Donate to us via Paypal!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, October 28, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 81
Guests Online: 79
Members Online: 2

Registered Members: 129453
Newest Member: icaseda
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 21:09
Alright, I am familiar with the sql injection that goes with advanced guest book. my question is, what if it has already been hacked/defaced by another? like say the administrator's page has been messed up so there is no logon there. could you go into the url and add something like:


admin.php?username=(sql injection) to make it work and be able to remove everything that was messed up?

how do those people manage to get rid of the log on and everything in admin.php?

sorry if these are really dumb questions, just trying to learn about it.
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 21:28
hungryhobo14 wrote:
Alright, I am familiar with the sql injection that goes with advanced guest book. my question is, what if it has already been hacked/defaced by another? like say the administrator's page has been messed up so there is no logon there. could you go into the url and add something like:


admin.php?username=(sql injection) to make it work and be able to remove everything that was messed up?


Well, if that thing isn't working username=(sql), maybe the headers arent called 'username' and also, your questions are kinda dumb because I don't know what you are actually asking.

How the hell that site got messed and have you try the sql injection.
And why do you want to remove what is messed up (maybe you want to hack it again).
why why why...


Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 21:46
sorry i didnt mean to be confusing.

The guestbook was hacked. and I want to try and undo what the other hacker did. but, if the hacker disabled or messed up the admin logon page, I was curious as how to get back to it. would doing an sql inject in the URL work like that?

Also, 2nd part.

How does a hacker actually go and cause that much damage to the guest book?
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 21:59
Can you PM me with the link?
Don't worry. I wont HACK it.
I will just try some things.

It is not easy to answer your questions if you don't know how is it structured.

If you wanna pm me, pm me.





Edited by on 21-05-07 22:05
Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 21-05-07 22:04
I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )


anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 22:04
Ayr4 wrote:
I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )


hey. wait your turn Pfft


Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 22:09
view the source to get the username and passwords "name" values, then make your own form using html and enter `' OR 1=1/*` as the username without the `s, no password. and someone could completely mess with the guestbook by editing a comment and putting html in them Smile

hope that helps


Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 22:10
mr noob wrote:
view the source to get the username and passwords "name" values, then make your own form using html and enter `' OR 1=1/*` as the username without the `s, no password. and someone could completely mess with the guestbook by editing a comment and putting html in them Smile

hope that helps



nah. I saw the site. Those bitches deleted everything.


Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 21-05-07 22:38
The /img/ dir is stil there atleast:whoa:


anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-07 22:48
so what you think so far?

how would they delete all that?
Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 21-05-07 22:57
Well....since you can accsess almoast evrything it ain that hard...im working on it now


anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-07 00:11
Ayr4 wrote:
I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )


Trust me, he wont, cause he CAN'T! Grin


Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 22-05-07 00:12
Indeed HackingFjomp, maby you can show us how to do it?:whoa:


anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-07 00:14
don't have the link..

and hungryhobo14, did you host the Guestbook?...

if yes, why dont you just fix it yourself :angry:


Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 22-05-07 00:17
Fine *sentlinktoHackingFjomp*
Now...show us you magic...Fjompe skillz!
Ah, his mailbox is full..how Fj33t




Edited by Ayr4 on 22-05-07 00:18
anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-07 00:20
my nick doesn't say "HackingFjomp"

Read Between the lines fucker..





Edited by on 22-05-07 00:28
Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 22-05-07 00:22
Calm down babyborn, offcorse i know your nick isnt HackingForce:whoa:


anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-07 00:27
guess that guestbook is hardcore fucked by Ayr4, so, don't ask me Wink


Author

RE: advanced guest book 2.2

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 22-05-07 00:28
Lol, how can you fuck a website? :whoa:




Edited by Ayr4 on 22-05-07 00:39
anbu.sf@hotmail.com
Author

RE: advanced guest book 2.2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-07 00:36
Nah, its not mine. I just wanted to try and fix it hah.

it looks like they used remote php inclusion? (is that what its called?) So they brought in the script and it messed it up.

could one just make another script to replace it and include it?
Page 1 of 2 1 2 >