Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82908
Newest Member: krishna7799
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:29
okay so im not good with php at all and i have this open source script i got so i can practice javascript injections and XSS. so, can someone look at this and show me how to make this vulnerable sorry...im just not good with php here is the index file

Code
<!-- (c) copyright 2004, HIOX INDIA           -->
<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->

<html>
<head>
</head>
<?php

$file = "gb.php";
$open = fopen($file, "r");
$size = filesize($file);
$count = fread($open, $size);

include 'col.php';

include 'header.php';
?>

<script language=javascript>

function checkMailId(mailids)
{
var arr = new Array('.com','.net','.org','.biz','.coop','.info','.museum','.name','.pro'
,'.edu','.gov','.int','.mil','.ac','.ad','.ae','.af','.ag','.ai','.al',
'.am','.an','.ao','.aq','.ar','.as','.at','.au','.aw','.az','.ba','.bb',
'.bd','.be','.bf','.bg','.bh','.bi','.bj','.bm','.bn','.bo','.br','.bs',
'.bt','.bv','.bw','.by','.bz','.ca','.cc','.cd','.cf','.cg','.ch','.ci',
'.ck','.cl','.cm','.cn','.co','.cr','.cu','.cv','.cx','.cy','.cz','.de',
'.dj','.dk','.dm','.do','.dz','.ec','.ee','.eg','.eh','.er','.es','.et',
'.fi','.fj','.fk','.fm','.fo','.fr','.ga','.gd','.ge','.gf','.gg','.gh',
'.gi','.gl','.gm','.gn','.gp','.gq','.gr','.gs','.gt','.gu','.gv','.gy',
'.hk','.hm','.hn','.hr','.ht','.hu','.id','.ie','.il','.im','.in','.io',
'.iq','.ir','.is','.it','.je','.jm','.jo','.jp','.ke','.kg','.kh','.ki',
'.km','.kn','.kp','.kr','.kw','.ky','.kz','.la','.lb','.lc','.li','.lk',
'.lr','.ls','.lt','.lu','.lv','.ly','.ma','.mc','.md','.mg','.mh','.mk',
'.ml','.mm','.mn','.mo','.mp','.mq','.mr','.ms','.mt','.mu','.mv','.mw',
'.mx','.my','.mz','.na','.nc','.ne','.nf','.ng','.ni','.nl','.no','.np',
'.nr','.nu','.nz','.om','.pa','.pe','.pf','.pg','.ph','.pk','.pl','.pm',
'.pn','.pr','.ps','.pt','.pw','.py','.qa','.re','.ro','.rw','.ru','.sa',
'.sb','.sc','.sd','.se','.sg','.sh','.si','.sj','.sk','.sl','.sm','.sn',
'.so','.sr','.st','.sv','.sy','.sz','.tc','.td','.tf','.tg','.th','.tj',
'.tk','.tm','.tn','.to','.tp','.tr','.tt','.tv','.tw','.tz','.ua','.ug',
'.uk','.um','.us','.uy','.uz','.va','.vc','.ve','.vg','.vi','.vn','.vu',
'.ws','.wf','.ye','.yt','.yu','.za','.zm','.zw');
var mai = mailids;
var val = true;

var dot = mai.lastIndexOf(".");
var ext = mai.substring(dot,mai.length);
var at = mai.indexOf("@");

if(dot > 5 && at >1){
for(var i=0; i<arr.length; i++){
if(ext == arr[i]){val = true;break;}else{val = false;}}if(val == false){
alert("Your maild "+mai+" is not corrrrect");
return false;}}else{alert("Your maild "+mai+" is not correct");
return false;}return true;}

function check()
{
var tex = document.ssa.comment.value;
var len = tex.length;
var rem = 300-len;

if(len >= 300)
{
   tex = tex.substring(0,300);
   document.ssa.comment.value =tex;
   return false;
}

if(rem<0)
rem=0;

