Help me to HACK MY SITE !!!

_Sonic_ · Post by **_Sonic_** » 12 Jan 2009, 15:05

Hey guys wazup. I coded a little php site n i am not sure if its safe agains php exploits ect. So i have a beta version running ryt now to let you guys have a crack on it.

So if u skilled at tht please try n help me a lil wht i could do to keep it more secure. Thanks

Ps: its running on a old local machine so server security is on low. Do me a favour n dont b to mean if u break in

www.taneu.de is the page and beta testing is till 14th then the local server will shut down so help me out guys. Thanks

Post by **bad_brain** » 12 Jan 2009, 15:36

I know that guy, so the post can stay...

Still_Learning · Post by **Still_Learning** » 12 Jan 2009, 18:46

Sounds like a free war game

rhysh · Post by **rhysh** » 12 Jan 2009, 20:41

https://my.controlscan.com/threats/details.cgi?id=33477

Code: Select all

Not Found

The requested URL /FNFNFNFNF was not found on this server.
Apache/2.2.9 (Debian) Server at www.taneu.de Port 80

i see u must have disabled telnet cos i had problems telnet'ing into it on port 80

anyways

Post by **pseudo_opcode** » 12 Jan 2009, 21:13

@rhysh
1. you double post- its ok, must be by mistake
2. You need to learn more about telnet. Disabling telnet does not mean you cant telnet to any other port.
3.He wants us to tell him how secure his code is, and php exploits, its clearly mentioned, i dont understand why are you trying to telnet?

Post by **pseudo_opcode** » 12 Jan 2009, 21:31

@sonic

i just had a quick look, the script seems fine, i havent checked the forms inputs yet,

still i got to extract a mysql error, probably harmless, but i may think of a way to exploit it later.. anyway

Code: Select all

http://www.taneu.de/index.php?page=search&search=adfasdg&cat=%27&num=9999999999999

you can always post the code which might be able to help us find any flaws, quickly

_Sonic_ · Post by **_Sonic_** » 12 Jan 2009, 21:53

pseudo_opcode wrote:@sonic

i just had a quick look, the script seems fine, i havent checked the forms inputs yet,

still i got to extract a mysql error, probably harmless, but i may think of a way to exploit it later.. anyway
Code: Select all
http://www.taneu.de/index.php?page=search&search=adfasdg&cat=%27&num=9999999999999
you can always post the code which might be able to help us find any flaws, quickly

That is interessting, nice im not sure if u could use it to exploit it though

otherwise

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '3.0E+14, 30' at line 1

still scarry

skip · Post by **skip** » 12 Jan 2009, 22:40

hey sonic whats up.

Post by **Gogeta70** » 13 Jan 2009, 00:06

skip wrote:hey sonic whats up.

Not good posting material. Good pm material. Not ok. Got it? Good.

Post by **bad_brain** » 13 Jan 2009, 03:48

Sonic, you might have a look at the latest download I added, a tool named "Pixy"....you can scan your source files for possible XSS and SQLi flaws with it...

uid0 · Post by **uid0** » 13 Jan 2009, 04:32

@_Sonic_

Besides bad_brain suggestion about pixy, you could also try basic test using things like acunetix or nstalker.

Also, ratproxy can give very interesting data about get/post requests

I've tested a few forms and it seems that sanitize is being done, didn't check every possible attack though

One thing that you might want to check is validation of get values, for instance, to view pages this is normally used:

index.php?page=view&id=1

There, we'll be seeing the page where ID number equals 1, so far so good, however, it doesn't seem that id is actually validated to see if it is a number, for instance, you can access this:

index.php?page=view&id=asdc

That won't do much but it will show the common template to see the pages, what it should be doing is sending a message that such an ID doesn't exists or redirect somewhere or anything like it. Right now the problem is that you can actually add data even though there's no page with an ID of "asdc", to understand what I mean just go that the url above and you should see data appended from a form test.

That sort of things are to keep an eye on because can be heavily abused by perl bots and the like

If an ID should be a number then you need to validated like wise

rhysh · Post by **rhysh** » 13 Jan 2009, 06:35

Code: Select all

C:\Documents and Settings\rhys.YOUR-D84FAEB5F5>telnet taneu.de 80
Connecting To taneu.de...Could not open connection to the host, on port 80: Conn
ect failed

and yeah i didnt post twice on purpose

anyways

i just have a habbit of using telnet for finding the version of the webserver as i often work in public libraries etc and right click or view source is disabled

so i use telnet which is not

anyways i know you can just use a 40* error to show its apache version or w/e so i did in this case

anyways i also know you can connect on many different port using telnet,though i usually use netcat

i dnt know where u get this idea that im stupid enough not to know what a port is,heck it used to be fun,and still is to port scan ppl for vnc and rdp etc

_Sonic_ · Post by **_Sonic_** » 13 Jan 2009, 23:08

Ya i know what you mean but for ryt now i jus wanted to know if someone is able to exploit it.I know its not the higest standard of php code im still learning. Well i shut the server down now im a bit happy tht the site is still there

thanks for your help i try web scanners now like bb said. C ya and thanks again