Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Messages posted by: cartman-2000
Forum Index » Profile for cartman-2000 » Messages posted by cartman-2000
Author Message
Support Forum » Vulnerabilities in png counter. » Go to message
There are a couple vulnerabilities in png counter that can allow mysql injection or writing of files outside of the page directory.

To fix it change this:



To this:



And add above line:




This:

Support Forum » PNG Counter - Change the count » Go to message
if your going by file mode create a file with the page name your going to use and enter the number into it.

If your going by mysql mode, add or modify the record for the page you are using and set the count to what it was in the other counter, modifying a db, and it's records, is pretty easy with phpmyadmin if you have it.
Support Forum » PNG Counter 1.0 » Go to message
Yeah, this is an old script, take a look at the copyright year in the counter.php file, the script is around 7 years old if that is correct.


the demo file will have to be updated as well.


this line.
$digit = (!isset($HTTP_GET_VARS['digit'])) ? "scoreboard" : $HTTP_GET_VARS['digit'];

Needs to be changed to:
$digit = (!isset($_GET['digit'])) ? "scoreboard" : $_GET['digit'];

Looks like they got rid of $HTTP_GET_VARS in php5

To my previous post, there's a another why of fixing it, probably the better way.

This way you don't need to change the "$counter->create_png($page,$digit);" line. all you need to change is this:

$page = (!isset($HTTP_GET_VARS['page'])) ? "count" : $HTTP_GET_VARS['page'];
$digit = (!isset($HTTP_GET_VARS['digit'])) ? "scoreboard" : $HTTP_GET_VARS['digit'];

to:

$page = (!isset($_GET['page'])) ? "count" : $_GET['page'];
$digit = (!isset($_GET['digit'])) ? "scoreboard" : $_GET['digit'];


I've also found a small bug in the counter script, after playing around with it some more. the bug doesn't break anything, but with the bug the initial hit to the counter that has a new page id will come back displaying 2 page views. Changing the two lines of $this->counter = 1; to $this->counter = 0; fixed this small bug.

I've sent him an email about this.
Support Forum » PNG Counter 1.0 » Go to message
I've managed to fix it myself, only had to change one line of code. It didn't work before because of php5 not allowing register globals.


find in counter.php (last line of code in the file):

$counter->create_png($page,$digit);

Change to:

$counter->create_png($_GET['page'],$_GET['digit']);
Support Forum » PNG Counter 1.0 » Go to message
I have a problem using png counter on php5 too, I don't get an error image, but the script ignores the page and digit settings in the img url. I have it set up to use db.

http://cartman-2000.net/counter/demo.php?digit=binky
 
Forum Index » Profile for cartman-2000 » Messages posted by cartman-2000
Go to:   
Based on the open source JForum