Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: November 16, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 72 Members: 0 Total: 72 Full disclosure SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879) Security issue in the TX Text Control .NET Server for ASP.NET. SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater Unsafe eval() in TestRail CLI 4 vulnerabilities in ibmsecurity 32 vulnerabilities in IBM Security Verify Access xlibre Xnest security advisory & bugfix releases APPLE-SA-10-29-2024-1 Safari 18.1 SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600) SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333) APPLE-SA-10-28-2024-8 visionOS 2.1 APPLE-SA-10-28-2024-7 tvOS 18.1 APPLE-SA-10-28-2024-6 watchOS 11.1 APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1 APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1 IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpBB -> Perhaps, too much information shown? View previous topic :: View next topic Perhaps, too much information shown? Posted: Fri Aug 31, 2007 4:43 am Dorsk Regular user Joined: Aug 28, 2007 Posts: 20 Hey all! I have a snippet of code here that I would like you to take a look at: Code: <form method="post" name="login" action="checklogin.php"> <td> <div align="center"> <input name="ws_user" type="text" class="form_username" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10"> <input name="pwd" type="password" class="form_password" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10"> <br> <input type="submit" name="Submit" value="Submit"> </div></td> </form> It was taken from a website login box. I am almost positive the site is NOT PHPNUKE. To me, it looks like there is alot of information that maybe "shouldn't" be here, meaning that an attacker has alot of information here to get past this little login. Also, what type of code can I type into the URL to do a search on the database (with the above code). I am learning php, but like everyone, we all have questions! I have been tinkering around on hackthissite.org and I seem to understand a good amount, and get through some of the missions(I have completed all of the basic, and starting on the 2nd "realistic" mission), so with that knowledge, I came up with an idea of what might work, if I am wrong, let me know! Here is an example I came up with: Code: somewebsite.com/index.php?WHERE "something=something" AND "something=something Please forgive my noobiness. We all gotta start somewhere. Posted: Fri Aug 31, 2007 9:37 am waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Your first example is common login form and has nothing wrong itself. But if we do search on Google against "ws_user", then we will find something like this: http://cms.webspell.org/index.php?site=demo Comparing login forms we can see close resemblance - so it can be WebSpell CMS. And next, looking for exploits for WebSpell: http://www.securityfocus.com/archive/1/archive/1/460937/100/0/threaded Your second example - what are You trying to say? Posted: Fri Aug 31, 2007 4:34 pm Dorsk Regular user Joined: Aug 28, 2007 Posts: 20 I have done some searching in your forums and I was wondering if there was a way to query the database, either by the URL bar or by the search engine that is intergrated within a website. For my ecample: Code: somewebsite.com/index.php?WHERE "something=something" AND "something=something Is there a way to impliment code like this to bring back such information from the websites database? I have used your: Code: p0hh0nsee%') UNION ALL SELECT 1,2,aid,pwd,5,6,7,8,9,10 FROM nuke_authors/* with some nice success rates (however on many sites, it sends me right back to the main (index.php) right after I submit the search. I am looking for something perhaps around the same lines. Idea: Is there anything about using the forum search to get information from the database (usernames,hash,pwds,etc..) Side note: I have tested many of the examples on the forums in PHPNUKE sites (many versions) and if I input a ` in the login box,it sends me to a blank page that says "begone" on it. Why is that? Thanks alot! Posted: Fri Aug 31, 2007 4:56 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu First - this "begone" messages is the result of some anti-sql-injection code in phpnuke scripts. It is meant to be used for making sql injection attacks and xss abuse more difficult and it works as expected. Now - that "exploit line", you are using, is written specially for phpnuke. If you want to attack other targets besides phpnuke-powered, then you can always make your own working "exploit strings". One more thing - you must understand, that sql injection is security hole and programming bug or "feature" and if programmer was good and wrote php code carefully, then you just cant steal any information from database or make other db manipulations. But if website is written unsecurely or webserver has "magic_quotes=off" and programmer expected "=on", then there are lots of possibilities - stealing admin passwords, customer data from e-shops, etc, etc. Posted: Fri Aug 31, 2007 5:15 pm Dorsk Regular user Joined: Aug 28, 2007 Posts: 20 Thank you for your information about the "begone" message. As for the "exploit line", I only use it for PHPNUKE, There are certain sites that do ban me for a "UNION ATTACK", and I am trying to find a way to change the code a bit so that will not happen, but no luck yet. How do I go about checking if a webserver has "magic_quotes" on or off? Currently I am interested in PHPNUKE sites only. 1 site in particular, it is PHPNUKE Platinum version 7.6.b.4 with NukeSentinel version 2.4.2pl1 Links, ideas, and information would be greatly helpful. Posted: Fri Aug 31, 2007 5:47 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu You have encountered "Sentinel" - powerful protection system for phpnuke. It is often very hard to bypass that anti-hacking system. And if someone finds the way, then Sentinel will be updated soon and evasion problem stays. Now, about "magic_quotes=off". My suggestion - surf the web and try to insert ("inject") single quotes to various URI parameters. If you will see sql-related error messages, then you are in right direction. Some random examples: http://www.hot.ee/http123/sql01.png http://www.hot.ee/http123/sql02.png See ya Posted: Fri Aug 31, 2007 6:07 pm Dorsk Regular user Joined: Aug 28, 2007 Posts: 20 Thank you very much! It is all making more sense to me. I am going to install that PHPNUKE PLAT version and nuke sentinal on a remote computer for testing. If I find anything or if you have any ideas do not hesitate to PM me or reply to this post. I will check this post often and like always, browse the forum for more information. Thanks again! Perhaps, too much information shown? www.waraxe.us Forum Index -> PhpBB You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.047 Seconds