Author Topic: Easter egg in 4images ? (Read 13861 times)

securitydot · « **on:** August 25, 2006, 01:39:39 AM »

Hello everyone , im new to 4images and after the reviewing the code
i found this in includes/page_footer.php

if ((defined("PRINT_STATS") && PRINT_STATS == 1) || (isset($HTTP_GET_VARS['printstats']) && md5($HTTP_GET_VARS['printstats']) =="6111426fcb0b0a76558f9058c331a3a6")) {

and this :

Code: [Select]

if (isset($HTTP_GET_VARS['phpinfo']) && md5($HTTP_GET_VARS['phpinfo']) == "6111426fcb0b0a76558f9058c331a3a6") { phpinfo();

Can anyone from the owners / coders of 4images explain to me / us why is that easter egg in the code ?
Thanks in advance.

V@no · « **Reply #1 on:** August 25, 2006, 01:59:35 AM »

you can turn on PRINT_STATS in includes/constants.php, you'll see some information about perfomance of your gallery at the bottom of each page

securitydot · « **Reply #2 on:** August 25, 2006, 12:30:30 PM »

PRINT_STATS has nothing to do with that

Its not right to add something that can reveal private information of the server in your scripts

and if someone wants a support u can always tell him to put a phpinfo in his 4images

V@no · « **Reply #3 on:** August 25, 2006, 02:52:00 PM »

Quote from: securitydot on August 25, 2006, 12:30:30 PM

PRINT_STATS has nothing to do with that

huh?
if you dont like it, dont enable it...simple as that...

tdkpaul · « **Reply #4 on:** August 25, 2006, 08:48:06 PM »

Quote from: securitydot on August 25, 2006, 12:30:30 PM

PRINT_STATS has nothing to do with that

calm down man

faux · « **Reply #5 on:** August 28, 2006, 08:11:35 PM »

Quote from: V@no on August 25, 2006, 02:52:00 PM

Quote from: securitydot on August 25, 2006, 12:30:30 PM
PRINT_STATS has nothing to do with that
huh?
if you dont like it, dont enable it...simple as that...

Don't enable it? The line with phpinfo() is enabled for default! You have to comment that line, to prevent from reading others your phpinfo...
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.

V@no · « **Reply #6 on:** August 29, 2006, 03:52:58 AM »

Quote from: faux on August 28, 2006, 08:11:35 PM

btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.

Exactly! nobody knows that, so what others are you talking about?

if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...

faux · « **Reply #7 on:** August 29, 2006, 11:44:55 AM »

Quote from: V@no on August 29, 2006, 03:52:58 AM

Quote from: faux on August 28, 2006, 08:11:35 PM
btw: Which string would generate 6111426fcb0b0a76558f9058c331a3a6 as md5 result?

Regards.
Exactly! nobody knows that, so what others are you talking about?
if one can crack this MD5 hash, then trust me, they can get access to the server without it anyway...

You're right. First i thought it's simple combination i can find in the docs or so on.

securitydot · « **Reply #8 on:** September 20, 2006, 08:15:57 PM »

1. If someone wants he will be able to crack it for enough time
2. What about httpd logs ? POST / GET requests ? aka HTTP REQUESTS ? what if they make u see the phpinfo() just to sniff the md5 or rewrite the script to log the var ??

securitydot · « **Reply #9 on:** September 21, 2006, 11:32:18 AM »

and btw i cracked it
6111426fcb0b0a76558f9058c331a3a6 = xxx

4images Forum & Community

News:

Author Topic: Easter egg in 4images ? (Read 13861 times)

securitydot

Easter egg in 4images ?

V@no

Re: Easter egg in 4images ?

securitydot

Re: Easter egg in 4images ?

V@no

Re: Easter egg in 4images ?

tdkpaul

Re: Easter egg in 4images ?

faux

Re: Easter egg in 4images ?

V@no

Re: Easter egg in 4images ?

faux

Re: Easter egg in 4images ?

securitydot

Re: Easter egg in 4images ?

securitydot

Re: Easter egg in 4images ?