document.ssa.rem.value =rem;
}

</script>

    <table cellpadding=4 cellspacing=0 border=0 align=center>
    <tr><td><br>Name *:</td><td><br>
    <form name=ssa action="added.php" METHOD="POST" onSubmit="return checkMailId(ssa.from.value)">
    <input type="text" name="name" size=20 maxlength="20"> [20]</td></tr>
    <tr><td>Email *:</td><td><input type="text" name="from" size=27 maxlength="50"> [50]</td></tr>
    <tr><td>WebSite:</td><td><input type="text" name="webs" size=27 maxlength="50"> [50]</td></tr>
     <tr><td colspan=2><br>Please add your comments/suggestions *: [300]<br>
        <textarea name="comment" rows=11 cols=55 wrap=physical onkeyup="check()"></textarea><br>
     Words left - <input type="text" name="rem" size=3 readonly value=300>
  </td></tr>
    <tr><td colspan=2 align=right><input type="submit" value="   Add   "></td></tr>
    </form>
  </table>

<br>
</td>
</tr>

<tr height=15% align=center><td align=center background="images/bg2.gif" style="font-size: 13px;">
<br>
<b><a href="lookgb.php"><font color=blue>Look in to My Guest Book</font></a></b> ||
<a href="admin.php"><font color=red>Admin Login</font></a><br>
<br>
<br>
<div align=right><font style="font-size: 12px;" > copyright
<a href="http://www.hscripts.com" style="text-decoration: none; color: #dadada;">hscripts.com</a></font></div>

</td>
</tr>
</table>

</body>
</html>




many thanks


Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:32
give the source of ALL the files, all the php files, etc.


Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:36
col.pho
Code
<?php

$bxcolor = "#f5f7f6";
$bdcolor = "0648c";
$fontcol = "04400";
$oddmess = "#f8f9fb";
$evenmess = "#f8f9fc";
$html_enable = "true";

?>

<!-- (c) copyright 2004, HIOX INDIA                 -->
<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->







Edited by on 12-12-07 03:37
Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:37
header.php
Code
<!-- (c) copyright 2004, HIOX INDIA           -->
<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->

<body style="font-family: Arial,Verdana,san-serif;  margin: 0px;" bgcolor="<?php echo($bdcolor);?>">
<table align=center width=80% height=100% cellpadding=0 cellspacing=0 border=1 bgcolor="<?php echo($bxcolor);?>">
<tr height=10% align=center>
<td height=80 align=center background="images/bg2.gif">
<br>
<font color=#223356><b>Welcome Guest</b></font><br>
<br>
</td>
</tr>

<tr  height=70% align=center>
<td align=left valign=top style="font-size: 14px; border: dashed 0px;">
<br>

<style>
a#tl{color: blue; text-decoration: none; font-size: 13px;}
a#tl:hover{color: aaaaff;}
</style>

<?php
if($block === false){
?>
<div align=center>
<a id=tl href="./admin.php">Admin HOME</a> ||
<a id=tl href="filter.php">Spam Filter</a> ||
<a id=tl href="ipblock.php">IP Blocker</a> ||
<a id=tl href="url.php">Properties</a>     
<a id=t1 href="logout.php">Logout</a>

</div>
<?php
}
?>







Edited by on 12-12-07 03:38
Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:39
url.php
Code
<?php
include "authheader.php";

if($block == false){

include 'col.php';
include 'header.php';
echo "<br><br><br>";
?>

<?php
  $iswrite = $_POST['what'];

  if($iswrite == "write")
  {
    $bx = $_POST['Box'];
       
    $bd = $_POST['Body'];
    $fc = $_POST['Font'];
    $omc = $_POST['Odd'];
    $emc = $_POST['Even'];
    $htmle = $_POST['var'];
    $file = fopen('col.php',w);
   
    fwrite($file,"<?php\n\n");
    fwrite($file,"$"."bxcolor = \"$bx\";\n");
    fwrite($file,"$"."bdcolor = \"$bd\";\n");
    fwrite($file,"$"."fontcol = \"$fc\";\n");
    fwrite($file,"$"."oddmess = \"$omc\";\n");
    fwrite($file,"$"."evenmess = \"$emc\";\n");
    fwrite($file,"$"."html_enable = \"$htmle\";\n\n");
    fwrite($file,"?>\n\n");
    fwrite($file, "<!-- (c) copyright 2004, HIOX INDIA                 -->\n");
    fwrite($file, "<!-- This  is  a free tool provided by hioxidia.com -->\n");
    fwrite($file, "<!-- Please get in touch with us for using          -->\n");
    fwrite($file, "<!-- this product in a commercial site.             -->\n");

    fclose($file);
}

include 'col.php';
?>


<table bgcolor=dfdff0 align=center style="padding: 10px; border:2px red groove;
        font-family: arial, verdana, san-serif; font-size: 14px;">

