Follow us on Twitter!
It is never to LATE to become what you never WERE.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 24
Members Online: 2

Registered Members: 82840
Newest Member: Mohammed Izzat
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL injection.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-12-07 11:13
Hi HBH-users ^^

So eh, I've found a lil' exploit on one of my websites and want to know if you guys can fix this :D

Well, If you give in this link http://www.****.com/modules/vwar/extra/online.php?n=_member%20WHERE%20memberid=-999%20UNION%20SELECT%200,CONCAT(memberid,0x3A,name,0x3A,password),2%20FROM%20vwar_member%20%20/*

It give you all usernames and passwords,

Here's the code of the file:

Code
<?php
/* #####################################################################################
 *
 * $Id: online.php,v 1.26 2004/02/24 21:07:24 rob Exp $
 *
 * This notice must remain untouched at all times.
 *
 * Modifications to the script, except the official addons or hacks,
 * without the owners permission are prohibited.
 * All rights reserved to their proper authors.
 *
 * ---------------------------------------------
 * http://www.vwar.de || Copyright (C) 2001-2004
 * ---------------------------------------------
 *
 * #####################################################################################
 */

// ####################################### CONFIGURATION  ###############################

// path to your main vwar-directory (with final ' / ')
// -> from the site, where this extra is included!
// -> use absolute path if you have it included in files with different directories!
//          (e.g. /home/www/htdocs/mysite.com/vwar/)
// -> if included in your _header.php/_footer.php, it is normally: './'
// -> if not, use: './../'
$vwar_xroot  = "./../";
include ($vwar_xroot . "modname.php");


// define how long a member will be shown after his last activity (in minutes)
$onlinetime = 10;

// include header- & footer-information (1=enabled / 0=disabled)
$include    = 0;

// ######################################################################################


// ################################### display members  ################################

// check, if we need to get some global vars or if we need to include them
if( !defined ("VWAR_COMMON_INCLUDED") )
{
   $vwar_root = $vwar_xroot;
   require_once ( $vwar_root . "includes/functions_common.php" );
}

if ( $include == 1 )
{
   include_once ( $vwar_root . "_header.php" );
}

if(!defined("VWAR_LAST_ACTIVITY") && $whoisonline == 1 && !empty($GPC['vwarid']))
{
   define("VWAR_LAST_ACTIVITY", 1);
   $vwardb->query("UPDATE vwar".$n."_member SET lastactivity = '".time()."' WHERE memberid = '".$GPC['vwarid']."'");
}
?>
<table border="0" cellpadding="0" cellspacing="0" align="center">
   <tr>
      <td align="center" colspan="2"><b>Activities in the last <?php echo $onlinetime; ?> minutes</b></td>
   </tr>
<?php
$query = $vwardb->query("
   SELECT memberid, name, lastactivity
   FROM vwar".$n."_member WHERE lastactivity > ".(time() - $onlinetime * 60)."
");
if ($vwardb->num_rows($query) == 0)
{
?>
   <tr>
      <td align="center" width="100%">Nobody online right now</td>
   </tr>
<?php
}
else
{
   while ($row = $vwardb->fetch_array($query))
   {
      dbSelect ($row);
   ?>
   <tr>
      <td align="left" width="70%">» <a href="modules.php?name=<?php echo $vwarmod; ?>&file=member&action=profile&memberid=<?php echo $row['memberid']; ?>"><?php echo $row['name']; ?></a></td>
      <td align="right" width="30%"><?php echo date("H:i",$row['lastactivity']); ?></td>
   </tr>
   <?php
   }
}
$vwardb->free_result($query);
?>
</table>
<?php
if ( $include == 1 )
{
   include_once ( $vwar_root . "_footer.php" );
}
?>




If anyone could help me, I'd be very happy :p

Grtz,

Stickie
Author

RE: SQL injection.

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 30-12-07 11:29
Code
foreach($_GET as $name => $var){
$_GET[$name] = mysql_escape_string($var);
}





http://www.hellboundhackers.org/
Author

RE: SQL injection.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-12-07 11:50
Thanks but,

Where do I put it? Shock
Author

RE: SQL injection.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 30-12-07 13:20
Before you are going to handle any GET request, obviously, try the top of the page ;x.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net