I posted it here because many user were using your script! But it was vulnerable. Never knew that kiddies will use it like that
Anyway, nice design! But theres still a bug in new script
It only checks for file extension so it could still be used as:
http://localhost/NFO/nfo.php?file=http://www.wjunction.com/robots.txt
That thing will work as default too!
Let it also check whether file also exists on the server or notPHP:<?php /* NFOGen v2.0 - NFO RENDER Updated: 13-11-2011 Original by Buzzard Coded by Qarizma */ if( isset($_REQUEST['file']) ) { $uploadname = $_REQUEST['file']; //Which filetypes are allowed? $allow[0] = "nfo"; $allow[1] = "txt"; //$allow[2] = "tmp"; //$allow[3] = "tmp"; //$allow[4] = "tmp"; $extentie = substr($uploadname, -3); for ($i = 0; $i < count($allow); $i++) { if ($extentie == $allow[$i]) { $extentie_check = "ok"; $i = count($allow) + 5; } } if ($extentie_check and file_exists($_REQUEST['file'])) { // Load the NFO file... //$lines = file( $_REQUEST['file'] ); $lines = file( $_REQUEST['file'] ); // Get the longest line.... $longestLine = 0; $numberLines = 0; foreach ($lines as $line_num => $line) { $line = rtrim($line); $tempLineLength = strlen($line); // Avoid calling strlen twice... if( $tempLineLength > $longestLine ) $longestLine = $tempLineLength; } // The number of line.... $numberLines = count($lines); //Set up the Vars... $fontWidth = 8; $fontHeight = 12; $border = 1; // Not one pixel, but 1*FontWidth and 1*FontHeight $imgWidth = ($fontWidth * $longestLine) + ( 2 * $border * $fontWidth ); $imgHeight = ($fontHeight * $numberLines) + ( 2 * $border * $fontHeight ); $currentX = 0; $currentY = 0; // Start GD $img = imagecreatetruecolor( $imgWidth, $imgHeight ); if ($_REQUEST['color']==1) $charMap = imagecreatefrompng( "nfogen_2.png" ); else $charMap = imagecreatefrompng( "nfogen_2.png" ); for($j = 0; $j < $numberLines + 2 * $border; $j++ ) { // Avoid calling strlen strlen($line) times :-) $currentLineLength = strlen($line); for( $i = 0; $i < $longestLine + 2 * $border; $i++ ) { // int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h) imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * 12), ($fontHeight * 0), $fontWidth, $fontHeight ); // Move along one char to the right $currentX = $currentX + $fontWidth; } // Move down a line, and reset the x location $currentX = 0; $currentY = $currentY + $fontHeight; } $currentX = $border * $fontWidth; $currentY = $border * $fontHeight; // Main loop.... foreach ($lines as $line_num => $line) { // Avoid calling strlen strlen($line) times :-) $currentLineLength = strlen($line); for( $i = 0; $i < $currentLineLength; $i++ ) { // Get the Locatino of the char in the charmap image $charYOffSet = 0; $charXOffSet = ord($line[$i]); // - 20; // Becuase my charmap skips the first 20 chars :-) while( $charXOffSet >= 20 ) { $charYOffSet++; $charXOffSet = $charXOffSet - 20; } // int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h) imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * $charXOffSet), ($fontHeight * $charYOffSet), $fontWidth, $fontHeight ); // Move along one char to the right $currentX = $currentX + $fontWidth; } // Move down a line, and reset the x location $currentX = ($border * $fontWidth); $currentY = $currentY + $fontHeight; } // Display the PNG file... header ("Content-type: image/png"); imagepng( $img ); imagedestroy($img); } else { echo "ERROR!"; } } else { echo "ERROR!"; } ?>
another crappy update lol ...
i can insert 100000000000000000000000000000000000000x9999999 lines of txt then run it via your "nfo rendering" and tada server is fcked up better said down
@localhost - do not code if u dont know how ...
do u know what file_exists do ? jeez