Sikkerhedscheck af php system
Goddag.Jeg har netop downloadet et phpsystem, der ved indtastning af angivet kodeord- giver mulighed for ændring af samtlige filer på det pågældende webhotel.
Derfor ønsker jeg nu et meget nøje sikkerhedscheck, med resultat af enten afslag, eller anbefaling af benyttelse.
Jeg ønsker ikke at foretage ændringer, mit formål er derimod at informeres om sikkerhedsmæssige ulemper.
I henhold til disse krav, har jeg afsat 200 point.
Jeg takker på forhånd mange gange for ethvert indlæg, da jeg værdsætter dette forums professionelle indgangsvinkel til besvarelser.
Der er tale om følgende kode:
<?php
function template(){
?>
<head><style type="text/css">
TD {
FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana
}
A:link {text-decoration: none; color: #2E26CD;}
A:visited {text-decoration: none; color: #2E26CD;}
A:hover {text-decoration: none; color: #990000; font-style: normal; background-color: transparent; text-decoration: underline position: relative; top: 1.5px; left: 1.5px;}
</style>
</head>
<?php
}
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
$password = "KODEORD"; //CHANGE THE LOGIN PASSWORD
//Copyright Cgixp Team
?>
<?php
$action=$HTTP_GET_VARS['action'];
if ($action == "" ){
?><center><table align=middle><td align=left width=20%>
<tr><td height="27" colspan="2"><FONT SIZE="4" COLOR="#000000">:: Power Editor ::</FONT></td><tr><td>Password Required (Default is: changeme)</td></tr><tr><form method=post action="?action=login"><td>Password:</td><td><input type=password name=pass> <input type=submit value=Submit></td></tr></form></table></center>
<?php
}
if ($action=="download"){
$filedata = stat("$dir/$p");
$filesize = $filedata[7];
//$ft = getfiletype("$filename");
//header("Content-Type: $ft[1]");
header("Content-Length: $filesize");
header("Content-Disposition: attachment; filename=$p");
readfile("$dir/$p");
exit;
}
if ($action=="login"){
if ($pass==$password){
header("Location:?action=templates");
}else{
echo "<FONT SIZE=2 COLOR=red>Invalid Password</FONT>";
}
}
echo "<html><head>";
?>
<?php
if ($action=="view"){
template();
echo"<center><FONT SIZE=2 face=arial>Viewing $p</FONT><table width=94% border=1 bordercolor=#AFC6DB cellspacing=0><tr><td>";
$po=show_source("$dir/$p");
echo "</td></tr></table><table><form method=post action=\"?action=templates&dir=$dir\"><tr><td align=middle><input type=submit value=Back></form></td></tr></table></center>";
}
if ($action=="see"){
template();
$image_info = getimagesize("$dir/$p");
$image_stat = stat("$dir/$p");
echo"<center><FONT SIZE=2 face=arial>Viewing $p</FONT><table width=$image_info[0] height=$image_info[1] border=1 bordercolor=#AFC6DB cellspacing=0 valign=middle bgcolor=#fffff><tr><td align=middle valign=middle>";
$po="<img src=$dir/$p>";
echo "$po</td></tr></table><table width=80% align=middle><td align=middle>$image_info[3]</td></tr></table><table><form method=post action=\"?action=templates&dir=$dir\"><tr><td align=middle><input type=submit value=Back></form></td></tr></table></center>";
}
if ($action=="changeattrib") {
template();
echo"<form method=post action=?action=permission&te=$te&path=$dir><FONT SIZE=2 COLOR=#00000>Change $te Permission</FONT><BR><input type=hidden name=u value=$te><input type=radio name=no value=555>Chmod 555<BR><input type=radio name=no value=666>Chmod 666<BR><input type=radio name=no value=777>Chmod 777<BR><input type=submit vlaue=Change></form>";
}
if ($action=="permission") {
template();
$v=chmod("$path/$te",$no);
echo "$te has been set to CHMOD $v<BR><A HREF=?action=templates&dir=$path>Back</A>";
}
if ($action=="tempedit") {
template();
$te=$HTTP_GET_VARS['te'];
$dir=$HTTP_GET_VARS['dir'];
$filename = "$dir/$te";
$fd = fopen ($filename, "r");
$stuff = fread ($fd, filesize ($filename));
fclose ($fd);
?>
<td height="399" bgcolor="" width="81%" valign="top">
<center>
<form method="post" action="?action=temp2&dir=<?php echo $dir ?>&te=<?php echo $te ?>">
<table width="100%" border="1" bgcolor="D6D5D4" bordercolor="#778899" cellpadding="0" cellspacing="0">
