//
you're reading...
Hacking / Counter Intelligence, Predictive Analytics, Source Code, Tips

Tracking Website Visitors Pt5: Installation Script

/tracker/install.php

<?php
if(isset($_POST))
{
$file = "<?php
define('DB_NAME', '".$_POST["DB_NAME"]."');
define('DB_USER', '".$_POST["DB_USER"]."');
define('DB_PASSWORD', '".$_POST["DB_PASSWORD"]."');
define('DB_HOST', '".$_POST["DB_HOST"]."');

$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$con)
  {
 die('Can not connect to database: '.mysql_error());
}
mysql_select_db(DB_NAME);


function cleanInput($input) {
 
  $search = array(
    '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
  );
 
    $output = preg_replace($search, '', $input);
    return $output;
  }
?>";
file_put_contents ( 'db.inc' , $file);
	include("db.inc");
	
	$sql = "DROP TABLE IF EXISTS tracker_images, tracker_hits";
	mysql_query($sql);

	$sql = "CREATE TABLE IF NOT EXISTS tracker_images (ID int(11) unsigned NOT NULL auto_increment,
	image_key varchar(6) NOT NULL  default '',
	image blob NOT NULL,
	PRIMARY KEY (id)) ENGINE=MyISAM  DEFAULT CHARSET=utf8";

	mysql_query($sql);
	
	$sql = "CREATE TABLE IF NOT EXISTS `tracker_hits` (
	`id` int(11) unsigned NOT NULL auto_increment,
	`user_agent` varchar(255) NOT NULL default '',
	`remote_addr` varchar(255) NOT NULL default '',
	`http_referer` varchar(255) NOT NULL default '',
	`accept_language` varchar(255) NOT NULL default '',
	`timestamp` varchar(255) NOT NULL default '',
	`image_key` varchar(6) NOT NULL  default '',
	PRIMARY KEY  (`id`)
	) ENGINE=MyISAM  DEFAULT CHARSET=utf8";
	
	mysql_query($sql);
	
	mysql_close($con);
}
?>
<form enctype="multipart/form-data" action="install.php" method="post" name="changer">
<label for="DB_NAME" title="DB_NAME">DB_NAME:</label><input name="DB_NAME" type="text"><br/>
<label for="DB_USER" title="DB_USER">DB_USER:</label><input name="DB_USER" type="text"><br/>
<label for="DB_PASSWORD" title="DB_PASSWORD">DB_PASSWORD:</label><input name="DB_PASSWORD" type="text"><br/>
<label for="DB_HOST" title="DB_HOST">DB_HOST:</label><input name="DB_HOST" type="text"><br/>
<input value="Submit" type="submit">
</form>
  1. Tracking Website Visitors Pt1: Masking Image Requests
  2. Tracking Website Visitors Pt2: Returning Image From Database
  3. Tracking Website Visitors Pt3: Returning Tracking Information
  4. Tracking Website Visitors Pt4: Uploading Image to MySql
  5. Tracking Website Visitors Pt5: Installation Script
Advertisements

About Pythorian

Exploration and Production oriented security consultant for securing IT infrastructures relating to natural resources.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: