[PHP] NFOGen v2.1 - NFO Rendering (Opensource)
- Thread starter l0calh0st
- Start date
- Status
THANK !!!! Works !!!
Will everyone now see the NFO like this one http://nfo.fs-ddl.com/nfo.php?file=upload/132104246530292.nfo ?What should be the CHMOD od nfo folder ? 755 ?
Nice script there
But you should work on making it more secure! Like it checks for extensions while uploading but not while viewing! So one can view the php file on the server
Eg:
http://nfo.fs-ddl.com/nfo.php?file=upload.php
http://nfo.fs-ddl.com/nfo.php?file=nfo.php
[STRIKE] Removed for user security! L0l :P[/STRIKE]
But you should work on making it more secure! Like it checks for extensions while uploading but not while viewing! So one can view the php file on the server
Eg:
http://nfo.fs-ddl.com/nfo.php?file=upload.php
http://nfo.fs-ddl.com/nfo.php?file=nfo.php
[STRIKE] Removed for user security! L0l :P[/STRIKE]
Code:
http://ripmovies.net/nfogen/this can be provided as a demo.!
nice script!
deAthbLisS
Active Member
Nice one..
looking ahead to test it and enhance if i can :P
looking ahead to test it and enhance if i can :P
I posted it here because many user were using your script! But it was vulnerable. Never knew that kiddies will use it like that
Anyway, nice design! But theres still a bug in new script
It only checks for file extension so it could still be used as:
http://localhost/NFO/nfo.php?file=http://www.wjunction.com/robots.txt
That thing will work as default too!
PHP:
<?php
/*
NFOGen v2.0 - NFO RENDER
Updated: 13-11-2011
Original by Buzzard
Coded by Qarizma
*/
if( isset($_REQUEST['file']) )
{
$uploadname = $_REQUEST['file'];
//Which filetypes are allowed?
$allow[0] = "nfo";
$allow[1] = "txt";
//$allow[2] = "tmp";
//$allow[3] = "tmp";
//$allow[4] = "tmp";
$extentie = substr($uploadname, -3);
for ($i = 0; $i < count($allow); $i++)
{
if ($extentie == $allow[$i])
{
$extentie_check = "ok";
$i = count($allow) + 5;
}
}
if ($extentie_check and file_exists($_REQUEST['file']))
{
// Load the NFO file...
//$lines = file( $_REQUEST['file'] );
$lines = file( $_REQUEST['file'] );
// Get the longest line....
$longestLine = 0;
$numberLines = 0;
foreach ($lines as $line_num => $line)
{
$line = rtrim($line);
$tempLineLength = strlen($line); // Avoid calling strlen twice...
if( $tempLineLength > $longestLine )
$longestLine = $tempLineLength;
}
// The number of line....
$numberLines = count($lines);
//Set up the Vars...
$fontWidth = 8;
$fontHeight = 12;
$border = 1; // Not one pixel, but 1*FontWidth and 1*FontHeight
$imgWidth = ($fontWidth * $longestLine) + ( 2 * $border * $fontWidth );
$imgHeight = ($fontHeight * $numberLines) + ( 2 * $border * $fontHeight );
$currentX = 0;
$currentY = 0;
// Start GD
$img = imagecreatetruecolor( $imgWidth, $imgHeight );
if ($_REQUEST['color']==1) $charMap = imagecreatefrompng( "nfogen_2.png" );
else $charMap = imagecreatefrompng( "nfogen_2.png" );
for($j = 0; $j < $numberLines + 2 * $border; $j++ )
{
// Avoid calling strlen strlen($line) times :-)
$currentLineLength = strlen($line);
for( $i = 0; $i < $longestLine + 2 * $border; $i++ )
{
// int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h)
imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * 12), ($fontHeight * 0), $fontWidth, $fontHeight );
// Move along one char to the right
$currentX = $currentX + $fontWidth;
}
// Move down a line, and reset the x location
$currentX = 0;
$currentY = $currentY + $fontHeight;
}
$currentX = $border * $fontWidth;
$currentY = $border * $fontHeight;
// Main loop....
foreach ($lines as $line_num => $line)
{
// Avoid calling strlen strlen($line) times :-)
$currentLineLength = strlen($line);
for( $i = 0; $i < $currentLineLength; $i++ )
{
// Get the Locatino of the char in the charmap image
$charYOffSet = 0;
$charXOffSet = ord($line[$i]); // - 20; // Becuase my charmap skips the first 20 chars :-)
while( $charXOffSet >= 20 )
{
$charYOffSet++;
$charXOffSet = $charXOffSet - 20;
}
// int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h)
imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * $charXOffSet), ($fontHeight * $charYOffSet), $fontWidth, $fontHeight );
// Move along one char to the right
$currentX = $currentX + $fontWidth;
}
// Move down a line, and reset the x location
$currentX = ($border * $fontWidth);
$currentY = $currentY + $fontHeight;
}
// Display the PNG file...
header ("Content-type: image/png");
imagepng( $img );
imagedestroy($img);
}
else
{
echo "ERROR!";
}
}
else
{
echo "ERROR!";
}
?>Good job local, it's a nice little script. It has been done before of course, but this uses a slightly different method (using a second image as a character set rather than using a CP437 font).
There are a few parts of it you could do in a smaller amount of code, but for this concept it isn't worth it since it'll be fast anyway :p
As for what soft2050 just said, it is not and never was vulnerable for the following reasons:
- All uploaded files remain in /tmp, they cannot be accessed publicly
- Sure you can 'inject' a remote PHP file, but it will not execute, it will simply have its source printed out
- The content type is always png, so if for any reason code got injected, it will never execute
The only 'security' related thing I'd even consider with this is a size limit, but that's best done in php.ini so irrelevant to local.
There are a few parts of it you could do in a smaller amount of code, but for this concept it isn't worth it since it'll be fast anyway :p
As for what soft2050 just said, it is not and never was vulnerable for the following reasons:
- All uploaded files remain in /tmp, they cannot be accessed publicly
- Sure you can 'inject' a remote PHP file, but it will not execute, it will simply have its source printed out
- The content type is always png, so if for any reason code got injected, it will never execute
The only 'security' related thing I'd even consider with this is a size limit, but that's best done in php.ini so irrelevant to local.
- Status