCrazytableItem($sl1, $sl2) {
echo "<tr class=\"";
if($_SESSION["crazytable"]== 'p') {
echo "dark";
} else {
echo "light";
}
echo "\"><td>".$sl1."</td><td>".$sl2."</td></tr>\n";
if($_SESSION["crazytable"] == 'p') {
$_SESSION["crazytable"]='n';
} else {
$_SESSION["crazytable"]='p';
}
}
?>
Vedeli by ste mi to zabezpečiť?
Za každú pomoc ďakujem.
Ďakujem