[Release] EvaWeb 0.2 Beta
- Thread starter Evanescence
- Start date
- Joined
- Nov 16, 2008
- Messages
- 171
- Reaction score
- 116
Try this in query analyzer
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[VI_CURR_INFO]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[VI_CURR_INFO]
GO
CREATE TABLE [dbo].[VI_CURR_INFO] (
[ends_days] [nvarchar] (8) COLLATE Polish_CI_AS NULL ,
[chek_code] [nvarchar] (1) COLLATE Polish_CI_AS NOT NULL ,
[used_time] [int] NULL ,
[memb___id] [nvarchar] (10) COLLATE Polish_CI_AS NOT NULL ,
[memb_name] [nvarchar] (10) COLLATE Polish_CI_AS NOT NULL ,
[memb_guid] [int] NOT NULL ,
[sno__numb] [nvarchar] (18) COLLATE Polish_CI_AS NOT NULL ,
[Bill_Section] [int] NULL ,
[Bill_Value] [int] NULL ,
[Bill_Hour] [int] NULL ,
[Surplus_Point] [int] NULL ,
[Surplus_Minute] [datetime] NULL ,
[Increase_Days] [int] NULL
) ON [PRIMARY]
GO
p.p I Will re-code the web.
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[VI_CURR_INFO]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[VI_CURR_INFO]
GO
CREATE TABLE [dbo].[VI_CURR_INFO] (
[ends_days] [nvarchar] (8) COLLATE Polish_CI_AS NULL ,
[chek_code] [nvarchar] (1) COLLATE Polish_CI_AS NOT NULL ,
[used_time] [int] NULL ,
[memb___id] [nvarchar] (10) COLLATE Polish_CI_AS NOT NULL ,
[memb_name] [nvarchar] (10) COLLATE Polish_CI_AS NOT NULL ,
[memb_guid] [int] NOT NULL ,
[sno__numb] [nvarchar] (18) COLLATE Polish_CI_AS NOT NULL ,
[Bill_Section] [int] NULL ,
[Bill_Value] [int] NULL ,
[Bill_Hour] [int] NULL ,
[Surplus_Point] [int] NULL ,
[Surplus_Minute] [datetime] NULL ,
[Increase_Days] [int] NULL
) ON [PRIMARY]
GO
p.p I Will re-code the web.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/1.3.33 Server at 85.239.157.20 Port 80
Any Ideas/ Някакви идеи?
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/1.3.33 Server at 85.239.157.20 Port 80
Any Ideas/ Някакви идеи?
- Joined
- Nov 16, 2008
- Messages
- 171
- Reaction score
- 116
Пуснах го но ми дава това
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
08/07/13 02:20:38
Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
...
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
08/07/13 02:20:38
Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
...
Last edited:
1-во mod_rewrite се пуска от httpd.conf
2-ро може да се наложи да рестартираш apache-то
Ако не стане значи бъркаш някъде
Интересното е че стана сайта но аз се отказах от това му.
ivowe3
Wiki
- Joined
- Apr 1, 2009
- Messages
- 1,219
- Reaction score
- 1,281
SECURE:
./clear.php незащитена $_POST[] заявка(name)
./reset.php незащитена $_POST[] заявка(name)
./addst.php незащитена $_POST[] заявка(name)
Начин на защита:
след:
добавяте:
Да стане така:
Не е тествана защитата дали работи, тествано е хакването при незащитените.
На пръв поглед открих само тези дупки за SQL Inject, ако някой знае още нека ги сподели. Не съм търсил обстойно...
./clear.php незащитена $_POST[] заявка(name)
./reset.php незащитена $_POST[] заявка(name)
./addst.php незащитена $_POST[] заявка(name)
Начин на защита:
след:
PHP:
$name = addslashes(htmlspecialchars($_POST['name']));
PHP:
$arr= array(";","'","\"","%"," ");
$name=str_replace($arr,"",$name);
$name=substr($name,0,10);Да стане така:
PHP:
$name = addslashes(htmlspecialchars($_POST['name']));
$arr= array(";","'","\"","%"," ");
$name=str_replace($arr,"",$name);
$name=substr($name,0,10);Не е тествана защитата дали работи, тествано е хакването при незащитените.
На пръв поглед открих само тези дупки за SQL Inject, ако някой знае още нека ги сподели. Не съм търсил обстойно...
Last edited:
аз намерих това, http://yourwebsite/index.php/
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
- Joined
- Nov 16, 2008
- Messages
- 171
- Reaction score
- 116
аз намерих това, http://yourwebsite/index.php/
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
?
- Joined
- Nov 16, 2008
- Messages
- 171
- Reaction score
- 116
и сам можеш да си го провериш просто въвеждаш така : http://yourwebsite/index/home/
пример -> http://yourwebsite/index.php/
махаш -> index/home
и слагаш -> index.php/
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
според мен е от .htacces-a
пример -> http://yourwebsite/index.php/
махаш -> index/home
и слагаш -> index.php/
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
според мен е от .htacces-a
Last edited:
MeMoS
Well-Known Member
- Joined
- Oct 18, 2008
- Messages
- 620
- Reaction score
- 498
и сам можеш да си го провериш просто въвеждаш така : http://yourwebsite/index/home/
пример -> http://yourwebsite/index.php/
махаш -> index/home
и слагаш -> index.php/
и се получава това index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/index/home/index/index/home
според мен е от .htacces-a
не знам как е точно сайта направен но
не е от .htaccess файла а от самите линкове когато имаш .htaccess с Rewrite линковете не може да са само <a href="index/????"> а трябва да са цяла връзка <a href="http:://website/index/????">