<form name = col method = post action = "url.php">
<tr><td>Box Color: </td><td> <input type="text"  name="Box" value = "<?php echo"$bxcolor"; ?>" /></td></tr>
<tr><td>Body Color: </td><td> <input type="text" name="Body" value = "<?php echo"$bdcolor";?>"/></td></tr>
<tr><td>Font Color: </td><td> <input type="text"  name="Font" value = "<?php echo"$fontcol"; ?>" /></td></tr>
<tr><td>Odd Msg Color: </td><td> <input type="text" name="Odd" value = "<?php echo"$oddmess"; ?>" /></td></tr>
<tr><td>Even Msg Color: </td><td> <input type="text" name="Even" value = "<?php echo"$evenmess";  ?>"/></td></tr>

<tr><td>HTML Tags: </td><td>
<select name="var">
<option>Please select</option>
<?php
 if ($html_enable == "true")
 {
    echo "<option value=true selected>Enable</option>
    <option value=false>Disable</option>";
 }else {
    echo "<option value=true>Enable</option>
    <option value=false selected>Disable</option>";
 }
?>
</select>
</td></tr>
<tr><td colspan=2 align=right>
<input type=hidden value="write" name=what>
<input type='submit' value="change">
</td></tr>
<td colspan=2>Note:Change may cause  effect in proprerties</td>
</form>
</table>


</body>
</html>

<?php
}
?>

<!-- (c) copyright 2004, HIOX INDIA           -->
<!-- This  is  a free tool provided by hscripts.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->





Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 03:40
filter.php
Code
<?php
include "authheader.php";

if($block == false){

include 'col.php';
include 'header.php';

echo "<br><br><br>";

$iswrite = $_POST['what'];
if($iswrite == "write")
{
    echo "<div align=center style='color: green;'><b>filters have been updated</div>";   
    $str = $_POST['filters'];
    $file = fopen('fil.php',w);
    $ara = explode("\n",$str);
    fwrite($file, "<?php \n\n");
    for($yy=0; $yy<count($ara);$yy++)
    {
   $xxa = $ara[$yy];
   $xxa = trim($xxa);
           if($xxa != "")
       fwrite($file, "$"."asi[$yy] = \"$xxa\";");
    }
   
    fwrite($file, $ara[$yy]);
    fwrite($file, "\n?>");
    fclose($file);
}

include "fil.php";
?>

<table bgcolor=dfdff0 align=center style="padding: 10px; border:2px red groove;
        font-family: arial, verdana, san-serif; font-size: 14px;">
<form name=fil method=post action="<?php echo "$PHP_SELF"; ?>">
<tr><td></td><td>Add/Edit Filters .....<br>
 <textarea name=filters rows=15 cols=50><?php
  for($xx=0; $xx<count($asi); $xx++)
  {
    $word = $asi[$xx];
    echo "$word \n";
  }
 ?>
 </textarea>
</td></tr>

<tr><td colspan=2 align=right>
<input type=hidden value=write name=what>
<input type='submit' value="create"> </td></tr>
<td colspan=2>Note: You wont get the messages Containig these Words </td>
</form>
</table>
</body>
</html>

<?php
}
?>

<!-- (c) copyright 2004, HIOX INDIA           -->
<!-- This  is  a free tool provided by hscripts.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->





Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 04:38
I dont see any type of filtering there, although i only looked over it once. And that is by far 10x more complicated that you need, if all you want to do is a little xss practice.

ill code you a basic php guestbook if you want. will only take me a few minutes.


Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 04:39
Instead of taking a prepared PHP guestbook, the best way to make a vulnerable guestbook is to write one yourself. Just make a simple form and have it echo the fields to the original page. It may not be pretty, but it will work for what you want. Continue to build / expand it as you learn more about PHP. Just as with any language, the best way to learn it is to start from the ground up.



Author

RE: Setting up a vulnerable Guestbook


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-12-07 20:56
cool....digitalfire if you wanna make it you can if not i will try my hand at it. but thanks for the replays