Question
I have written a script for doing a traceroute to a host/ip and for some reason it is coming out as tracing from my server not from the local user that is using it. If I pull up a traceroute in my terminal the out put is completely different.
It can be tried here http://beta.tracert.us I have tried to mess with the code and can't seem to get it. I'm just trying to get this up as a utility for work and for the people who would use it as other utilities are a bit laggy here at work.
Any and all help is appreciated greatly
https://stackoverflow.com/questions/18672422
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>TraceRoutes For ALL</title>
<link href='http://fonts.googleapis.com/css?family=Geo' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Josefin+Sans">
<style type="text/css">
input.fname {
border-radius: 10px;
border: true;
font-size: 80px;
font-family: Josefin Sans;
border-color:#111111 #111111 #111111 #111111;
}
body {
border-radius: 10px;
border: true;
font-size: 60px;
font-family: Josefin Sans;
border-color:#111111 #111111 #111111 #111111;
}
div.traced {
font-size: 20px;
font-family: Josefin Sans;
</style>
<?php
// Get Variable from form via register globals on/off
//-------------------------
$unix = 1; //set this to 1 if you are on a *unix system
$windows = 0; //set this to 1 if you are on a windows system
// -------------------------
// nothing more to be done.
// -------------------------
//globals on or off ?
$register_globals = (bool) ini_get('register_gobals');
$system = ini_get('system');
$unix = (bool) $unix;
$win = (bool) $windows;
//
If ($register_globals)
{
$ip = getenv(REMOTE_ADDR);
$self = $PHP_SELF;
}
else
{
$submit = $_GET['submit'];
$host = $_GET['host'];
$ip = $_SERVER['REMOTE_ADDR'];
$self = $_SERVER['PHP_SELF'];
};
// form submitted ?
If ($submit == "Traceroute!")
{
// replace bad chars
$host= preg_replace ("/[^A-Za-z0-9.]/","",$host);
echo '<center>';
echo '<body bgcolor="#FFFFFF" text="#000000"></body>';
echo("Trace Output:<br>");
echo '<pre>';
echo '<form name="test" action="ses.php" method="post">';
echo '<textarea rows="30" cols="120" readonly name="form">';
//check target IP or domain
if ($unix)
{
system ("traceroute $host");
system("killall -q traceroute");// kill all traceroute processes in case there are some stalled ones or use echo 'traceroute' to execute without shell
}
else
{
system("tracert $host");
}
echo '</textarea>';
echo '</pre>';
echo '</form>';
echo '<div class="traced">';
echo '<a href="http://beta.tracert.us">Need to trace again?</a></br>';
echo '</br>Email this or send it</br>';
echo '<a href="http://gmail.com" target="_blank">Gmail</a> | <a href="http://yahoomail.com" target="_blank">Yahoo</a> | <a href="http://hotmail.com" target="_blank">Hotmail</a></br>';
echo 'Traceroute complete</br><hr>';
echo '<a href="http://coinchat.org/r:mrmuffins">Chat for Bitcoins</a>';
echo '</div>';
}
else
{
echo '<body bgcolor="#FFFFFF" text="#000000"></body>';
echo '<center>';
echo '<p><font size="30">Your IP is: </font><font size="25" color="red">'.$ip.'</font></p>';
echo '<div id="form1">';
echo '<form methode="post" action="'.$self.'">';
echo ' Enter IP or Host </br><input type="text" class="fname" name="host" placeholder="Enter domain/IP"></input>';
echo ' </br> <input type="submit" name="submit" value="Traceroute!"></input>';
echo '</form>';
echo '</div>';
echo '<br><b>'.$system.'</b>';
echo 'This may take up to 30 seconds to output. Please be patient.';
echo '<center>';
echo '</body></html>';
}
?>
Solution
A traceroute can only be executed from the machine that is running the code.
Is the client running the code? Probably not, your server is. So you cannot get what you want.
Something more important: You have a very bad code excution vulnerability! You have to validate that the string containing the IP address contains nothing else.
Please do not use that script online. You will get hacked.
