4images Forum & Community
4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: securitydot on August 25, 2006, 01:39:39 AM
-
Hello everyone , im new to 4images and after the reviewing the code
i found this in includes/page_footer.php
if ((defined("PRINT_STATS") && PRINT_STATS == 1) || (isset($HTTP_GET_VARS['printstats']) && md5($HTTP_GET_VARS['printstats']) =="6111426fcb0b0a76558f9058c331a3a6")) {
and this :
if (isset($HTTP_GET_VARS['phpinfo']) && md5($HTTP_GET_VARS['phpinfo']) == "6111426fcb0b0a76558f9058c331a3a6") { phpinfo();
Can anyone from the owners / coders of 4images explain to me / us why is that easter egg in the code ?
Thanks in advance.
-
you can turn on PRINT_STATS in includes/constants.php, you'll see some information about perfomance of your gallery at the bottom of each page ;)
-
PRINT_STATS has nothing to do with that :evil:
Its not right to add something that can reveal private information of the server in your scripts :evil:
and if someone wants a support u can always tell him to put a phpinfo in his 4images 8O
-
PRINT_STATS has nothing to do with that :evil:
huh?
if you dont like it, dont enable it...simple as that...
-
PRINT_STATS has nothing to do with that :evil:
calm down man :mrgreen:
-
PRINT_STATS has nothing to do with that :evil:
huh?
if you dont like it, dont enable it...simple as that...
Don't enable it? The line with phpinfo() is enabled for default! You have to comment that line, to prevent from reading others your phpinfo...
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?
Regards.
-
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?
Regards.
Exactly! nobody knows that, so what others are you talking about? :roll:
if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...
-
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?
Regards.
Exactly! nobody knows that, so what others are you talking about? :roll:
if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...
You're right. First i thought it's simple combination i can find in the docs or so on. ;)
-
1. If someone wants he will be able to crack it for enough time
2. What about httpd logs ? POST / GET requests ? aka HTTP REQUESTS ? what if they make u see the phpinfo() just to sniff the md5 or rewrite the script to log the var ??
-
and btw i cracked it
6111426fcb0b0a76558f9058c331a3a6 = xxx