Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 16
Members Online: 1

Registered Members: 82904
Newest Member: jamessmith123
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-08-09 22:59
I posted in the shout box but screw it I will just make a post. I have Revamped my Nu Aira Hackers website. Though I am afraid it might be Vulnerable to SSI. I tried a few things myself but I was wondering if some one with more knowledge would test it out for me.

www.nuaira.isgreat.org

Site is still in beta so not all the features work.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-08-09 23:03
No I did not, my host must have. Will change ASAP.




Edited by on 04-08-09 23:04
Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 01:46
Btw what exactly did you find? And how did you find it.

EDIT : Just took the forums down. I plan on using new / different software next time.




Edited by on 05-08-09 06:58
Author

RE: SSI attack on my site?

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 05-08-09 11:39
upload_files.php. Not good.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 15:04
korg wrote:
upload_files.php. Not good.


Your too late i've already found that. Pfft , but have you actually uploaded anything successfully? I get invalid file with .jpeg .gif .html .php files, tried php shell in jpg too. He probably hasn't enabled it etc. Just be sure when you do you restrict its access.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 17:09
I restricted access to a few image formats already. Though after I was done testing I set the size limit to 20 ( I think thats in KB ). So thats why you get errors. I am going to use it once my member system in in place. That why users can up load avatars.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 17:14
Just be sure to restrict it to members only, i assume that will come with your member system.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 17:20
Yes of course, so every one here will have a new playground to fuck with for awhile. Once I start implementing more features and you all come around and break them lol.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-09 19:00
I should have known Mosh. Lulz

EDIT: What I learned, Never take anything at face value (why do I always learn the hard way?). The clever lessons that Mosh teaches, I wonder if you plan it that way or if your just such an ass that I force myself to find a silver lining.





Edited by on 05-08-09 19:07
Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-09 00:43
I didn't say you were not smart enough, I just don't think you would put that kind of effort into me.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-09 00:58
Im sure, though I no longer take what you say at face value. So I will assume it took you hours of planning and research.




Edited by on 06-08-09 01:00
Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-09 01:05
You have been planing for months, just waiting for the right moment to strike. Thats why you were so quick to the jump.


Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-09 03:17
I would never do such a thing. Grin

Back on topic: I have implemented a unique hit counter that logs new IPs, User Agent, Referrer, and date / time inside of a MySQL database. Feel free to attack, and let me know if you find any results. I will keep updating this thread with alerts of new features as I put them up.

Not sure what the prize will be for reporting the issue to me. Maybe a mod will award community points here on HBH. But I will give you a mention some were on my site for sure.




Edited by on 06-08-09 03:19
Author

RE: SSI attack on my site?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-09 03:46
Yes I sure did. I know someone could try a SQL injection threw the user agent, thats why I posted that feature up there. Just want to make sure its implemented correctly.