 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
what happens to waraxe.us |
 |
 Posted: Thu Nov 17, 2005 8:24 am |
 |
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
 |
|
 |
|
for a while i found this site was down
dont know why , or waraxe updating something :p
for a screenshot here , http://geocities.com/y3d1ps/blog/waraxe.jpg
i just curious , coz never find this site was down
glad it up again  |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Thu Nov 17, 2005 10:25 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| This was server-wide mysql daemon downtime. As I am using currently shared hosting, then there is nothing I can do against downtimes. But anyway this hoster seems to be stable enough for me riht now |
|
|
|
|
| Posted: Thu Nov 17, 2005 6:12 pm |
|
|
| shai-tan |
| Valuable expert |
 |
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
Ubuntu  |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
| Posted: Fri Nov 18, 2005 1:35 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
| Posted: Fri Nov 18, 2005 2:17 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Well, from that exploit:
| Code: |
# PHPNuke-sp3x[1] |
# This exploit is based on 'query' |
# SQL injection vuln in Search module. |
# |
# References: |
# securityreason.com/achievement_securityalert/26 |
|
Now, from securityreason alert #26:
| Code: |
- --- 1. * SQL query problem ---
phpBB2 don't check size of sql query. So we can send any data in all post variables.
Standart Environment:
post_max_size=8M (standart)
max_allowed_packet < 7M (1M standart in mysql)
Example Evironment:
memory_limit>8MB
max_execution_time=30
max_allowed_packet=1M
|
I don't get it ...
That alert#26 points to low-level bug, leading to possible memory overuse and php warning messages, therefore revealing path info.
It has nothing to do with sql injection.
Now, from perl script:
| Code: |
$query = "name=Search&query=s%')/**/UNION/**/SELECT/**/0,pwd,0,aid,0,0,0,0,0,0/**/FROM/**/nuke_authors/*";
|
Wtf?? I don't believe, that this will work.
Anyway, what i have in waraxe.us:
1. error_reporting(0) , so no warnings (most of the time)
2. sql tables prefix is unique, so no "select ... from nuke_authors ..." is possible
3. admin.php is unnamed, but under .htaccess protection
4. admin module overwritten, so admin operations are all accepted only through POST method. So no IMG and other GET tricks here.
And finally, i was testing this perl script against waraxe.us and it has failed.
My guess - this perl script is fake/hoax. Am I wrong?  |
|
|
|
|
|
|
|
|
| Posted: Fri Nov 18, 2005 2:47 pm |
|
|
| Heintz |
| Valuable expert |
|
|
| Joined: Jun 12, 2004 |
| Posts: 88 |
| Location: Estonia/Sweden |
|
|
|
|
|
|
this might be a bit offtopic but here goes anyway,
Those GET tricks reminded me another issue that is also often overlooked:
auto-submitting forms:
nice.html:
| Code: |
<html>
<head>
<title>Foo</title>
</head>
<body onLoad="document.f.submit();">
<form name="f" action="test.php" method="POST">
<input type="text" name="username" value="foo"><br>
<input type="password" name="password" value="baar"><br>
<input name="saadab" type="submit" value="Send">
</form>
</body>
</html>
|
and in test.php
is for example:
| Code: |
<?php
var_dump($_POST);
?>
|
then result of visiting nice.html is
| Code: | | array(2) { ["username"]=> string(3) "foo" ["password"]=> string(4) "baar" } |
so referal check or verify page/popup or some unique id thingy might be nessesary too 
this creates other interesting ideas like when a popular site is owned then attacker could plant a small iframe somewhere and then all visitors could be potentially DoS-ers, sql injectors etc. - or to say more correctly thei're browsers would. and
i was gonna investigate possibilities more deeply but havent got time really, but i'm writing so much i know here and maybe someone else picks up. hope it helps Waraxe too a bit |
|
_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
| Posted: Fri Nov 18, 2005 5:49 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Yep, there are always some possibilities to exploit things 
Talk about admin operations, there can be implementation of Turing Numbers (machine unreadable image) to asking/submitting/verify authorization codes. Even phpnuke himself contains this function in registration and/or login part. |
|
|
|
|
| Posted: Fri Nov 18, 2005 9:46 pm |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
| Nothing Wrong with Ubuntu, I just recognised it. Never liked it to much myself but hey its open source so what the hell. |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
| Posted: Sun Nov 20, 2005 2:10 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| waraxe wrote: | Anyway, what i have in waraxe.us:
1. error_reporting(0) , so no warnings (most of the time)
|
yep, i think it handle the blown error (sometimes, in most case )
| Quote: |
2. sql tables prefix is unique, so no "select ... from nuke_authors ..." is possible
3. admin.php is unnamed, but under .htaccess protection
4. admin module overwritten, so admin operations are all accepted only through POST method. So no IMG and other GET tricks here.
|
anyway u give some fresh idea to other admin, altough ive laready did it with PHPBB in my forum, so "kiddies" whos runnin "xplo" only found 404 page :p (for example)
| Quote: |
And finally, i was testing this perl script against waraxe.us and it has failed.
My guess - this perl script is fake/hoax. Am I wrong? |
hard to find a real xplo, even in milw0rm ??? :p |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
| Posted: Sun Nov 20, 2005 2:14 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| Heintz wrote: | | i was gonna investigate possibilities more deeply but havent got time really, but i'm writing so much i know here and maybe someone else picks up. hope it helps Waraxe too a bit |
cant wait another Heintz |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Sun Nov 20, 2005 2:18 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| shai-tan wrote: | | Nothing Wrong with Ubuntu, I just recognised it. Never liked it to much myself but hey its open source so what the hell. |
hehheh, have u try it ?
Now, im an ubuntu user, Breezy bader now on my laptop n PC
me n my friends also made indonesian community for ubuntu at http://ubuntulinux.or.id [indonesian laguange offcourse :p ] |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Mon Nov 21, 2005 1:06 am |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
| Yeah Ive tried it. As I said it never really appealed to me. I hate the slow speed of Firefox 1.0.x and having to upgrade to 1.5 RC3 just to have good firefox opening speed. Otherwise not too bad. |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 219
Members: 0
Total: 219
