Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: April 24, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 426 Members: 0 Total: 426 PacketStorm News ·301 Moved Permanently read more... IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpNuke -> is there a way to bypass protection? Goto page Previous  1, 2, 3  Next    View previous topic :: View next topic  Posted: Mon Apr 18, 2005 11:30 am KingOfSka Advanced user   Joined: Mar 13, 2005 Posts: 61 it would be more "ethical" advising developers before releasing exploit, but i don't think many people will upgrade. i've got an idea, but i need to test i was thinking about sending a part of the string coded in base 64 and the rest unencoded, so the filter shouldn't work.. also i heard about JOIN queryies but i need to study more sql Posted: Mon Apr 18, 2005 12:30 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu There is one thing, i wanted to say out: phpnuke developers and/or nuke fix developers are not very ethical people Let' see - base64 coding/decoding has been always big security hole to all the phpnuke engine. Many cool sql injections and xss cases are related to base64. So, when i started to work with phpnuke (~2003 december), i wrote some sanityze code to mainfile.php for finally get ride with all the base64 bugs. It was 100% private code and it was not spreading in Internet. Here it is: Code: ############################################################# #--------------- Base64 sanitize by Waraxe ----------------- if(isset($admin)) {    $admin = base64_decode($admin);    $admin = addslashes($admin);    $admin = base64_encode($admin); } if(isset($user)) {    $user = base64_decode($user);    $user = addslashes($user);    $user = base64_encode($user); } ############################################################# In some moment, somewhere in year 2004 i posted that code fragment to some forum (don't remember details) and it was spreading over the net. Let's make google search: http://www.google.com/search?hl=en&lr=&q=%22Base64+sanitize+by+Waraxe%22 and we can see, that there is more than 160 results. And for my surprise, when i looked at phpnuke source code one day: Code: if(isset($admin)) {    $admin = base64_decode($admin);    $admin = addslashes($admin);    $admin = base64_encode($admin); } if(isset($user)) {    $user = base64_decode($user);    $user = addslashes($user);    $user = base64_encode($user); } Cool, is'nt? 100% copy of my code, but without any refference to me or without any credit. Let's look at first lines in "mainfile.php": Code: /************************************************************************/ /* Additional security checking code 2003 by chatserv                   */ /* http://www.nukefixes.com -- http://www.nukeresources.com             */ /************************************************************************/ Nice, eh? They just used my code snippet without any mention of author?? Ethical?? Hell, no By the way, download some new phpnuke package, like 7.5 or 7.6 and try to find strings "waraxe" or "janek" from ALL OF THE PHPNUKE SOURCE. Heh, guess what?????????? Not a word about me. Think for one f***ing minute, how many f***ing holes i have discovered in nuke? Where are credits in changelog? Eh?? F***ck thi s**it, i am little bit mad right now So, fu*k ethics!!! I will release advisory as soon as possible Posted: Mon Apr 18, 2005 12:38 pm KingOfSka Advanced user   Joined: Mar 13, 2005 Posts: 61 revenge is a best dish when served cold lol or something like this lol i hate people "stealing" credits, it happened me when i coded many very bad program for the DC p2p sharing network... by the way, were my ideas totally useless or there was something right ? Posted: Mon Apr 18, 2005 12:54 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Well, let' see: 1. JOIN tricks instead of UNION trics - this is not useful most of the time. I am telling this by my own experience - i know theory and i have done experiements with JOIN, but there are very restrictive mitigating factors in SQL query syntax and in real life i don't remember any case, when JOIN trick worked ... 2. base64 coding mixed with other methods - this is not working idea, i think, because for base64 stuff to work, there must be code fragment, which will decode first. I can't understand, how can you somehow "put together" different sql query parts, coming from various sources... Maybe i just talking bs right now, i don't know... Anyway, feel free to experiment - i have discovered many cool bugs just by experimenting, without detailed planning Posted: Tue Apr 19, 2005 1:17 pm sp3x Valuable expert   Joined: Feb 15, 2005 Posts: 10 waraxe wrote: There is one thing, i wanted to say out: phpnuke developers and/or nuke fix developers are not very ethical people Let' see - base64 coding/decoding has been always big security hole to all the phpnuke engine. Many cool sql injections