[PHP] NFOGen v2.1 - NFO Rendering (Opensource)

[devNULL]

I posted it here because many user were using your script! But it was vulnerable. Never knew that kiddies will use it like that

Anyway, nice design! But theres still a bug in new script

It only checks for file extension so it could still be used as:
http://localhost/NFO/nfo.php?file=ht...com/robots.txt

That thing will work as default too!

PHP Code: 

<?php
/*
NFOGen v2.0 - NFO RENDER 
Updated: 13-11-2011
Original by Buzzard
Coded by Qarizma
*/      

if( isset($_REQUEST['file']) ) 
{ 

$uploadname = $_REQUEST['file'];



//Which filetypes are allowed?
$allow[0] = "nfo";
$allow[1] = "txt";
//$allow[2] = "tmp";
//$allow[3] = "tmp";
//$allow[4] = "tmp";

$extentie = substr($uploadname, -3);

for ($i = 0; $i < count($allow); $i++)
{
    if ($extentie == $allow[$i])
    {
        $extentie_check = "ok";
        $i = count($allow) + 5;
    }
}


if ($extentie_check and file_exists($_REQUEST['file']))
{
        // Load the NFO file... 
        //$lines = file( $_REQUEST['file'] );
$lines = file( $_REQUEST['file'] );

        // Get the longest line.... 
        $longestLine = 0; 
        $numberLines = 0; 

        foreach ($lines as $line_num => $line) 
        { 
            $line = rtrim($line); 

            $tempLineLength = strlen($line);        // Avoid calling strlen twice... 
            if( $tempLineLength > $longestLine )
                $longestLine = $tempLineLength;
        } 


        // The number of line.... 
        $numberLines = count($lines); 


        //Set up the Vars... 
        $fontWidth  = 8;
        $fontHeight = 12;

        $border = 1;    // Not one pixel, but 1*FontWidth and 1*FontHeight

        $imgWidth   = ($fontWidth * $longestLine)   + ( 2 * $border * $fontWidth );
        $imgHeight  = ($fontHeight * $numberLines)  + ( 2 * $border * $fontHeight ); 


        $currentX   = 0;
        $currentY   = 0;


        // Start GD
        $img        = imagecreatetruecolor( $imgWidth, $imgHeight );
        if ($_REQUEST['color']==1) $charMap = imagecreatefrompng( "nfogen_2.png" );
        else $charMap = imagecreatefrompng( "nfogen_2.png" );


        for($j = 0; $j < $numberLines + 2 * $border; $j++ )
        {
            // Avoid calling strlen strlen($line) times :-)
            $currentLineLength = strlen($line);
            for( $i = 0; $i < $longestLine + 2 * $border; $i++ )
            {
                // int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h)
                imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * 12), ($fontHeight * 0), $fontWidth, $fontHeight );

                // Move along one char to the right 
                $currentX = $currentX + $fontWidth;
            }
            // Move down a line, and reset the x location
            $currentX = 0;
            $currentY = $currentY + $fontHeight;
        }

        $currentX   = $border * $fontWidth; 
        $currentY   = $border * $fontHeight;


        // Main loop....
        foreach ($lines as $line_num => $line)
        {
            // Avoid calling strlen strlen($line) times :-)
            $currentLineLength = strlen($line);
            for( $i = 0; $i < $currentLineLength; $i++ )
            {
                // Get the Locatino of the char in the charmap image 
                $charYOffSet = 0;
                $charXOffSet = ord($line[$i]); // - 20;        // Becuase my charmap skips the first 20 chars :-)

                while( $charXOffSet >= 20 )
                {
                    $charYOffSet++;
                    $charXOffSet = $charXOffSet - 20;
                }

                // int imagecopy ( resource dst_im, resource src_im, int dst_x, int dst_y, int src_x, int src_y, int src_w, int src_h)
                imagecopy( $img, $charMap, $currentX, $currentY, ($fontWidth * $charXOffSet), ($fontHeight * $charYOffSet), $fontWidth, $fontHeight ); 

                // Move along one char to the right 
                $currentX = $currentX + $fontWidth; 
            }
            // Move down a line, and reset the x location
            $currentX = ($border * $fontWidth);
            $currentY = $currentY + $fontHeight; 
        }


        // Display the PNG file... 
        header ("Content-type: image/png"); 
        imagepng( $img ); 
        imagedestroy($img);        
    } 
    else 
    { 
        echo "ERROR!"; 
    } 

}
else
{
    echo "ERROR!"; 
}

?>

Let it also check whether file also exists on the server or not

another crappy update lol ...

i can insert 100000000000000000000000000000000000000x9999999 lines of txt then run it via your "nfo rendering" and tada server is fcked up better said down

@localhost - do not code if u dont know how ...

do u know what file_exists do ? jeez

[soft2050]

another crappy update lol ...

