Thomas. Skrevet 27. januar 2008 Skrevet 27. januar 2008 Hallo! Har funnet et mafiascrit-spill på nettet. Men når jeg trykker på registrer blir jeg automatisk ført hit: http://localhost/mafiaspill/index.php%5C%22 Er jo ikke dit jeg skal! Jeg skal til localhost/mafiaspill/register.php!!! Her er index: <?php ################################################# # # # Auteur: J. Klompen # # Site : http://www.maffia.net.tc # # Date : 15 apr 2005 # # Email: [email protected] # # # ################################################# require_once( '_check_user.php' ); // bezoekers statistieken $pagename = "Index"; include("./counter.inc.php"); ?> <html> <head> <title>Mafialegend</title> <link rel="stylesheet" type="text/css" href="src/standard.css" /> <script language=JavaScript> function screenshots(){ var popurl="screenshots.php" winpops=window.open(popurl,"","width=800,height=640,") } function firstFocus() { if (document.forms.length > 0) { var TForm = document.forms[0]; for (i=0;i<TForm.length;i++) { if ((TForm.elements.type=="text")|| (TForm.elements.type=="textarea")|| (TForm.elements.type.toString().charAt(0)=="s")) { document.forms[0].elements.focus(); break; } } } } </SCRIPT> </head> <body> <table class="login"><tr><td align="center"> <table class="windowLogin"> <tr> <td class="loginLeft"> <img src="images/logoLogin.jpg" /> </td> <td class="loginRight"> <div class="mainTitle"><div class="logo"> </div></div> <div class="mainText"> <?php if ($melding) { echo "<b>$melding</b>"; echo "<br />"; } else { ?> Åpner får fullt: <i>01-01-2008</i> <br /> <br /> <?php } ?> <form method="post"> <table> <tr><td class="column1"><li></td><td class="column2">Brukernavn:</td><td class="column3"><input type="text" name="name" /></td><td></td></tr> <tr><td class="column1"><li></td><td class="column2">Passord:</td><td class="column3"><input type="password" name="password" /></td><td></td></tr> <tr><td></td><td></td><td class="column4"><input class="button" type="submit" value="Logg inn" /></td></tr> </table> </form> </div> </td> </table> <div class="windowLoginStatus"> <a class="login" href="register.php">Registrer!</a> | <a class="login" href="recover.php">Glemt Passord!</a> | <a class="login" href="java script:screenshots()">Screenshots!</a></div> </td></tr></table> </body> </html> register.php: <? ################################################# # # # Auteur: J. Klompen # # Site : http://www.maffia.net.tc # # Date : 15 apr 2005 # # Email: [email protected] # # # ################################################# // bezoekers statistieken $pagename = "Register"; include("./counter.inc.php"); setcookie("cookieusername", ""); setcookie("cookiepassword", ""); if (!$_POST['name'] OR !$_POST['password']) { ?> <html> <head> <title>Registrer @ Mafia</title> <link rel="stylesheet" type="text/css" href="src/standard.css" /> <script language=JavaScript> function screenshots(){ var popurl="screenshots.php" winpops=window.open(popurl,"","width=800,height=640,") } function firstFocus() { if (document.forms.length > 0) { var TForm = document.forms[0]; for (i=0;i<TForm.length;i++) { if ((TForm.elements.type=="text")|| (TForm.elements.type=="textarea")|| (TForm.elements.type.toString().charAt(0)=="s")) { document.forms[0].elements.focus(); break; } } } } </SCRIPT> </head> <body> <table class="login"><tr><td align="center"> <table class="windowLogin"> <tr> <td class="loginLeft"> <img src="images/logoLogin.jpg" /> </td> <td class="loginRight"> <div class="mainTitle"><div class="logo"> </div></div> <div class="mainText"> Register!<br /> <br /> <?php include "_ip_block.php"; if ($ip_check == "pos") { ?> <form method="post"> <table> <tr><td class="column1"><li></td><td class="column2">Brukernavn </td><td class="column3"><input type="text" name="name" /></td><td></td></tr> <tr><td class="column1"><li></td><td class="column2">E - post</td><td class="column3"><input type="text" name="password" /></td><td></td></tr> <tr><td></td><td></td><td class="column4"><input class="button" type="submit" value="Registrer" /></td></tr> </table> </form> <?php } elseif ($ip_check == "neg") { echo "You are blocked from this site!!!"; echo "<br/>"; echo "Reason: $reason"; } ?> </div> </td> </table> <div class="windowLoginStatus"> <a class="login" href="index.php">Logg inn</a> | <a class="login" href="recover.php">Glemt Passord!</a> | <a class="login" href="java script:screenshots()">Screenshots!</a></div> </td></tr></table> </body> </html> <? ?> <? } else { $name = $_POST['name']; $password = $_POST['password']; $while = 0; include "_connect.php"; $lijstGebruikers = "SELECT * FROM users"; $resultLijstGebruikers = mysql_query($lijstGebruikers); while ($row = mysql_fetch_array($resultLijstGebruikers)) { $name2 = strtolower($name); $username = strtolower($row[username]); if ($name2 == $username) { $while = 1; } } if ($while == 1) { echo "User allready exists"; echo "<br />Please wait till we tranfer u"; echo "<META http-equiv=refresh content=\"2;url=register.php\">"; } else { $name = $_POST['name']; $password = $_POST['password']; $datem = date( "j.M.Y - G:i:s" ); $lijstGebruikers = "SELECT * FROM users WHERE specialised='$password'"; $resultLijstGebruikers = mysql_query($lijstGebruikers); if (mysql_num_rows($resultLijstGebruikers) == 1) { echo "There is allready an user that uses that email adress!"; echo "<br />Please wait till we tranfer u"; echo "<META http-equiv=refresh content=\"2;url=register.php\">"; } else { $name = $_POST['name']; $password = $_POST['password']; $pass1 = rand(0,100); $pass2 = rand(0,100); $pass3 = rand(0,100); $pass4 = rand(0,100); $pass5 = rand(0,100); $passgenerated = $pass1 . $pass2 . $pass3 . $pass4 . $pass5; if ($passgenerated) { $opdracht = "insert INTO users values('0','$name','$passgenerated','0','1500','0','100','0','0','No quote','0','0','0','0','Netherlands','0','0','0','0','0','0','$datem','0','0','0','0','0','$password')"; $resultaat = mysql_query($opdracht); if ($resultaat) { echo "<div class=\"mainText\">"; echo "Register succes! You can now login with this password: <b>\"$passgenerated\"</b>. Have fun!<br/>(You can change your password in profile, after your logged in)<br/>"; echo "<a href=index.php>Return to login</a>"; echo "</div>"; } else { echo "Register Fucked up!"; echo "<META http-equiv=refresh content=\"2;url=index.php\">"; } } else { echo "Could not send the email!"; } } } } ?> Ser dere hva som kan være feil ????
Gjest Slettet+1374861 Skrevet 27. januar 2008 Skrevet 27. januar 2008 (endret) Trykker du på... <a class="login" href="register.php">Registrer!</a> ? Ser ikke noe spesielt sånn ved første øyekast jeg vertfall... Regner med du går direkte til den siden du nevner, og ikke via register.php for så å bli redirectet..? -- De to tegnene på slutten av urlen er forøvrig \" som antyder ett eller annet forsøk på escaping, men ser ikke helt sammenhengen iforhold til det du gjorde... Endret 27. januar 2008 av Slettet+1374861
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå