[squid-users] Re: PHP runnig trough squid from Henrik Nordstrom on 2004-12-23 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 23 Dec 2004 13:09:10 +0100 (CET)

These are not related to Squid.

Both PHP files is web server PHP scripts which when run on an PHP enabled
web server will allow the user to download any URL via the web server.

The solution to this is to firewall your web server, denying Internet
access from the web server.

Regards
Henrik

On Thu, 23 Dec 2004, ARP/TECNOLOGIA wrote:

> please
>
>
> i have a user here who found 2 PHP code ... and this code let him to navegate in the web over the squid ... could you give-me a solution for this?
>
> the first one:
> /*
> download_file.php
> Fernando Meyer Camargo fmcamargo at gmail dot com
> */
>
> <?php
> $str_file_location = $str_url_file;
> $array_file_name = explode("/","$str_file_location");
> $file_name = end($array_file_name);
>
> header('Content-Description: File Transfer');
> header('Content-Type: application/force-download');
> header('Content-Disposition: attachment; filename=' . basename($file_name));
>
> readfile($str_file_location);
> ?>
> The second one:
> /*
> index.php
> Fernando Meyer Camargo fmcamargo at gmail dot com
> */
> <html>
> <head><title>Scottys0 Downloader</title></head>
>
> <body>
> <table width="100%" height="100%" border="0">
> <tr>
> <td align="center" valign="middle">
> <table width="100%" border="0">
> <tr>
> <td><form action="download_file.php" method="post" name="frm_downloader" id="frm_downloader">
> <div align="center"><font color="#000000" size="1" face="Verdana, Arial, Helvetica, sans-serif">((</font><font color="#FF0000" size="1" face="Verdana, Arial, Helvetica, sans-serif">
> File Downloader <font color="#000000">)) <font color="#999999">=)</font><br>
> <br>
> </font> </font> <font color="#666666" size="1" face="Verdana, Arial, Helvetica, sans-serif">
> Paste URL:</font> <font color="#666666" size="1" face="Verdana, Arial, Helvetica, sans-serif">
> <input name="str_url_file" type="text" id="str_url_file" size="80" length="100">
> </font><br>
> <br>
> <input name="bt_submit" type="submit" id="bt_submit" value="Download N0w">
> </div>
> </div>
> </form></td>
> </tr>
> </table>
> </td>
> </tr>
> </table>
> </body>
> </html>
>
> The entire article is at the link: http://www.vivaolinux.com.br/artigos/verArtigo.php?codigo=1868
>
> Best regards
>
> Robert Fernandes Francisco
> Analista de Suporte Técnico Senior
>
> Informática e Tecnologia
>
> --------------------------------------------------------------------------------
> Fábrica de Rendas Arp S.A.
> Av. Cons. Julius Arp, 80 - CEP 28623 000 - Centro - Nova Friburgo - RJ - Brasil
> Tel: +55 22 2523 0401 (246/245) Fax: +55 22 2522 2637
> http://www.arp.com.br mailto:tecno@arp.com.br
Received on Thu Dec 23 2004 - 05:09:13 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST