1 Topic by ashleybaker (edited by 2008-08-21 20:01:07)

  • Registered: 2004-08-29
  • Posts: 37

Topic: [HACK] record search entries...

Name: Record search entries.
Author:
CuteNews Compatibility: 1.3.6 - * (no incompatibility reported yet)
Description: Hi
simple thing i think is great enough to be put into the hack section and make me famous....
In older versions people could get hacked through search.php. Since 1.4.6 this should be fixed. Though you can also use this to get some insight about popular topics on your site. So you can provide some more info about that on your site.
Instructions: 

$ip = getenv('REMOTE_ADDR');      // get ip
$fp = fopen("search.txt", "a");  // open search.txt
fputs($fp, "$story - $ip\n");     // prints the search term and the ip to search.txt
fclose($fp);                      // closes the file

add this to line 255 of search.php

it stores every search term (only the simple search, easy to modify to recored the advanced search as well if you wanted to), and the ip of who did it

make sure you make search.txt and chmod it to 777 (666 would also work i think...), then open up search.txt to see it set out like:
search words - 127.0.0.0
happy people - 12.12.12.12
shoes - 56.56.56.56
etc etc

you could rename all search.txt's to some random letters so that people cannot access it unless they know the file name (something like aunqio73.txt)

https://cutephp.com/forum/style_emoticons/default/smile.gif

2 Reply by dubster (edited by 2004-10-04 18:02:33)

  • dubster
  • Don't pet the sweaty things.
  • Offline
  • Registered: 2004-07-23
  • Posts: 1,004

Re: [HACK] record search entries...

It's been pointed out that the current search.php does not go as high as line 255 sad

So I'm hoping we can get a more complete idea of how to use this hack.

Dubs'