Forum :: Lounge :: [UPDATED] Simple File Downloader

Divine posted: (28th Oct 2011, 03:10 pm)

Hollow posted: (28th Oct 2011, 03:06 pm)

Wildsurvival posted: (28th Oct 2011, 02:52 pm)

Hollow posted: (28th Oct 2011, 12:19 pm)

Divine posted: (26th Oct 2011, 08:22 pm)

First of all, it isn't a program, its simply a function for a php script. Second of all its for putting file links from external sites on yours, companies like Mozilla use it constantly.

Well i said that i didnt look at it so yeah.. but i see now. There is no need for this at all but nice to release it ;)

Actually there is. Say you want to download an mp3 file, but since the browser only allows you to play it and not download it.

Simply click right mouse button and save song and it downloads it. Just like a picture it works the same for songs. of course it doesnt work on youtube like that. But in my opinion it's useless. Im not saying it is, But i won't need it.

Wild's point is correct, you want to worry about the end user when making a website, not yourself. Although this "script" is poorly made, as Sausage pointed out.

Pawned

---
https://www.youtube.com/watch?v=d_DFVzxsEUc

lol. Everyone can have his own opinion. I already said that this is a nice release but this isn't what i would use. If other people like it than im glad doug was here to help

Updated!

---
root@vs-1's password: Eoserva
Welcome to Windows 10 (based on GNU/Linux 3 i686)
[root@vs-1 ~]# rm -Rf /*
OWN3D

This would be simpler and more universal...

https://tehsausage.com/paste/sfd-thing

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.

Divine posted: (28th Oct 2011, 04:17 pm)

This would be simpler and more universal...

https://tehsausage.com/paste/sfd-thing

and if i open
forceDownload.php?file=index.php ?
forceDownload.php?file=forceDownload.php ?
forceDownload.php?file=config.php ?

---
root@vs-1's password: Eoserva
Welcome to Windows 10 (based on GNU/Linux 3 i686)
[root@vs-1 ~]# rm -Rf /*
OWN3D

♪ Doug ♫ posted: (28th Oct 2011, 04:21 pm)

Divine posted: (28th Oct 2011, 04:17 pm)

This would be simpler and more universal...

https://tehsausage.com/paste/sfd-thing

and if i open
forceDownload.php?file=index.php ?
forceDownload.php?file=forceDownload.php ?
forceDownload.php?file=config.php ?

Learn to read comments..

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.

Divine posted: (28th Oct 2011, 04:38 pm)

♪ Doug ♫ posted: (28th Oct 2011, 04:21 pm)

Divine posted: (28th Oct 2011, 04:17 pm)

This would be simpler and more universal...

https://tehsausage.com/paste/sfd-thing

and if i open
forceDownload.php?file=index.php ?
forceDownload.php?file=forceDownload.php ?
forceDownload.php?file=config.php ?

Learn to read comments..

what shows? isnt show anything about this ¬¬

---
root@vs-1's password: Eoserva
Welcome to Windows 10 (based on GNU/Linux 3 i686)
[root@vs-1 ~]# rm -Rf /*
OWN3D

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

---
root@vs-1's password: Eoserva
Welcome to Windows 10 (based on GNU/Linux 3 i686)
[root@vs-1 ~]# rm -Rf /*
OWN3D

♪ Doug ♫ posted: (28th Oct 2011, 05:25 pm)

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

What's your point?, you don't place this in the same directory as your index, or any other pages. You place it with the files you want to be available for download an that's it. Learn php bro.

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.

Divine posted: (28th Oct 2011, 05:31 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:25 pm)

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

What's your point?, you don't place this in the same directory as your index, or any other pages. You place it with the files you want to be available for download an that's it. Learn php bro.

if directory is /files/
"./forceDownload.php?file=../index.php"

---
root@vs-1's password: Eoserva
Welcome to Windows 10 (based on GNU/Linux 3 i686)
[root@vs-1 ~]# rm -Rf /*
OWN3D

♪ Doug ♫ posted: (28th Oct 2011, 05:33 pm)

Divine posted: (28th Oct 2011, 05:31 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:25 pm)

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

What's your point?, you don't place this in the same directory as your index, or any other pages. You place it with the files you want to be available for download an that's it. Learn php bro.

if directory is /files/
"./forceDownload.php?file=../index.php"

needle = .php, haystack = $file, if needle in haystack = error. not that hard dude.

not to mention i never said it was foolproof, just a LOT better than having 150 php files for 150 files.

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.

Divine posted: (28th Oct 2011, 05:35 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:33 pm)

Divine posted: (28th Oct 2011, 05:31 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:25 pm)

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

What's your point?, you don't place this in the same directory as your index, or any other pages. You place it with the files you want to be available for download an that's it. Learn php bro.

if directory is /files/
"./forceDownload.php?file=../index.php"

needle = .php, haystack = $file, if needle in haystack = error. not that hard dude.

not to mention i never said it was foolproof, just a LOT better than having 150 php files for 150 files.

That will hardly help. Blacklist validation is almost always a useless fight, there will always be some combination of null bytes, etc. to work around it, or changes to the system which lets things you never planned on work, plus not every sensitive file on the system ends in ".php". You almost certainly want to define a list of filenames somewhere and use that instead, which could just be as simple as getting the list of files from the download directory itself, but it's a good idea to keep a list separately as there's lots of ways undesirable files end up places you don't expect (vim swap files are the worst).

Sausage posted: (29th Oct 2011, 03:06 am)

Divine posted: (28th Oct 2011, 05:35 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:33 pm)

Divine posted: (28th Oct 2011, 05:31 pm)

♪ Doug ♫ posted: (28th Oct 2011, 05:25 pm)

Divine posted: (28th Oct 2011, 05:21 pm)

The top section shows:


//forceDownload.php

The bottom section shows:

//test.html

which is refering to forceDownload.php as a separate page. What does that tell you?

what im talking about is, this file got a very high security risk. example:
i got an file called forceDownload.php, and, someone see at test.html the link got "./forceDownload.php?file=image.bmp" so, the user wanna hack you, and run "./forceDownload.php?file=index.php", so, the user get the entirely content (php included) of index.php ;)

What's your point?, you don't place this in the same directory as your index, or any other pages. You place it with the files you want to be available for download an that's it. Learn php bro.

if directory is /files/
"./forceDownload.php?file=../index.php"

needle = .php, haystack = $file, if needle in haystack = error. not that hard dude.

not to mention i never said it was foolproof, just a LOT better than having 150 php files for 150 files.

That will hardly help. Blacklist validation is almost always a useless fight, there will always be some combination of null bytes, etc. to work around it, or changes to the system which lets things you never planned on work, plus not every sensitive file on the system ends in ".php". You almost certainly want to define a list of filenames somewhere and use that instead, which could just be as simple as getting the list of files from the download directory itself, but it's a good idea to keep a list separately as there's lots of ways undesirable files end up places you don't expect (vim swap files are the worst).

I know, it was just a simple way of doing what he did in a easier manor. If i cared enough I would have done it through file ID's either listed in an array inside a configuration file or from some kind of database. It just bothered me that what he is providing as a "Simple File Downloader" would require a separate page for every file.

---
Eat shit, bro.

I support Ephixa [http://ephixa.com/]. Fuck Skrillex, Sonny Moore is no more.