Jump to content

PHP WebUI Logon


Recommended Posts

<title>µT WebUI</title>
// if running this on your own server, change this to your domain
$d = 'splintax.com';
if($_POST) { // if form has been submitted
echo '<meta http-equiv="refresh" content="1;'; // site auto-refreshes
// generate and refresh url
echo 'http://'.$_POST["user"].':'.$_POST["pass"].'@'.$_POST["ip"].':'.$_POST["port"].'/gui/index.html';
echo '" />';
<meta name="author" content="Scott Young" />
<meta http-equiv="content-type" content="text/html;charset=windows-1252" />
<style type="text/css">
* {margin: 0; padding: 0;}
body {font-family: tahoma, sans-serif; background-color: #666; color: #000; text-align: center;}
h1 {text-decoration: underline; margin-bottom: 10px;}
h2 {color: #fff; background-color: #333;}
div#m {border: 3px #999 solid; width: 20em; margin-left: auto; margin-right: auto; margin-top: 10em; padding: 10px; font-weight: bold; font-size: 0.5em; background-color: #<?php if($_POST) echo '000'; else echo 'ddd'; ?>; color: #000;}
input {margin-bottom: 10px; text-align: center;}
.submit {padding: 10px;}
.n {font-weight: normal;}
a {color: #555; text-decoration: none; background-color: #ccc;}
a:hover {text-decoration: underline; background-color: #bbb; color: inherit;}

<div id="m">
if($_POST) {
echo '<br /><br /><br /><h2>redirecting..</h2>';
else {
$rnd = rand()%65534 + 1;
echo '<h1>µT WebUI</h1>';
echo '<form action="'.$PHP_SELF.'" method="post">';
echo '<div>';
echo 'ip address (yours by default)<br />';
echo '<input name="ip" type="text" value="'.$REMOTE_ADDR.'" /><br />';
echo 'port (randomized)<br />';
echo '<input name="port" type="text" value="'.$rnd.'" /><br />';
echo 'username<br />';
echo '<input name="user" type="text" value="user" /><br />';
echo 'password<br />';
echo '<input name="pass" type="password" value="pass" /><br />';
echo '<input class="submit" name="submit" type="submit" value="open webui" /><br />';
echo 'written by scott young<br /><span class="n">valid <a href="';
echo 'http://validator.w3.org/check?uri=http%3A%2F%2F'.$d.$PHP_SELF;
echo '">xhtml 1.0 strict</a> / <a href="';
echo 'http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2F'.$d.$PHP_SELF;
echo '">css</a></span></div></form>';

Hi Ultima :)

I haven't been around in a while, since I've been a lot busier this year with school - final year :(

Nice to see some healthy skepticism though.

AFAIK there's no security risk with this, as it just passes your IP, etc. straight back to itself using POST. However I'm not a PHP expert, I suppose my server could be logging the postdata or something.

I really just wrote it to muck around with the CSS validator, I was trying to make a page that didn't throw any CSS warnings :P

edit: And just to make you more skeptical.. releasing the PHP source isn't really that helpful, since you can't 'compile it yourself' so to speak. I could still be running different code.

Link to comment
Share on other sites

Please accept my apologies splintax.

It wasn't my intention to say anything bad about you. Even if you were an unkown person to this community.

I should have added that even if the owner of the page gets the info it doesn't mean he's gona abuse it. And now that I look at the full source it your logging has to be fairly extensive to aquire the data now. A GET form for example would have shown the info in your website log. That doesn't say anything about someones intentions ofcourse, but the info would be there stored on your server all the same.

Still I would warn against creating this kinda pages. Its very easy for someone to take your code. Include some php to store the details and then post it here and say "Hey try this one, I made one too."

There are enough people out there that are prepared to do something like this then ruin someones torrents just to gloat over the 'stupidity' of the guy he just harrassed just to make themselves feel better.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...