Jump to content

Possible RFI Issue?

ThePhoenixRising

By ThePhoenixRising
in PHP Coding Help

 Share

Recommended Posts

ThePhoenixRising Newbie

ThePhoenixRising

Posted
Posted

A friend told me vaguely that there is a possible insecurity with a RFI, in my dynamic image, that reads a players stats off of a seprate web page, parses it, and prints it on the image:

 

<?php
Header ('Content-type: image/jpeg');
Header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
Header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
Header('Pragma: no-cache');

// get CMID variable from the url
$cmid = htmlentities($_GET['cmid']);

if ($cmid < 100000 or $cmid > 999999);
$cmid = 563853;
elseif ($cmid > 100000 and $cmid < 999999);
$cmid = $cmid;
else 
$cmid = 563853;

// create the image using your own background
$image = imagecreatefromjpeg("background.jpg");

// dimensions of the image used
$img_width = 600;
$img_height = 9;

// set the colours
$cool = imagecolorallocate($image, 81, 86, 96);
$black = imagecolorallocate($image, 0, 0, 0);
$white = imagecolorallocate($image, 255, 255, 255);
$red = imagecolorallocate($image, 255, 0, 0);
$grey = imagecolorallocate($image, 204, 204, 204);
$green = imagecolorallocate($image, 206, 129, 18);
$blue = imagecolorallocate($image, 0, 0, 255);
$yellow = imagecolorallocate($image, 225, 225, 0);
$statcolor = $yellow;
// set the font and print text
$font = 'Verdana.ttf';

/*
// counter - CHMOD your counter file to 777
$viewss = file("views.txt");
$views = $viewss[0]; $views++;
$fp = fopen("views.txt", "w");
fwrite($fp, $views);
fclose($fp);
$counter = "$views";

// View Output
imagettftext($image, 7, 0, 16, 117, $yellow, $font, "Views:$counter");
*/

// Attempt to make web content grabber.

function get_url_contents($url){
        $crl = curl_init();
        $timeout = 5;
        curl_setopt ($crl, CURLOPT_URL,$url);
        curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout);
        $ret = curl_exec($crl);
        curl_close($crl);
        return $ret;
}

// Web content grabber execution.
$returned_content = get_url_contents("http://uberstrike.cmune.com/Profile?cmid=$cmid");

// Parsing the returned content for Global Rank.
$clanstart = strpos($returned_content, 'Clan:');
$clanend = strpos($returned_content, '</h2>', $clanstart);
$clanunref = substr($returned_content, $clanstart, $clanend);
$clanrefstart = strpos($clanunref, '[');
$clanrefend = strpos($clanunref, ']', $clanrefstart);
$clan = substr($clanunref, $clanrefstart, $clanrefend);
$clan = html_entity_decode(strip_tags($clan));


// Stripping the parsed Global Rank of HTML.
$clan = html_entity_decode(strip_tags($clan));

// Filtering Clan to only show the value number, not text or formatting in between.
$clan = str_replace ("C", "", $clan);
$clan = str_replace ("l", "", $clan);
$clan = str_replace ("a", "", $clan);
$clan = str_replace ("n", "", $clan);
$clan = str_replace (":", "", $clan);
$clan = str_replace (" ", "", $clan);

// Parsing the returned content for Name.
$namestart = strpos($returned_content, '<span style="color: #FEC42C; font-size: 20px; font-weight: bold;">');
$nameend = strpos($returned_content, '</span>', $namestart);
$name = substr($returned_content, $namestart, $nameend-$namestart);

// Stripping the parsed Name of HTML elements.
$name = html_entity_decode(strip_tags($name));

// Clan and name output.
imagettftext($image, 7, 0, 50, 7, $yellow, $font, "$clan" . "$name");

// Parsing the returned content for Global Rank.
$rankstart = strpos($returned_content, '<h2 style="font-size:14px; font-weight:bold; text-indent:0px; margin-left:25px;">');
$rankend = strpos($returned_content, '<br />', $rankstart);
$rank = substr($returned_content, $rankstart, $rankend-$rankstart);

// Stripping the parsed Global Rank of HTML.
$rank = html_entity_decode(strip_tags($rank));

// Filtering Rank to only show the value number, not text or formatting in between.
$rank = str_replace ("G", "", $rank);
$rank = str_replace ("l", "", $rank);
$rank = str_replace ("o", "", $rank);
$rank = str_replace ("b", "", $rank);
$rank = str_replace ("a", "", $rank);
$rank = str_replace ("R", "", $rank);
$rank = str_replace ("n", "", $rank);
$rank = str_replace ("k", "", $rank);
$rank = str_replace (":", "", $rank);
$rank = str_replace (" ", "", $rank);

// Rank Output.
imagettftext($image, 7, 0, 230, 7, $yellow, $font, "$rank");

$killstart = strpos($returned_content, '<h3 style="color: #FEC42C;">All time record</h3>');
$killend = strpos($returned_content, '</tr>', $killstart);
$kill = substr($returned_content, $killstart, $killend-$killstart);

// Stripping the parsed kill of HTML.
$kill = html_entity_decode(strip_tags($kill));

// Filtering kill to only show the value number, not text or formatting in between.
$kill = str_replace ("K", "", $kill);
$kill = str_replace ("i", "", $kill);
$kill = str_replace ("l", "", $kill);
$kill = str_replace ("A", "", $kill);
$kill = str_replace ("t", "", $kill);
$kill = str_replace ("m", "", $kill);
$kill = str_replace ("e", "", $kill);
$kill = str_replace ("r", "", $kill);
$kill = str_replace ("o", "", $kill);
$kill = str_replace ("d", "", $kill);
$kill = str_replace ("c", "", $kill);
$kill = str_replace ("s", "", $kill);
$kill = str_replace (" ", "", $kill);
$kill = trim($kill);

// Cannon Stats output.
imagettftext($image, 7, 0, 410, 7, $yellow, $font, $kill);

// Parsing the returned content for KDR.
$KDRstart = strpos($returned_content, '<span title="Kill Death Ratio">KDR</span>');
$KDRend = strpos($returned_content, '</tr>', $KDRstart);
$KDR = substr($returned_content, $KDRstart, $KDRend-$KDRstart);

// Stripping the parsed KDR of HTML.
$KDR = html_entity_decode(strip_tags($KDR));

// Filtering KDR to only show the value number, not text or formatting in between.
$KDR = str_replace ("K", "", $KDR);
$KDR = str_replace ("D", "", $KDR);
$KDR = str_replace ("R", "", $KDR);
$KDR = str_replace (" ", "", $KDR);
$KDR = trim($KDR);

// KDR Output.
imagettftext($image, 7, 0, 323, 7, $yellow, $font, "$KDR");

// IP Logger
$logfile= 'iplog.html';
$IPlog = $_SERVER['REMOTE_ADDR'];
$logdetails=  date("F j, Y, g:i a") . ': ' . '<a href=http://www.ip2location.com/demo.aspx?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fplog = fopen($logfile, "a"); 
fwrite($fplog, $logdetails);
fwrite($fplog, "<br>");
fclose($fplog); 

// output and destroy
imagepng($image);
imagedestroy($image);

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.