<tr>
<td><font size="1">File editor editing <?php echo "<b>$dir/$te</b>"; ?></font></td>
</tr>
<tr>
<td width="86%" align=middle>
<textarea name="cont" cols="80" rows="25"><?php echo $stuff ?></textarea>
</td>
</tr>
<tr>
<td width="86%" align=middle>
<input type="submit" name="Submit" value="Save"> <input type="button" name="Cancel" value="Cancel" onclick="java script: history.back(1)">
</td>
</tr>
<tr>
</tr>
</table></center>
</form>
<?php
}
if ($action=="temp2") {
template();
$cont=stripslashes($cont);
$fil = "$dir/$te";
$fp = fopen($fil, "w");
fputs($fp, $cont);
fclose($fp);
?>
<td height="399" bgcolor="<?php echo $color1 ?>" width="81%" valign="top">
<table width="100%" border="0" cellpadding="5" cellspacing="0">
<tr>
<td align=middle><font size="2">File saved<BR><?php echo "<a href=?action=templates&dir=$dir>Go Back</a>"; ?></font></td>
</tr>
</table>
<?php
}
if ($action=="templates") {
template();
?>
<td height="399" bgcolor="<?php echo $color1 ?>" width="81%" valign="top">
<table width="100%" border="0" cellpadding="5" cellspacing="0">
<tr>
<td><font size="1">Files:</font>
</td>
</tr>
<tr valign="top">
</td>
</tr>
<tr>
<td width="86%">
<?php
if ($dir==""){
$dir=".";
}
echo "<center><TABLE WIDTH=\"85%\" BORDER=\"1\" CELLSPACING=\"1\" CELLPADDING=\"0\" align=middle bordercolor=#AFC6DB><TR><td></td><TD COLSPAN=\"2\" BGCOLOR=\"#ffffff\" width=55%><FONT COLOR=\"#000000\" SIZE=\"-1\" FACE=\"Verdana\">Filename</td><td width=5% align=center>Edit</td><td width=10% align=middle>Filesize</td><td width=10% align=middle>Permission</td><td width=10% align=middle>Download</td><td align=middle>Delete</td></FONT></TR>";
$handle = @opendir($dir);
while (false !== ($file = readdir($handle))) {
$attrib=fileperms("$dir/$file");
$filesize=filesize("$dir/$file");
$file_size_now = round($filesize / 1024 * 100) / 100 . "Kb";
$n= explode(".",$file);
if ($n[1] == ""){
$img="img/dir.gif";
}elseif($n[1]=="php"){
$img="img/php.jpg";
}elseif($n[1]=="zip"){
$img="img/zip.gif";
}elseif($n[1]=="gif"){
$img="img/gif.gif";
}elseif($n[1]=="html"){
$img="img/html.gif";
}elseif($n[1]=="ini"){
$img="img/ini.gif";
}elseif($n[1]=="jpg"){
$img="img/jpg.gif";
}elseif($n[1]=="txt"){
$img="img/txt.gif";
}elseif($n[1]=="exe"){
$img="img/exe.gif";
}else{
$img="img/no.gif";
}
if ($n[1] == ""){
$link="?action=templates&dir=$dir/$file";
$link1="-";
}elseif ($n[1] == "gif"){
$link="?action=see&p=$file&dir=$dir";
$link1="-";
}
elseif ($n[1] == "jpg"){
$link="?action=see&p=$file&dir=$dir";
$link1="-";
}
elseif ($n[1] == "zip"){
$link="?action=download&p=$file&dir=$dir";
$link1="-";
}
elseif ($n[1] == "exe"){
$link="?action=download&p=$file&dir=$dir";
$link1="-";
}
else{
$link="?action=view&p=$file&dir=$dir";
$link1="<a href='?action=tempedit&te=$file&dir=$dir'>Edit</a>";
}
if($dir!="."){
$uplink="<tr><td></td><td align=middle><a href=?action=templates><img src=img/up.gif border=0>Back</a></td></tr></table></center>";
}else{
$uplink="</table>";
}
if ($file != "." && $file != ".." && $file != "editor.php" ) {
echo "<TR><TD align=middle><IMG SRC=\"$img\" BORDER=0 ></td><TD COLSPAN=\"2\" BGCOLOR=\"#ffffff\" width=30%> <FONT COLOR=\"#000000\" SIZE=\"-1\" FACE=\"Verdana\"><a href=\"$link\">$file</a></td><td width=10% align=middle>$link1</td><td width=10% align=middle>$file_size_now</td><td width=10% align=middle><a href='?action=changeattrib&te=$file&dir=$dir'>$attrib</a></td><td align=middle><a href='?action=download&p=$file&dir=$dir'>Download</a></td><td align=middle><a href=\"?action=delete&te=$file&dir=$dir\" alt=Delete><img src=\"img/del.gif\" border=0></img></a></td></FONT></TR>";
}
}
echo "</table><table><BR>$uplink";
closedir($handle);
?>
<?php
}
if ($action=="delete") {
template();
$fd = unlink("$dir/$te");
//fclose ($fd);
echo "File has been deleted";
?>
</td>
</tr>
</table>
</form>
<?php
}
echo "<BR><CENTER><FONT SIZE=2 face=arial>Powered By <A HREF=http://www.cgixp.tk target=_new>Power Editor</A></font></CENTER>";
?>
På forhånd mange tak, håber på besvarelser.