4images Forum & Community

4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: securitydot on August 25, 2006, 01:39:39 AM

Title: Easter egg in 4images ?
Post by: securitydot on August 25, 2006, 01:39:39 AM: Hello everyone , im new to 4images and after the reviewing the code
i found this in includes/page_footer.php
Code: [Select]
if ((defined("PRINT_STATS") && PRINT_STATS == 1) || (isset($HTTP_GET_VARS['printstats']) && md5($HTTP_GET_VARS['printstats']) =="6111426fcb0b0a76558f9058c331a3a6")) {and this :
Code: [Select]
if (isset($HTTP_GET_VARS['phpinfo']) && md5($HTTP_GET_VARS['phpinfo']) == "6111426fcb0b0a76558f9058c331a3a6") { phpinfo();

Can anyone from the owners / coders of 4images explain to me / us why is that easter egg in the code ?
Thanks in advance.
Title: Re: Easter egg in 4images ?
Post by: V@no on August 25, 2006, 01:59:35 AM: you can turn on PRINT_STATS in includes/constants.php, you'll see some information about perfomance of your gallery at the bottom of each page ;)
Title: Re: Easter egg in 4images ?
Post by: securitydot on August 25, 2006, 12:30:30 PM: PRINT_STATS has nothing to do with that :evil:
Its not right to add something that can reveal private information of the server in your scripts :evil:
and if someone wants a support u can always tell him to put a phpinfo in his 4images 8O
Title: Re: Easter egg in 4images ?
Post by: V@no on August 25, 2006, 02:52:00 PM: Quote from: securitydot on August 25, 2006, 12:30:30 PM
PRINT_STATS has nothing to do with that :evil:
huh?
if you dont like it, dont enable it...simple as that...
Title: Re: Easter egg in 4images ?
Post by: tdkpaul on August 25, 2006, 08:48:06 PM: Quote from: securitydot on August 25, 2006, 12:30:30 PM
PRINT_STATS has nothing to do with that :evil:

calm down man :mrgreen:
Title: Re: Easter egg in 4images ?
Post by: faux on August 28, 2006, 08:11:35 PM: Quote from: V@no on August 25, 2006, 02:52:00 PM
Quote from: securitydot on August 25, 2006, 12:30:30 PM
PRINT_STATS has nothing to do with that :evil:
huh?
if you dont like it, dont enable it...simple as that...
Don't enable it? The line with phpinfo() is enabled for default! You have to comment that line, to prevent from reading others your phpinfo...
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.
Title: Re: Easter egg in 4images ?
Post by: V@no on August 29, 2006, 03:52:58 AM: Quote from: faux on August 28, 2006, 08:11:35 PM
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.
Exactly! nobody knows that, so what others are you talking about? :roll:
if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...
Title: Re: Easter egg in 4images ?
Post by: faux on August 29, 2006, 11:44:55 AM: Quote from: V@no on August 29, 2006, 03:52:58 AM
Quote from: faux on August 28, 2006, 08:11:35 PM
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.
Exactly! nobody knows that, so what others are you talking about? :roll:
if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...
You're right. First i thought it's simple combination i can find in the docs or so on. ;)
Title: Re: Easter egg in 4images ?
Post by: securitydot on September 20, 2006, 08:15:57 PM: 1. If someone wants he will be able to crack it for enough time
2. What about httpd logs ? POST / GET requests ? aka HTTP REQUESTS ? what if they make u see the phpinfo() just to sniff the md5 or rewrite the script to log the var ??
Title: Re: Easter egg in 4images ?
Post by: securitydot on September 21, 2006, 11:32:18 AM: and btw i cracked it
6111426fcb0b0a76558f9058c331a3a6 = xxx