Nov 06 2010

Facebook ‘hacking’

Category: Linux,PHP,pseudo-hacks,Socialguillem @ 4:05 AM

The ‘hacking’ on the title is in quotation marks because this isn’t something amazing. What i want to show you is a little script in PHP i did a while ago which allows to gather a facebook album addresses from a specified profile. Obviously that person shouldn’t have the album restricted because in such case, you won’t be able to see anything. But in the case the album is not restricted you can see complete albums that you would not  be able to access directly from facebook.  So you should take this only as a script for ‘deofuscation’ more than a ‘hack’.

You should modify 3 parameters in the script itself:

– $uid: corresponds to the facebook user identifier of the person owning the album you want to look for.

– $from y $to: those represents the album identifier margins where script should search between. Those are the most difficult parameters to approach. From what i’ve been able to see, the album identifiers get assigned sequentially to every new album. The best way to approach its value is to search some of your friends profile with an ID similar to the previous uid and look at one of his/her albums and try to use values of from and to around the album id you just got (500 down and up at least). This is not a very cientific approach, but it works and i can’t provide a better one at the moment. Maybe some day i will try to automatize the script to estimate also ‘from’ and ‘to’ but that will be in the future…

//Set User ID here
$uid = 4;
//Album ID to start from. 'Guessing' required...
$from = 1;
//Album ID to finish at. 'Guessing' required...
$to = 500;

$server = gethostbyname( '' );

for ( $ii = $from; $ii < $to; $ii++ )
sockAccess( $ii );

function sockAccess($ii)
global $uid;
$page = "album.php?aid=$ii&id=$uid";
global $server;
$errno = '';
$errstr = '';
$fp = 0;
$fp = fsockopen( $server, 80, $errno, $errstr, 30 );
if( $fp === 0 )
die( "Error $errstr ($errno)" );

$out = "GET /$page HTTP/1.1\r\n";
$out .= "Host: $server\r\n";
$out .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1";
$out .= " en-US; rv: Gecko/20060308 Firefox/\n";
$out .= "Connection: Close\r\n\r\n";
f write( $fp, $out );
$content = fgets( $fp );
$code = trim( substr( $content, 9, 4 ) );
f close( $fp );
if( $code != 200 )
echo "Album found!:$ii&id=$uid\n";
if( !($ii%10) )
echo "Trying around: $ii\n";
return true;

Tags: , , ,

Jun 04 2010

register_globals with mod_suphp

Category: Linux,PHPguillem @ 4:05 PM

Although turning on register_globals is not a good idea, there are some fu___ scripts out there that need that. If you can’t get rid of those scripts (you really need to try to, belive me), here comes the solution:

How do you do it in a PHP5 install with mod_suphp?
Just navigate to the folder where you have your script and create a php.ini file (if you don’t have one). Inside it, just write ‘register_globals = 1′  (without the quotation marks, of course)

Tags: ,

May 10 2007

Gráficos de todo tipo con PHP

Category: PHPguillem @ 12:13 PM

Hoy, andábamos buscando una clase PHP para crear gráficos y hemos encontrado esta:

Advanced Graphing class

Para mi gusto, la clase es algo ‘pesada’ (en cuanto a tamaño) pero cuando uno consulta las cosas que se pueden hacer, realmente se queda sorprendido. Además, es muy fácil de utilizar. Aprender a crear un gráfico no lleva ni 2 minutos.

Crear un gráfico es tan sencillo como sigue (se pueden crear muchos tipos, no solo pasteles):

$graph = new graph();

I el resultado es increible: