- Joined
- Apr 13, 2010
- Messages
- 325
- Reaction score
- 25
Може ли някой да ми даде скрипт-а за минаване на 3rd Quest през сайта за този Web Welcome To Dungeon Siege Mu Season 4 - High XP
[Help] Скрипт за минаване на 3rd Quest през сайта
- Thread starter Archon
- Start date
KR373N
Well-Known Member
- Joined
- May 18, 2008
- Messages
- 1,943
- Reaction score
- 446
PHP:
<?
include("includes/ctracker.php");
include("config.php");
include("includes/secure.php");
?>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("C:/xampp/htdocs/[WEB]SQL_InjectionQuest.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$lfh = "credits.php";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "You think you can hack me? Now You will eat the BANN!!";
}
?>
<?php
function GetField($input) {
$input=strip_tags($input);
$input=str_replace("<","<",$input);
$input=str_replace(">",">",$input);
$input=str_replace("#","%23",$input);
$input=str_replace("'","`",$input);
$input=str_replace(";","%3B",$input);
$input=str_replace("script","",$input);
$input=str_replace("%3c","",$input);
$input=str_replace("%3e","",$input);
$input=trim($input);
return $input;
}
?>
<script language="JavaScript" type="text/JavaScript">
//<![CDATA[
function validate(form)
{
if (form.acc.value =="") {
form.acc.focus();
alert("Въведете Акаунт.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.acc.value)) {
form.acc.focus();
alert('Невалиден Акаунт ползвайте само букви (a-Z) и цифри (0-9).');
return false;
}
if (form.acc.value.length<4) {
form.acc.focus();
alert("Акаунтът не е достатъчно дълъг (4~10).");
return false;
}
if (form.pass.value =="" ) {
form.pass.focus();
alert("Въведете парола.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.pass.value)) {
form.pass.focus();
alert('Невалидна Парола ползвайте само букви (a-Z) и цифри (0-9).');
return false;
}
if (form.pass.value.length<4) {
form.pass.focus();
alert("Паролата не е достатъчно дълга (4~10).");
return false;
}
if (form.character.value =="") {
form.character.focus();
alert("Въведете герой.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.character.value)) {
form.character.focus();
alert('Невалиден герой ползвайте само букви (a-Z) и цифри (0-9).');
return false;
}
if (form.character.value.length<4) {
form.character.focus();
alert("Името на героя не е достатъчно дълъг (4~10).");
return false;
}
}
</script>
<table width="331" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center">
<form action="" method="post" name="register_from" id="register_from">
<table align="center" width="100" border="0" cellspacing="2" cellpadding="2">
<tr>
<td><div align="right" class="normal_text_white"><font color="orange">Account</font></div></td>
<td colspan="4"><div align="left">
<input name="acc" type="text" class="input" id="acc" size="14" maxlength="10" value="">
</div></td>
</tr>
<tr>
<td><div align="right" class="normal_text_white"><font color="orange">Password</font></div></td>
<td colspan="4"><div align="left">
<input name="pass" type="password" class="input" id="pass" size="14" maxlength="15" value="">
</div></td>
</tr>
<tr>
<td><div align="right" class="normal_text_white"><font color="orange">Char</font></div></td>
<td colspan="4"><div align="left">
<input name="character" type="text" class="input" id="character" size="14" maxlength="10" value="">
</div></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><label>
<input name="quest" type="hidden" id="quest" value="quest">
<input type="submit" name="submit" value="Complete Quest ?!?!?" class="button" onClick="return validate(document.register_from);">
</label><br><Br></td>
</tr>
</FORM> </div></td>
</tr>
</table>
<?php
If(htmlspecialchars(addslashes(isset($_POST[quest])))){
$account=clean_var($_POST[acc]);
$account = secure(htmlspecialchars(addslashes($_POST['acc'])));
$f = array("(",")","\"", "\\", "/", "=", "&", "%", "#", "*", "<", ">", "|", "'", ";", ":", "`", "?", "!", "DROP", "SELECT", "UPDATE", "DELETE", "WHERE", "drop", "select", "update", "delete", "where", "delete", "truncate", "TRUNCATE", "distinct", "DISTINCT", "having", "HAVING", "replace", "REPLACE", "handler", "HANDLER", "like", "LIKE", "procedure", "PROCEDURE", "limit", "LIMIT", "order by", "ORDER BY", "group by", "GROUP BY", "asc", "ASC", "desc", "DESC");
$account = str_replace($f,"",$account);
$character = secure(htmlspecialchars(addslashes($_POST['character'])));
