There are so many pastebins on the Internet these days. Why does the world need another one? I don’t know, but I wanted one for myself because of my friends and I when we were in Computer Science. Others found the pastebin so I then made password protected pastes. I like how the Pastebin is now. The only problems I have with it are that in FireFox when you copy and paste from it it also includes some weird numbers, so you have to copy and paste from the code box which isn’t that bad. Also I was trying to implement a printer friendly feature but I’m too sick of working on it so I gave up after I realized that with it people were able to circumvent password protection, I know there’s a way to fix that but I’m just too tired.
It was originally written by Paul Dixon, released under the GPL. Naturally, this is also under the GPL. I was planning on fixing up the code to make it look nicer because the original author made weird use of whitespace but screw it I’m too tired. You can see it in action here.
Features
- Password Protected Pastes
- reCAPTCHA anti-spam security
- Archive Page
- FamFamFam Icons
- Updated with the latest version of GeSHi from SVN. Support for many more languages.
Changelog
1.5
- Fixed bug where people could download password protected pastes
- Cleaned all URLs with mod_rewrite for SEO
Sites Using this Pastebin
- mscripts.net: A site dedicated to mIRC scripts
Download pastebin.tgz 1.5 - Last Updated: 6-29-08
yep it worked after that
Blaenk Denum wrote:
Nice to know.
Blaenk Denum wrote:
Nice thanks for the code.
dark wrote:
Awesome!
—–
This was a test.
Hello,
Thanks for the script, I’m using it on a personal basis and it full fill all my need.
However, it has a bug for the bash script after a variable surrounded by {} like in this example:
http://paste.blaenkdenum.com/406
it insert thos two character right after: |>
In the original pastebin script, it’s OK:
http://pastebin.com/m657b200e
Hope there is a easy work around.
Regards,
Nicolas.
I’ve updated it to geshi’s latest version (Geshi is the syntax highlighter). I don’t know if this fixes it but I doubt it because there didn’t seem to be a change in the bash file. Get version 1.3 above and if you still experience problems let me know and I will contact the geshi developers about it.
Upgrading is simple, simply backup your config file in config/ and then overwrite everything in the top level directory with the new version’s files, then drop your config file back in.
Hello,
Thanks a lot for the support, now it works
Variable surrounded by {} are not highlighted any more but at least the code is correct, it’s all I need!
Regards,
Nicolas.
Glad it worked and thanks for using my pastebin! Let me know if you need anything else.
Vendor: http://www.blaenkdenum.com/pastebin/
Discovered: 22 June 2008
Reported: No
Founder: Dr.Wh4x
Dork: inurl:pastebin inurl:”index.php?dl=*”
Intro:
This pastebin mod is vulnerable to bypass the password protected paste’s you can insert in the system. To bypass this you can simply download the paste without any form of knowing the password.
P.O.C:
Protected paste: http://paste.blaenkdenum.com/257
Download paste: http://paste.blaenkdenum.com/?dl=257
Interesting but I’m not the one who wrote the previous message…
Haha, wow, it’s so obvious I don’t know how I let that get through
Thanks Nicolas for filling me in. I’ve fixed that bug and added some rewrite rules to make the pastebin look more user friendly. You should get version 1.5. Thanks again for letting me know, at least you did, unfortunate that ‘Dr. Wh4x’ didn’t.
http://wizz.freetzi.com/pastebin1/pastebin.php
Hmm, what am I doing wrong? :/
Hey Jorge i was going through the script and i like it im a web security person hacker whatever you want to call it and i was looking through the code to check it etc for vulnerabilities and found another one. Just letting you know to patch
Script: http://www.blaenkdenum.com/pastebin/
Discovered: August 07 2008
Reported: Yes
Exploiter: UnDeTecT
Dork: inurl:pastebin inurl:”pastebin.php?diff=*”
This script is unsecure and open to bypass password protected paste. Find a password protected paste click to get to password prompt grab id # from url put into the $_GET['diff'] of pastebin.php and ACCESS GRANTED!…
Proof of Concept:
Protected paste: http://paste.blaenkdenum.com/257
Unprotected paste: http://paste.blaenkdenum.com/di/257
or
Unprotected paste: http://paste.blaenkdenum.com/pastebin.php?diff=257
@UnDeTecT: Thanks a lot for the information, I really appreciate it! I guess this uses the same method that the dl method used haha, stupid me. Thanks again
@wizz: Can you please paste your conf file somewhere? Of course, delete any sensitive information from it.
no problem man i liked the script
You stilled need to patch it to check becuase you can still bypass it if someone repost the changed post with no password.
Sorry what? I think the Diff feature of this script is pointless anyways so I’m going to remove it, as it’s causing a few problems already, also it doesn’t even work that well. By the way, I’m using the pastebin.com script, it’s open source, I’ve simply modified it a lot or something.
Thanks for the help though!
yea i know no problem just give credit for the patch if you use it.. i patched it up on mine and got the diff working correctly
Oh you did? Would you mind sending over the source or a patch? I would appreciate it. And of course I give credit where credit’s due