0

メーラー用のこのphpでセキュリティコードを見つけようとしています。これを削除するためにコードのどの部分を削除する必要があるか教えてください。

ご協力いただきありがとうございます

    <?php
$adminemail = 'info@blue.co.uk'; // type your actual email address in place of you@yourdomain.com

$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow its security image prompt

$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text

$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter ';
$messagetoadmin = "A user has filled out a form with this content:


";

 if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response.


";
 else $messagetosubmitter = $_POST['messagetosubmitter'];

while(list($key, $value) = each($_POST))
{
 if (!stristr($controlvars, ' '. $key .' '))
 {
  $messagetoadmin .= $key .': '. $value .'

';
  $messagetosubmitter .= $key .': '. $value .'

';
 }
} 
$submitter = $_POST['submitteremail'];
if ($submitter == '') $submitter = 'info@innco.uk';
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer.");

if ($usesecimage)
{
 $curr_path = getcwd(); 
 chdir($usesecimage);        // Go to the WSN directory 
 require 'start.php'; 
 if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
 $correct = securityimagevalue($seed);
 if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
 chdir($curr_path);      // Return to original directory 
}

   session_start();
   if(empty($_POST['TermsOfBusiness']))
   {
    error_reporting(0);
    echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form";
   }
   elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {

      mail("$adminemail, kat@cat.com", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter);
      unset($_SESSION['security_code']);

   } else {
      error_reporting(0);
      echo "The security code you entered was incorrect, please click the back button on your browser to try again.";
   }

if ($_POST['ccsubmitter'] == 'yes')
{
 mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail);
}
if ($autoresponse != '')
{
 $body = geturl($autoresponse);
 mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $_POST['thankspage']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">');

if (!function_exists('geturl'))
{
function geturl($url)
{
 if (extension_loaded('curl')) 
 {
   $user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)';
   $ch = curl_init(); 
   curl_setopt ($ch, CURLOPT_URL, $url); 
   curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent); 
   curl_setopt ($ch, CURLOPT_HEADER, false); 
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
   curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15);  // timeout after 5 seconds
   curl_setopt ($ch, CURLOPT_TIMEOUT, 15);  // timeout after 5 seconds   
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
   $result = curl_exec ($ch); 
   curl_close ($ch); 
// curl_error($ch); // for debugging
   return $result;  
 }

 if (version_compare("4.3.0", phpversion(), "<"))
 { 
  $filecontents = @file_get_contents($url);
 }
 else
 {
  $fd = @fopen($url, 'rb');
  $filecontents = "";
  do 
  {
   $data = @fread($fd, 8192);
   if (strlen($data) == 0) 
   {
    break;
   }
   $filecontents .= $data;
  } while(true); 
  @fclose ($fd);
 }
 return $filecontents;
}
}

?>
4

3 に答える 3

4

ここでは二分探索法を使用できます。これは次のように始まります。

  1. ファイルの下半分を削除します。check: 「暗証番号」は入っていましたか?
  2. いいえ: ファイルの上半分を削除します。check: 「暗証番号」は入っていましたか?
  3. いいえ: 再テストの前提: セキュリティ コードがこのファイルにあると確信していますか?

「セキュリティコード」がどちらの半分にあるかを見つけたら、次のようにします。

  1. ファイルのその半分の下半分を削除します。check: 「暗証番号」は入っていましたか?
  2. いいえ:ファイルのその半分の上半分を削除します。check: 「暗証番号」は入っていましたか?
  3. いいえ: 再テストの前提: セキュリティ コードがこのファイルのこの半分にあると確信していますか?

興味のある行が見つかるまで繰り返します。

于 2010-02-01T15:10:09.090 に答える
1

これを削除します:)

編集:elseif ..がコードとして表示されていなかった、修正。

elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {

      mail("$adminemail, kat@cat.com", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter);
      unset($_SESSION['security_code']);

   } else {
      error_reporting(0);
      echo "The security code you entered was incorrect, please click the back button on your browser to try again.";
   }

そしてこれ(キャメロンコナーによる)

if ($usesecimage)
{
 $curr_path = getcwd(); 
 chdir($usesecimage);        // Go to the WSN directory 
 require 'start.php'; 
 if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
 $correct = securityimagevalue($seed);
 if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
 chdir($curr_path);      // Return to original directory 
}

したがって、ファイルは次のようになります。

    <?php
$adminemail = 'info@blueriverwm.co.uk'; // type your actual email address in place of you@yourdomain.com

$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow its security image prompt

$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text

$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter ';
$messagetoadmin = "A user has filled out a form with this content:


";

 if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response.


";
 else $messagetosubmitter = $_POST['messagetosubmitter'];

while(list($key, $value) = each($_POST))
{
 if (!stristr($controlvars, ' '. $key .' '))
 {
  $messagetoadmin .= $key .': '. $value .'

';
  $messagetosubmitter .= $key .': '. $value .'

';
 }
} 
$submitter = $_POST['submitteremail'];
if ($submitter == '') $submitter = 'info@innco.uk';
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer.");

   session_start();
   if(empty($_POST['TermsOfBusiness']))
   {
    error_reporting(0);
    echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form";
   }

if ($_POST['ccsubmitter'] == 'yes')
{
 mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail);
}
if ($autoresponse != '')
{
 $body = geturl($autoresponse);
 mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $_POST['thankspage']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">');

if (!function_exists('geturl'))
{
function geturl($url)
{
 if (extension_loaded('curl')) 
 {
   $user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)';
   $ch = curl_init(); 
   curl_setopt ($ch, CURLOPT_URL, $url); 
   curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent); 
   curl_setopt ($ch, CURLOPT_HEADER, false); 
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
   curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15);  // timeout after 5 seconds
   curl_setopt ($ch, CURLOPT_TIMEOUT, 15);  // timeout after 5 seconds   
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
   $result = curl_exec ($ch); 
   curl_close ($ch); 
// curl_error($ch); // for debugging
   return $result;  
 }

 if (version_compare("4.3.0", phpversion(), "<"))
 { 
  $filecontents = @file_get_contents($url);
 }
 else
 {
  $fd = @fopen($url, 'rb');
  $filecontents = "";
  do 
  {
   $data = @fread($fd, 8192);
   if (strlen($data) == 0) 
   {
    break;
   }
   $filecontents .= $data;
  } while(true); 
  @fclose ($fd);
 }
 return $filecontents;
}
}

?>
于 2010-02-01T15:08:56.157 に答える
1

CuSS's answer の拡張..これも不要です。

if ($usesecimage)
{
 $curr_path = getcwd(); 
 chdir($usesecimage);        // Go to the WSN directory 
 require 'start.php'; 
 if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
 $correct = securityimagevalue($seed);
 if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
 chdir($curr_path);      // Return to original directory 
}
于 2010-02-01T15:14:53.497 に答える