$character = str_replace($f,"",$character);
$character = str_replace(";","",$character);
$character = str_replace("'","",$character);
$pass=clean_var($_POST[pass]);
$pass = secure(htmlspecialchars(addslashes($_POST['pass'])));
$pass = str_replace($f,"",$pass);
$query=mssql_fetch_row(mssql_query("select connectstat from memb_stat where memb___id='$account'"));
$query2=mssql_query("select name,class,clevel from character where name='$character' and accountid='$account'");
$query3=mssql_num_rows(mssql_query("select memb___id from memb_info where memb___id='$account' and memb__pwd='$pass'"));
$row=mssql_fetch_row($query2);
if($query3 < 1){$error=1;
echo("$warning_start Грешен акаунт или парола. $warning_end"); }
elseif(mssql_num_rows($query2)<1){$error=1;
echo("$warning_start Няма такъв герой $character в акаунта $account! $warning_end"); }
elseif($row[1]==0 or $row[1]==16 or $row[1]==32 or $row[1]==80){$error=1;
echo("$warning_start Преди да изпълните 3-тия quest трябва първо да сте изпълнили questa za SM, BK , ME, BS! $warning_end"); }
elseif($row[1]==2 or $row[1]==18 or $row[1]==34 or $row[1]==50 or $row[1]==66 or $row[1]==82){$error=1;
echo("$warning_start Вече сте изпълнили 3-тия quest! $warning_end"); }
elseif($row[2] < 400){$error=1;
echo("$warning_start Трябва да сте 400 левел, за да изпълните 3-тия quest! $warning_end"); }
elseif($query[0] > 0){$error=1;
echo("$warning_start Акаунтът е в игра! $warning_end"); }
If($error!=1){
if($row[1]==48 or $row[1]==64){$class=$row[1]+2;} else{$class=$row[1]+1;}
$run=mssql_query("update character set class='$class',quest=convert(varbinary(50),0xAAEAFFFFFFFFFFFFFFFFFFFFFFFFFFFF) where name='$character'");
echo("$ok_start 3-тият quest на героя $character е успешно изпълнен. $ok_end");
}
}
?></table>Security.php File
PHP:
<?PHP
function xw_sanitycheck($str){
if(strpos(str_replace("''",""," $str"),"'")!=false)
return str_replace("'", "''", $str);
else
return $str;
}
function secure($str){
// Case of an array
if (is_array($str)) {
foreach($str AS $id => $value) {
$str[$id] = secure($value);
}
}
else
$str = xw_sanitycheck($str);
return $str;
}
// Get Filter
$xweb_AI = array_keys($_GET);
$i=0;
while($i<count($xweb_AI)) {
$_GET[$xweb_AI[$i]]=secure($_GET[$xweb_AI[$i]]);
$i++;
}
// Request Filter
$xweb_AI = array_keys($_REQUEST);
$i=0;
while($i<count($xweb_AI)) {
$_REQUEST[$xweb_AI[$i]]=secure($_REQUEST[$xweb_AI[$i]]);
$i++;
}
// Post Filter
$xweb_AI = array_keys($_POST);
$i=0;
while($i<count($xweb_AI)) {
$_POST[$xweb_AI[$i]]=secure($_POST[$xweb_AI[$i]]);
$i++;
}
// Cookie Filter
$xweb_AI = array_keys($_COOKIE);
$i=0;
while($i<count($xweb_AI)) {
$_COOKIE[$xweb_AI[$i]]=secure($_COOKIE[$xweb_AI[$i]]);
$i++;
}
function check_inject() {
$badchars = array(";", "'", "\"", "*", "DROP", "SHUTDOWN", "SELECT", "UPDATE", "DELETE", "-");
foreach($_POST as $value) {
if(in_array($value, $badchars)) { die("SQL Injection Detected\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); }
else {
$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
foreach($check as $char) {
if(in_array($char, $badchars)) { die("SQL Injection Detected\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); }
}
}
}
}
function clean_var($var=NULL) {
$newvar = @preg_replace('/[^a-zA-Z0-9\_\-\.]/', '', $var);
if (@preg_match('/[^a-zA-Z0-9\_\-\.]/', $var)) { }
return $newvar;
}
?>ctracker.php file
PHP:
<?php
$cracktrack = $_SERVER['QUERY_STRING'];
$wormprotector = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
'$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
'/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20',
'/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.php', 'config.php', 'cgi-', '.eml',
'file\://', 'window.open', '<SCRIPT>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
'<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=');
$checkworm = str_replace($wormprotector, '*', $cracktrack);
if ($cracktrack != $checkworm)
{
$cremotead = $_SERVER['REMOTE_ADDR'];
$cuseragent = $_SERVER['HTTP_USER_AGENT'];
die("<span style='font-family : Verdana, Arial, Helvetica, sans-serif; font-size : 15px; color : #000000;'>Attack detected!<br>$cremotead - $cuseragent</span>");
}
?>Security.php и ctracker.php се слагат в папката Includes
Кои Може да Ми каже защто като напрая Саит С ЕасуПхП и като дам линк на някои фр и те немогат да влезнат що така??