and xss cases are related to base64. So, when i started to work with phpnuke (~2003 december), i wrote some sanityze code to mainfile.php for finally get ride with all the base64 bugs. It was 100% private code and it was not spreading in Internet. Here it is: Code: ############################################################# #--------------- Base64 sanitize by Waraxe ----------------- if(isset($admin)) {    $admin = base64_decode($admin);    $admin = addslashes($admin);    $admin = base64_encode($admin); } if(isset($user)) {    $user = base64_decode($user);    $user = addslashes($user);    $user = base64_encode($user); } ############################################################# In some moment, somewhere in year 2004 i posted that code fragment to some forum (don't remember details) and it was spreading over the net. Let's make google search: http://www.google.com/search?hl=en&lr=&q=%22Base64+sanitize+by+Waraxe%22 and we can see, that there is more than 160 results. And for my surprise, when i looked at phpnuke source code one day: Code: if(isset($admin)) {    $admin = base64_decode($admin);    $admin = addslashes($admin);    $admin = base64_encode($admin); } if(isset($user)) {    $user = base64_decode($user);    $user = addslashes($user);    $user = base64_encode($user); } Cool, is'nt? 100% copy of my code, but without any refference to me or without any credit. Let's look at first lines in "mainfile.php": Code: /************************************************************************/ /* Additional security checking code 2003 by chatserv                   */ /* http://www.nukefixes.com -- http://www.nukeresources.com             */ /************************************************************************/ Nice, eh? They just used my code snippet without any mention of author?? Ethical?? Hell, no By the way, download some new phpnuke package, like 7.5 or 7.6 and try to find strings "waraxe" or "janek" from ALL OF THE PHPNUKE SOURCE. Heh, guess what?????????? Not a word about me. Think for one f***ing minute, how many f***ing holes i have discovered in nuke? Where are credits in changelog? Eh?? F***ck thi s**it, i am little bit mad right now So, fu*k ethics!!! I will release advisory as soon as possible Yes this is bad.... the same was with me... i also gave some adv about holes in phpnuke.... First i send it to nukefixes.com with patchs and said then to check the patchs... but i get no answer about my patchs ... so i was waiting and waiting.... and no response... Then i public the adv and patchs to phpnuke.... On forum nukefixes started to check my patchs... and everything was good but no credits in code that patchs was from me.... sad but true... The phpnuke security sucks .... they do not care about security... You can send them a adv but they only answer "ok fine thanks for info" or say nothing... When I and my friend send advisories about holes in Postnuke, the answer was quick. Postnuke team really care about security... they working with us to patch the postnuke and still work and still we have contact... by the way the postnuke is better written then phpnuke.... Posted: Tue Apr 19, 2005 1:45 pm murdock Advanced user   Joined: Mar 16, 2005 Posts: 54 Years ago I got the same problem but worst! I made messenger tools in VisualBasic (when messenger version was 4.x). Simple tools but very usefull: MassMessenger, MSN Fake Apps, MSN IP Stealer, etc...But some lamer used the resource editor to change my name (I was "MaDMaX" then) in all the images and strings to put his one, and distributed the tools over the net...The tools got very popular...but whith this idiot as the author... The same occured with the first hacking guide I wrote in 1999. It was the "NetBIOS Hacking Guide Step-by-step by MaDMaX". I published in my web page and....the guide has been copyed in many lamer sites but without my sign!!! (One day I started to find with google the guide and I found that only one person mentioned my name in the guide, and about 6 without author, and about 8 with the author changed!!!). I know that my case is diferent because lamers are not ethical for definition, but phpnuke developers MUST BE ethical, so If they're not, REVENGE! Last edited by murdock on Tue Apr 19, 2005 1:47 pm; edited 1 time in total Posted: Tue Apr 19, 2005 1:46 pm KingOfSka Advanced user   Joined: Mar 13, 2005 Posts: 61 in fact for phpNuke there are tons of public exploit, for postNuke there are less Posted: Tue Apr 19, 2005 4:58 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Yeah, i have good experience with many developers: postnuke, coppermine, phorum, phpbb. And most ignorant ones are phpnuke and xmbforum. Just my opinion By the way, i will release advisory #42 tomorrow, and it's about "multiple vulnerabilities" in Sentinel Posted: Tue Apr 19, 2005 6:41 pm murdock Advanced user   Joined: Mar 16, 2005 Posts: 54 "multiple vulnerabilities in