| Author |
SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
I posted in the shout box but screw it I will just make a post. I have Revamped my Nu Aira Hackers website. Though I am afraid it might be Vulnerable to SSI. I tried a few things myself but I was wondering if some one with more knowledge would test it out for me.
www.nuaira.isgreat.org
Site is still in beta so not all the features work.
 |
    
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
No I did not, my host must have. Will change ASAP.
Edited by ShadyTyrant on 04-08-09 23:04 |
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
Btw what exactly did you find? And how did you find it.
EDIT : Just took the forums down. I plan on using new / different software next time.
Edited by ShadyTyrant on 05-08-09 06:58 |
|
|
| Author |
RE: SSI attack on my site? |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
upload_files.php. Not good.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: SSI attack on my site? |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
|
korg wrote:
upload_files.php. Not good.
Your too late i've already found that.  , but have you actually uploaded anything successfully? I get invalid file with .jpeg .gif .html .php files, tried php shell in jpg too. He probably hasn't enabled it etc. Just be sure when you do you restrict its access.
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
I restricted access to a few image formats already. Though after I was done testing I set the size limit to 20 ( I think thats in KB ). So thats why you get errors. I am going to use it once my member system in in place. That why users can up load avatars.
|
|
|
| Author |
RE: SSI attack on my site? |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
Just be sure to restrict it to members only, i assume that will come with your member system.
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
Yes of course, so every one here will have a new playground to fuck with for awhile. Once I start implementing more features and you all come around and break them lol.
|
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
I should have known Mosh. Lulz
EDIT: What I learned, Never take anything at face value (why do I always learn the hard way?). The clever lessons that Mosh teaches, I wonder if you plan it that way or if your just such an ass that I force myself to find a silver lining.
Edited by ShadyTyrant on 05-08-09 19:07 |
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
I didn't say you were not smart enough, I just don't think you would put that kind of effort into me.
|
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
Im sure, though I no longer take what you say at face value. So I will assume it took you hours of planning and research.
Edited by ShadyTyrant on 06-08-09 01:00 |
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
You have been planing for months, just waiting for the right moment to strike. Thats why you were so quick to the jump.
|
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
I would never do such a thing. 
Back on topic: I have implemented a unique hit counter that logs new IPs, User Agent, Referrer, and date / time inside of a MySQL database. Feel free to attack, and let me know if you find any results. I will keep updating this thread with alerts of new features as I put them up.
Not sure what the prize will be for reporting the issue to me. Maybe a mod will award community points here on HBH. But I will give you a mention some were on my site for sure.
Edited by ShadyTyrant on 06-08-09 03:19 |
|
|
| Author |
RE: SSI attack on my site? |
ShadyTyrant
Member
Posts: 113
Location: United States Of America
Joined: 07.09.08
Rank: Hacker Level 3 |
|
Yes I sure did. I know someone could try a SQL injection threw the user agent, thats why I posted that feature up there. Just want to make sure its implemented correctly.
|
|
|
Main:
