Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: April 20, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 571 Members: 0 Total: 571 PacketStorm News ·301 Moved Permanently read more... IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpBB -> Perhaps, too much information shown?    View previous topic :: View next topic  Perhaps, too much information shown? Posted: Fri Aug 31, 2007 4:43 am Dorsk Regular user   Joined: Aug 28, 2007 Posts: 20 Hey all! I have a snippet of code here that I would like you to take a look at: Code: <form method="post" name="login" action="checklogin.php">       <td> <div align="center">           <input name="ws_user" type="text" class="form_username" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10">           <input name="pwd" type="password" class="form_password" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10">           <br>           <input type="submit" name="Submit" value="Submit">         </div></td> </form> It was taken from a website login box. I am almost positive the site is NOT PHPNUKE. To me, it looks like there is alot of information that maybe "shouldn't" be here, meaning that an attacker has alot of information here to get past this little login. Also, what type of code can I type into the URL to do a search on the database (with the above code). I am learning php, but like everyone, we all have questions! I have been tinkering around on hackthissite.org and I seem to understand a good amount, and get through some of the missions(I have completed all of the basic, and starting on the 2nd "realistic" mission), so with that knowledge, I came up with an idea of what might work, if I am wrong, let me know! Here is an example I came up with: Code: somewebsite.com/index.php?WHERE "something=something" AND "something=something Please forgive my noobiness. We all gotta start somewhere. Posted: Fri Aug 31, 2007 9:37 am waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Your first example is common login form and has nothing wrong itself. But if we do search on Google against "ws_user", then we will find something like this: http://cms.webspell.org/index.php?site=demo Comparing login forms we can see close resemblance - so it can be WebSpell CMS. And next, looking for exploits for WebSpell: http://www.securityfocus.com/archive/1/archive/1/460937/100/0/threaded Your second example - what are You trying to say? Posted: Fri Aug 31, 2007 4:34 pm Dorsk Regular user   Joined: Aug 28, 2007 Posts: 20 I have done some searching in your forums and I was wondering if there was a way to query the database, either by the URL bar or by the search engine that is intergrated within a website. For my ecample: Code: somewebsite.com/index.php?WHERE "something=something" AND "something=something Is there a way to impliment code like this to bring back such information from the websites database? I have used your: Code: p0hh0nsee%') UNION ALL SELECT 1,2,aid,pwd,5,6,7,8,9,10 FROM nuke_authors/* with some nice success rates (however on many sites, it sends me right back to the main (index.php) right after I submit the search. I am looking for something perhaps around the same lines. Idea: Is there anything about using the forum search to get information from the database (usernames,hash,pwds,etc..) Side note: I have tested many of the examples on the forums in PHPNUKE sites (many versions) and if I input a ` in the login box,it sends me to a blank page that says "begone" on it. Why is that? Thanks alot! Posted: Fri Aug 31, 2007 4:56 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu First - this "begone" messages is the result of some anti-sql-injection code in phpnuke scripts. It is meant to be used for making sql injection attacks and xss abuse more difficult and it works as expected. Now - that "exploit line", you are using, is written specially for phpnuke. If you want to attack other targets besides phpnuke-powered, then you can always make your own working "exploit strings". One more thing - you must understand, that sql injection is security hole and programming bug or "feature" and if programmer was good and wrote php code carefully, then you just cant steal any information from database or make other db manipulations. But if website is written unsecurely or webserver has "magic_quotes=off" and programmer expected "=on", then there are lots of possibilities - stealing admin passwords, customer data from e-shops, etc, etc. Posted: Fri Aug 31, 2007 5:15 pm Dorsk Regular user   Joined: Aug 28, 2007 Posts: 20 Thank you for your information about the "begone" message. As for the "exploit line", I only use it for PHPNUKE, There are certain sites that do ban me for a "UNION ATTACK", and I am trying to find a way to change the code a bit so that will not happen, but no luck yet. How do I go about checking if a webserver has "magic_quotes" on or off? Currently I am interested in PHPNUKE sites only. 1 site in particular, it is PHPNUKE Platinum version 7.6.b.4 with NukeSentinel version 2.4.2pl1 Links, ideas, and information would be greatly helpful. Posted: Fri Aug 31, 2007 5:47 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu You have encountered "Sentinel" - powerful protection system for phpnuke. It is often very hard to bypass that anti-hacking system. And if someone finds the way, then Sentinel will be updated soon and evasion problem stays. Now, about "magic_quotes=off". My suggestion - surf the web and try to insert ("inject") single quotes to various URI parameters. If you will see sql-related error messages, then you are in right direction. Some random examples: http://www.hot.ee/http123/sql01.png http://www.hot.ee/http123/sql02.png See ya Posted: Fri Aug 31, 2007 6:07 pm Dorsk Regular user   Joined: Aug 28, 2007 Posts: 20 Thank you very much! It is all making more sense to me. I am going to install that PHPNUKE PLAT version and nuke sentinal on a remote computer for testing. If I find anything or if you have any ideas do not hesitate to PM me or reply to this post. I will check this post often and like always, browse the forum for more information. Thanks again! Perhaps, too much information shown?   www.waraxe.us Forum Index -> PhpBB You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT   Page 1 of 1   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum Security Research by waraxe----------------General discussionHow to fixMetasploit related Hash cracking requests----------------MD5 hashesAll other hashesHash related information http://www.waraxe.us portal----------------SuggestionsCooperation proposals Security bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holes Various software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo Gallery Programming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssembler Reverse engineering----------------Newbies cornerDisassemblingPHP script decode requests Miscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy database Direct Downloads----------------ToolsTutorialsWordlists Recycle Bin----------------Removed messagesOutdated posts   Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.188 Seconds