Sentinel" <- YUUUUUJUUUUUUUUU!!!!!!!! Posted: Wed Apr 20, 2005 1:58 pm y3dips Valuable expert   Joined: Feb 25, 2005 Posts: 281 Location: Indonesia not only that , i use to do some pen test / black box test against some website or server yes, i do it illegaly, but i dont do any harm.. just testing when ive allready done , then i give them (Admin) a clue or something "Open" on their machine , what did they said to me ? dont try to teach me, go away, you are not smarter enough .. and many .. See ? few days later , their server/ was defaced, many files deleted n bla bla bla so ?? whats wrong ? _________________ IO::y3dips->new(http://clog.ammar.web.id); Posted: Wed Apr 20, 2005 2:05 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu y3dips wrote: not only that , i use to do some pen test / black box test against some website or server yes, i do it illegaly, but i dont do any harm.. just testing when ive allready done , then i give them (Admin) a clue or something "Open" on their machine , what did they said to me ? dont try to teach me, go away, you are not smarter enough .. and many .. See ? few days later , their server/ was defaced, many files deleted n bla bla bla so ?? whats wrong ? Yes, my experience tells me, that ~25% admins/webmasters respond friendly and patch the holes, ~25% respond unfirendly AND patch the holes, or are not responding BUT PATCHING anyway. And most interesting are those 50% - they just are not responding and are not patching too Guess what - about 6 months ago i spotted some potential flaws in Estonian bank website, i sent email and got zippo answers... Now, half year later, those holes exists and are not yet patched Nonsense.... Posted: Wed Apr 20, 2005 2:19 pm y3dips Valuable expert   Joined: Feb 25, 2005 Posts: 281 Location: Indonesia waraxe wrote: Yes, my experience tells me, that ~25% admins/webmasters respond friendly and patch the holes, ~25% respond unfirendly AND patch the holes, or are not responding BUT PATCHING anyway. And most interesting are those 50% - they just are not responding and are not patching too Guess what - about 6 months ago i spotted some potential flaws in Estonian bank website, i sent email and got zippo answers... Now, half year later, those holes exists and are not yet patched Nonsense.... sorry i forgot, a few of them would like to say thx n ask how to patch (Hell, yeah ? ) btw, about your advisories. like you said in other topic sometimes we have to makes them feel it , after that just hoping them realize it or just watching the machine _________________ IO::y3dips->new(http://clog.ammar.web.id); Posted: Wed Apr 20, 2005 4:47 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Sentinel related advisory #043 will be out tomorrow, because i was today busy with #042 - Vulns in Coppermine Posted: Wed Apr 20, 2005 7:03 pm sp3x Valuable expert   Joined: Feb 15, 2005 Posts: 10 Yeah some admins are good some bad Some admins thanks to you and give you avaibility to test host and help him patch and give toy account for free who cost many dollars.... Some admins just call the police that someone try to hack him or hacked his system... then you have problem.... If admin is good in his job he understand the risk of security when is broken. So ... best admins are who broke security of some servers or some scritps, software thats is a truth Posted: Thu Apr 21, 2005 9:05 am shai-tan Valuable expert   Joined: Feb 22, 2005 Posts: 477 Yeah those people who find all these holes and dont get the credit. I spose its because they release the exploits aswell that they dont mention it. Look at heintz he found that big problem with phpBB and they didnt even bother to mention his name or any thing because he released the exploit. BTW I dont like the phpBB crew whatso ever. _________________ Shai-tan ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds is there a way to bypass protection?   www.waraxe.us Forum Index -> PhpNuke You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT   Page 2 of 3   Goto page Previous  1, 2, 3  Next All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum Security Research by waraxe----------------General discussionHow to fixMetasploit related Hash cracking requests----------------MD5 hashesAll other hashesHash related information http://www.waraxe.us portal----------------SuggestionsCooperation proposals Security bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holes Various software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo Gallery Programming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssembler Reverse engineering----------------Newbies cornerDisassemblingPHP script decode requests Miscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy database Direct Downloads----------------ToolsTutorialsWordlists Recycle Bin----------------Removed messagesOutdated posts   Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.156 Seconds