KR373N
Well-Known Member
- Joined
- May 18, 2008
- Messages
- 1,943
- Reaction score
- 446
port 80 Blocked Easyphp е много лесна за хакване такаче се преориентирай към xampp или AppServ
добре но може ли ми покажеш някав урок да разбера как се прави с хамп че иам сервер а саита куца :d
128ve980
Active Member
- Joined
- Dec 11, 2008
- Messages
- 236
- Reaction score
- 99
MapTuH4y
New Member
- Joined
- Apr 29, 2010
- Messages
- 1,113
- Reaction score
- 180
FallenOne
Active Member
- Joined
- Jun 26, 2010
- Messages
- 238
- Reaction score
- 106
Error:
Warning: mssql_connect() [function.mssql-connect]: message: Error de inicio de sesión del usuario 'sebas'. (severity 14) in C:\AppServ\www\quest\config.php on line 7
Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: 127.0.0.1 in C:\AppServ\www\quest\config.php on line 7
Warning: mssql_select_db(): supplied argument is not a valid MS SQL-Link resource in C:\AppServ\www\quest\config.php on line 8
Warning: include(includes/secure.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\quest\index.php on line 70
Warning: include() [function.include]: Failed opening 'includes/secure.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\quest\index.php on line 70
Warning: mssql_connect() [function.mssql-connect]: message: Error de inicio de sesión del usuario 'sebas'. (severity 14) in C:\AppServ\www\quest\config.php on line 7
Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: 127.0.0.1 in C:\AppServ\www\quest\config.php on line 7
Warning: mssql_select_db(): supplied argument is not a valid MS SQL-Link resource in C:\AppServ\www\quest\config.php on line 8
Warning: include(includes/secure.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\quest\index.php on line 70
Warning: include() [function.include]: Failed opening 'includes/secure.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\quest\index.php on line 70
RaFa
Team Member
- Joined
- Jan 24, 2009
- Messages
- 785
- Reaction score
- 484
KR373N
Well-Known Member
- Joined
- May 18, 2008
- Messages
- 1,943
- Reaction score
- 446
а всички който имат 3 quest за минаване
като изкючим сезон 3 епизод 1 с командата /evo иначе да
help za nqkolko modula za saita
Здравейте (*)
Трябва ми помощ за сайта, искам да добавя няколко модула но незнам как (незнам каде се пишат php кодовете - ако може обяснете ми )
ето тези модули ми трябват :
1. модула който добавя Market
2. модула който добавя 1 stone = 15 credits ( Стонета за Кредити )
3. модула който дава по 10 кредита на 1 час онлайн време ( online time for credits)
това са модулите които ми трябват за този сайт : GrenderMu
Благодаря предварително!!!
Здравейте (*)
Трябва ми помощ за сайта, искам да добавя няколко модула но незнам как (незнам каде се пишат php кодовете - ако може обяснете ми
)ето тези модули ми трябват :
1. модула който добавя Market
2. модула който добавя 1 stone = 15 credits ( Стонета за Кредити )
3. модула който дава по 10 кредита на 1 час онлайн време ( online time for credits)
това са модулите които ми трябват за този сайт : GrenderMu
Благодаря предварително!!!
Wikko0
Well-Known Member
- Joined
- Oct 17, 2012
- Messages
- 660
- Reaction score
- 263
@pepchobg тук не е темата да пишеш какво ти трябва ;]
1.За маркет трябва да дадеш пари някой да ти го направи ;]
2.И за това мисля че трябват пари или може някой да ти го направи фрее;]
3.ivowe3 беше release-нал такъв модул , влез в търкачката и напиши AFK For Credits
1.За маркет трябва да дадеш пари някой да ти го направи ;]
2.И за това мисля че трябват пари или може някой да ти го направи фрее;]
3.ivowe3 беше release-нал такъв модул , влез в търкачката и напиши AFK For Credits
128ve980
Active Member
- Joined
- Dec 11, 2008
- Messages
- 236
- Reaction score
- 99
@pepchobg
if((isset($_POST['submit']))){
$name = addslashes(htmlspecialchars($_POST['name']));
$prom = mssql_query("SELECT Stone FROM StoneRena WHERE acc='$name'");
$row = mssql_fetch_array($prom);
$stone = $row[0];
$prom2 = mssql_query("SELECT Credits FROM 'Table' WHERE acc='$name'");
$row2 = mssql_fetch_array($prom2);
$credits = $row2[0];
$creditss = $credits + 15;
$newstone = $stone - 1;
...that was from me
if((isset($_POST['submit']))){
$name = addslashes(htmlspecialchars($_POST['name']));
$prom = mssql_query("SELECT Stone FROM StoneRena WHERE acc='$name'");
$row = mssql_fetch_array($prom);
$stone = $row[0];
$prom2 = mssql_query("SELECT Credits FROM 'Table' WHERE acc='$name'");
$row2 = mssql_fetch_array($prom2);
$credits = $row2[0];
$creditss = $credits + 15;
$newstone = $stone - 1;
...that was from me