@localhost - do not code if u dont know how ...

do u know what file_exists do ? jeez

Yes i am aware of what it does? Atleast it fixes that bug

Edit: Just saw your edited reply
If you can code so much better, then why dont you code it and make it safer ??

As for what soft2050 just said, it is not and never was vulnerable for the following reasons:
- All uploaded files remain in /tmp, they cannot be accessed publicly
- Sure you can 'inject' a remote PHP file, but it will not execute, it will simply have its source printed out
- The content type is always png, so if for any reason code got injected, it will never execute

Yeah! You are right! I never said that it is vulnerable! I pointed it out because other users can also use server resources and get there task done resulting in wastage of bandwidth

[devNULL]

the msg was for localhost not for u anyway u know what is means

-----

Yes i am aware of what it does? Atleast it fixes that bug

Edit: Just saw your edited reply
If you can code so much better, then why dont you code it and make it safer ??


Yeah! You are right! I never said that it is vulnerable! I pointed it out because other users can also use server resources and get there task done resulting in wastage of bandwidth

i am not creator of this so why to fix it or sec. it ?

it is not vulnerable ? then how the hell i got myslq logins also conf file by accessing ../../etc ...

also not only high bw do u know how much res. it use to generate that a big text of lines ...

small tip: limit size upload, cahce nfo (without cache i can make script to generate nfo every sec. and i think some servers wont handle this ...)

[soft2050]

the msg was for localhost not for u anyway u know what is means

-----



i am not creator of this so why to fix it or sec. it ?

it is not vulnerable ? then how the hell i got myslq logins also conf file by accessing ../../etc ...

also not only high bw do u know how much res. it use to generate that a big text of lines ...

small tip: limit size upload, cahce nfo (without cache i can make script to generate nfo every sec. and i think some servers wont handle this ...)

I am pointing out to second bug by which any other file could be viewed! You got those logins from 1st bug which is already fixed in newer versions!

[devNULL]

i am pointing too ... i create txt file with 100000000000000000000000000000000000000x9999999 lines of txt then run it via your "nfo rendering" and tada server is fcked up better said down ...

//i can remote load txt file

http://www.besthostingforums.com/1110012-post41.htm

[l0calh0st]

no hacks can be made because you didnt upload nfo.php :/

Upload it to your own server and go find bugs.

Good job local, it's a nice little script. It has been done before of course, but this uses a slightly different method (using a second image as a character set rather than using a CP437 font).

There are a few parts of it you could do in a smaller amount of code, but for this concept it isn't worth it since it'll be fast anyway

As for what soft2050 just said, it is not and never was vulnerable for the following reasons:
- All uploaded files remain in /tmp, they cannot be accessed publicly
- Sure you can 'inject' a remote PHP file, but it will not execute, it will simply have its source printed out
- The content type is always png, so if for any reason code got injected, it will never execute

The only 'security' related thing I'd even consider with this is a size limit, but that's best done in php.ini so irrelevant to local.

Thanks for the reply, this is what we call a useful reply

I posted it here because many user were using your script! But it was vulnerable. Never knew that kiddies will use it like that

Anyway, nice design! But theres still a bug in new script

It only checks for file extension so it could still be used as:
http://localhost/NFO/nfo.php?file=ht...com/robots.txt

That thing will work as default too!

Let it also check whether file also exists on the server or not

Thanks, that haters reply was not pointed at you.

For all those other useless replies, why not helping if you can do it better?
It's open source right?

[l0calh0st]

New version released: NFOGen_v21.zip

[l0calh0st]

New link added on request:
http://www.mediafire.com/?quk1yz9b6vily5u

[manmad]

why its not creating image file. only rendering. can anyone help if can