| Author |
l33thackers.freehostia.com |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
Hey demon_king,
sorry but i really didn't feel like sending a pm since it just takes up space in my in-box, but just to re-cap where you left off..
ive started a hacker site and i just wanted you to join. here is the link:
l33thackers.freehostia.com
ill see you there
Thank you for inviting me to your site, not bad for your first try.
But i couldn't help to notice how many security vulnerabilities i was able to come across. you should really try to secure your site from SQL injections among other things.
You should fix this asap, someone could gain access after a few minutes and have access to all the articles, member list, settings.
Just be glad i was able to tell you before this information got out to everyone on the internet.
just a design note, i would suggest you try to come up with a better slogan, like after you log in and the home page says
L33t Hackers! The site that will show you how hackers get in and how to keep them out
Your Welcome
edit: why aren't there more challenge categories? just basic, realistic, and javascblockedript?
Edited by Cracker_Jax on 12-06-08 02:26 |
|
| Author |
RE: l33thackers.freehostia.com |
flame_1221
Member
Posts: 179
Location: malaysia
Joined: 13.05.07
Rank: God |
|
wtf?
Thanks for the sig Lemur |
|
| Author |
RE: l33thackers.freehostia.com |
shadowls
You Like this!
Posts: 836
Location: look behind you
Joined: 07.12.06
Rank: Godlike |
|
Well he just told a complete conversation in public. Thats all.
ps. i checked out the site, damn there is a lot of sql vuln. in this site.
If you think my post are useful to you, please vote for them. Thank You
knowledge is powerful itself - SHADOWLS
Made by:agentmax69, but remastered by: KvK
Respects:
Mr_cheese
system_meltdown
rex
Edited by shadowls on 12-06-08 03:02 |
  
|
| Author |
RE: l33thackers.freehostia.com |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
|
shadowls wrote:
Well he just told a complete conversation in public. Thats all.
ps. i checked out the site, damn there is a lot of sql vuln. in this site.
lol... indeed there is, there are other besides SQL
when in doubt, check the source
|
|
|
| Author |
RE: l33thackers.freehostia.com |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
Haha, man its pretty mean just putting the site here and saying it has vulnerabilities in it.
|
|
|
| Author |
RE: l33thackers.freehostia.com |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
oh come on,
with a slogan like " The site that will show you how hackers get in and how to keep them out"
how could you not?
|
|
|
| Author |
RE: l33thackers.freehostia.com |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
Yeah even basic SQL injection works. Directory's aren't hidden. Mainly the site is a piece of shit. Like you can edit the cookies to show you logged in as anybody you like and they aren't even encrypted. Its coded by a three year old (assumption). This site would practically give away information to someone computer-illiterate just browsing it.
So add it all up and you get: Insecure.
|
|
|
| Author |
RE: l33thackers.freehostia.com |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
well this might not turn out to be a tragedy after all, I'm talking to demon_king about how he can secure his website more.
Edited by Cracker_Jax on 12-06-08 04:27 |
|
|
| Author |
RE: l33thackers.freehostia.com |
c24lightning
Member
Posts: 41
Location: The infinite insanity of thought
Joined: 24.12.07
Rank: Active User |
|
Hate to point out the most basic of exploits, but
admin
and basic SQL injections work.
Dude, ever heard of mysql_real_escape_string()
?
I'm a little more known over at HackThisSite (my profile). (If it says "Bad Referer", click on the URL bar and press enter.)
I despised my rank of "Newbie."
Edited by c24lightning on 12-06-08 05:04 |
|
|
| Author |
RE: l33thackers.freehostia.com |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
Apparently someones working on the security because now you get an error when you login with sql or just random user and pass. However still vulnerable.
Edited by K_I_N_G on 12-06-08 06:59 |
|
|
| Author |
RE: l33thackers.freehostia.com |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
|
K_I_N_G wrote:
Apparently someones working on the security because now you get an error when you login with sql or just incorrect.
way to go demon_king, 1 exploit patched.. keep up the good work
|
|
|
| Author |
RE: l33thackers.freehostia.com |
Feralas
Member
Posts: 301
Location: 127.0.0.1
Joined: 25.02.08
Rank: HBH Guru |
|
This site failed before it began.
<scblockedript>alert(String.fromCharCode(89,111,117,83,117,99,107))</scblockedript>
Put this in the user/pass, login, go back, and click the link to the home page.
Owned.
/-- Ipsa Scientia Potestas Est --\
\-- Knowledge itself is power. --/
To fear death is to limit life.
|
|
|
| Author |
RE: l33thackers.freehostia.com |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
Feralas wrote:
This site failed before it began.
<scblockedript>alert(String.fromCharCode(89,111,117,83,117,99,107))</scblockedript>
Put this in the user/pass, login, go back, and click the link to the home page.
Owned.
you can also try the same with cookies
Edit:lol wouldn't have expected that wrong login info would get written in to the cookies as well  sry for repeating the same exploit
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
Edited by clone4 on 12-06-08 10:33 |
|
|
| Author |
RE: l33thackers.freehostia.com |
Feralas
Member
Posts: 301
Location: 127.0.0.1
Joined: 25.02.08
Rank: HBH Guru |
|
clone4 wrote:
Feralas wrote:
This site failed before it began.
<scblockedript>alert(String.fromCharCode(89,111,117,83,117,99,107))</scblockedript>
Put this in the user/pass, login, go back, and click the link to the home page.
Owned.
you can also try the same with cookies
Man, some hard core encryption on them their cookies... not.
Was this site coded by monkeys?
/-- Ipsa Scientia Potestas Est --\
\-- Knowledge itself is power. --/
To fear death is to limit life.
|
|
|
| Author |
RE: l33thackers.freehostia.com |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
yea you really need to have a better filter then it adding slashes. and try encrypting the cookies with something other than hex.
|
|
|
| Author |
RE: l33thackers.freehostia.com |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
you can easily bypass the login just put abc in the username and pass box and then you get the error saying it doesn't exist but then you click back and click on home and your logged in as abc
|
|
|
| Author |
RE: l33thackers.freehostia.com |
Pwnzall
Member
Posts: 234
Location:
Joined: 10.04.08
Rank: Hacker Level 3 |
|
The site could use a major revamping in terms of security. You can login as anybody you want (including valid users) and you can even delete their profile if you wanted to. You don't even need SQL injections.
Pure madness! There must be a method! There is a method! |
|
|
| Author |
RE: l33thackers.freehostia.com |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
This must be one of the lamest attempts to make a hacking site ever 
http://uber0n.webs.com/ |
|
|
| Author |
RE: l33thackers.freehostia.com |
skathgh420
Member
Posts: 418
Location: 127.0.0.1
Joined: 03.03.08
Rank: God |
|
the basic challenges don't make sense to me there more like riddles not hacking challenges 
 |
|
|
| Author |
RE: l33thackers.freehostia.com |
mastergamer
Member
Posts: 432
Location:
Joined: 07.02.06
Rank: God |
|
Horrible, horrible coding.
|
|
|
Main:
