Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 121
Members: 0
Total: 121
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> General discussion -> what happens to waraxe.us
Post new topicReply to topic View previous topic :: View next topic
what happens to waraxe.us
PostPosted: Thu Nov 17, 2005 8:24 am Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




for a while i found this site was down
dont know why , or waraxe updating something :p

for a screenshot here , http://geocities.com/y3d1ps/blog/waraxe.jpg

i just curious , coz never find this site was down
glad it up again Smile

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Thu Nov 17, 2005 10:25 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




This was server-wide mysql daemon downtime. As I am using currently shared hosting, then there is nothing I can do against downtimes. But anyway this hoster seems to be stable enough for me riht now Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Nov 17, 2005 6:12 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Ubuntu Razz

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Nov 18, 2005 1:35 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




glad to hear that, while i was thinkin that because u are patching somethin against this http://milw0rm.com/id.php?id=1326

shai-tan : whats wrong with ubuntu ?

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Fri Nov 18, 2005 2:17 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




y3dips wrote:
glad to hear that, while i was thinkin that because u are patching somethin against this http://milw0rm.com/id.php?id=1326


Well, from that exploit:

Code:

# PHPNuke-sp3x[1] |
# This exploit is based on 'query' |
# SQL injection vuln in Search module. |
# |
# References: |
# securityreason.com/achievement_securityalert/26 |


Now, from securityreason alert #26:

Code:

- --- 1. * SQL query problem ---
phpBB2 don't check size of sql query. So we can send any data in all post variables.
Standart Environment:

post_max_size=8M (standart)
max_allowed_packet < 7M (1M standart in mysql)

Example Evironment:
memory_limit>8MB
max_execution_time=30
max_allowed_packet=1M


I don't get it ...
That alert#26 points to low-level bug, leading to possible memory overuse and php warning messages, therefore revealing path info.
It has nothing to do with sql injection.

Now, from perl script:

Code:

$query = "name=Search&query=s%')/**/UNION/**/SELECT/**/0,pwd,0,aid,0,0,0,0,0,0/**/FROM/**/nuke_authors/*";


Wtf?? I don't believe, that this will work.

Anyway, what i have in waraxe.us:

1. error_reporting(0) , so no warnings (most of the time)
2. sql tables prefix is unique, so no "select ... from nuke_authors ..." is possible
3. admin.php is unnamed, but under .htaccess protection
4. admin module overwritten, so admin operations are all accepted only through POST method. So no IMG and other GET tricks here. Smile

And finally, i was testing this perl script against waraxe.us and it has failed.
My guess - this perl script is fake/hoax. Am I wrong? Question
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Nov 18, 2005 2:47 pm Reply with quote
Heintz
Valuable expert
Valuable expert
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




this might be a bit offtopic but here goes anyway,

Those GET tricks reminded me another issue that is also often overlooked:
auto-submitting forms:
nice.html:
Code:

<html>
<head>
<title>Foo</title>

</head>
<body onLoad="document.f.submit();">
<form name="f" action="test.php" method="POST">
<input type="text" name="username" value="foo"><br>
<input type="password" name="password" value="baar"><br>
<input name="saadab" type="submit" value="Send">
</form>
</body>
</html>


and in test.php
is for example:
Code:

<?php

var_dump($_POST);

?>


then result of visiting nice.html is
Code:
array(2) { ["username"]=> string(3) "foo" ["password"]=> string(4) "baar" }


so referal check or verify page/popup or some unique id thingy might be nessesary too Wink

this creates other interesting ideas like when a popular site is owned then attacker could plant a small iframe somewhere and then all visitors could be potentially DoS-ers, sql injectors etc. - or to say more correctly thei're browsers would. and

i was gonna investigate possibilities more deeply but havent got time really, but i'm writing so much i know here and maybe someone else picks up. hope it helps Waraxe too a bit Smile

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Fri Nov 18, 2005 5:49 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yep, there are always some possibilities to exploit things Very Happy

Talk about admin operations, there can be implementation of Turing Numbers (machine unreadable image) to asking/submitting/verify authorization codes. Even phpnuke himself contains this function in registration and/or login part.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Nov 18, 2005 9:46 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Nothing Wrong with Ubuntu, I just recognised it. Never liked it to much myself but hey its open source so what the hell.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Sun Nov 20, 2005 2:10 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




waraxe wrote:
Anyway, what i have in waraxe.us:

1. error_reporting(0) , so no warnings (most of the time)

yep, i think it handle the blown error Razz (sometimes, in most case Razz)

Quote:

2. sql tables prefix is unique, so no "select ... from nuke_authors ..." is possible
3. admin.php is unnamed, but under .htaccess protection
4. admin module overwritten, so admin operations are all accepted only through POST method. So no IMG and other GET tricks here. Smile


anyway u give some fresh idea to other admin, altough ive laready did it with PHPBB in my forum, so "kiddies" whos runnin "xplo" only found 404 page :p (for example)

Laughing

Quote:

And finally, i was testing this perl script against waraxe.us and it has failed.
My guess - this perl script is fake/hoax. Am I wrong? Question


hard to find a real xplo, even in milw0rm ??? :p

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sun Nov 20, 2005 2:14 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




Heintz wrote:
i was gonna investigate possibilities more deeply but havent got time really, but i'm writing so much i know here and maybe someone else picks up. hope it helps Waraxe too a bit Smile


cant wait another Heintz Wink

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sun Nov 20, 2005 2:18 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




shai-tan wrote:
Nothing Wrong with Ubuntu, I just recognised it. Never liked it to much myself but hey its open source so what the hell.


hehheh, have u try it ?
Now, im an ubuntu user, Breezy bader now on my laptop n PC

me n my friends also made indonesian community for ubuntu at http://ubuntulinux.or.id [indonesian laguange offcourse :p ]

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Mon Nov 21, 2005 1:06 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yeah Ive tried it. As I said it never really appealed to me. I hate the slow speed of Firefox 1.0.x and having to upgrade to 1.5 RC3 just to have good firefox opening speed. Otherwise not too bad.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
what happens to waraxe.us
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.037 Seconds