Title: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 04:03:19 PM http://198.12.67.18/test
A few days ago someone got into my server, got my SQL credentials (located @ config.php), and modified some files (https://i.imgur.com/11xKw7U.png) and other shenanigans using the login form above. I'm unsure how it was done and I'd like to know if someone could hack it again. I'm not offering much - 0.05BTC - but the coins are yours for repeating what he did and letting me know how it was done. It only took them a couple minutes, and the form there should be enough. The exploit uses login.php. Title: Re: Hack my site, receive bitcoins Post by: ReCat on June 19, 2013, 04:27:04 PM Have you got input sanitation in place? I think the method they used was simply SQL Injection. I can't test, though, since the database is either offline or the form php file isn't configured correctly. But you just have to prevent SQL injection by sanitizing the input.
Php.net has a huge article all about it. http://php.net/manual/en/security.database.sql-injection.php Shows common attacks, and the solution. "Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges." Sanitize anything coming from the client that you're going to insert into a database using mysqli_real_escape_string. PHP.Net documentation for that here http://www.php.net/manual/en/mysqli.real-escape-string.php Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 04:29:50 PM Have you got input sanitation in place? I think the method they used was simply SQL Injection. I can't test, though, since the database is either offline or the form php file isn't configured correctly. But you just have to prevent SQL injection by sanitizing the input. Php.net has a huge article all about it. http://php.net/manual/en/security.database.sql-injection.php Shows common attacks, and the solution. "Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges." Sanitize anything coming from the client that you're going to insert into a database using mysqli_real_escape_string. PHP.Net documentation for that here http://www.php.net/manual/en/mysqli.real-escape-string.php The was the first thing I took a look at. No changes in the database, and even if they were, I don't see how it would cause the page itself to be modified on load pre-login. Title: Re: Hack my site, receive bitcoins Post by: ReCat on June 19, 2013, 04:34:11 PM Were the credentials for the database the same as credentials for ssh or any other file server running?
Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 04:38:31 PM Were the credentials for the database the same as credentials for ssh or any other file server running? No.Title: Re: Hack my site, receive bitcoins Post by: ReCat on June 19, 2013, 05:12:25 PM Perhaps it's something else.
http://httpd.apache.org/security/vulnerabilities_22.html Here there seems to be some documented vulnerabilities for the version of the webserver you are running. Perhaps that's why and perhaps you should update to the latest version? Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 05:16:01 PM Perhaps it's something else. I'm fairly certain the exploit uses my login form and not an apache exploit.http://httpd.apache.org/security/vulnerabilities_22.html Here there seems to be some documented vulnerabilities for the version of the webserver you are running. Perhaps that's why and perhaps you should update to the latest version? Title: Re: Hack my site, receive bitcoins Post by: td204 on June 19, 2013, 05:20:27 PM I will give it a try later today.. Sure it was done through the form and not through FTP?
Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 05:39:11 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.Title: Re: Hack my site, receive bitcoins Post by: Gordon Bleu on June 19, 2013, 05:43:40 PM Not sure if just Social Engineering
Title: Re: Hack my site, receive bitcoins Post by: grue on June 19, 2013, 06:02:58 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 06:05:22 PM do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass.
Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 06:14:47 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 06:20:28 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache? Code: <?php Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 06:28:26 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache? Code: <?php Still searching for the actual exploit. The hacker claimed it was relatively simple to execute but I can't imagine how he manage to modify the page permanently unless he had a way to escape and execute his own PHP. Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 06:31:35 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache? Code:
Still searching for the actual exploit. The hacker claimed it was relatively simple to execute but I can't imagine how he manage to modify the page permanently unless he had a way to escape and execute his own PHP. their may be a exploit in the apache server that hosts the site. in regular apache that isn't modified it would take someone a few seconds to gain access and deface a site or have access to all the files. You might be able ot find how he did it be googling something to do with apache and defacing sites/ gaining access to db's Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 06:40:09 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache? Code:
Still searching for the actual exploit. The hacker claimed it was relatively simple to execute but I can't imagine how he manage to modify the page permanently unless he had a way to escape and execute his own PHP. their may be a exploit in the apache server that hosts the site. in regular apache that isn't modified it would take someone a few seconds to gain access and deface a site or have access to all the files. You might be able ot find how he did it be googling something to do with apache and defacing sites/ gaining access to db's Title: Re: Hack my site, receive bitcoins Post by: escrow.ms on June 19, 2013, 06:47:34 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. You can check server logs to know what he did.Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 06:51:32 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. if he was using the form then he used sql injection which i provided the fix above for. Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 19, 2013, 09:00:38 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. if he was using the form then he used sql injection which i provided the fix above for. Is apache the only other potential beach? Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 09:49:29 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. if he was using the form then he used sql injection which i provided the fix above for. Is apache the only other potential beach? Ive dealt with apache holes in the past. Most professional hosts have those blocked as its really easy to block the holes. The problem i saw with your website and what you are describing is that he jsut sql injected. I cannot recreate what he did exactly but if you look up sql injections you will see a boatload of different ones that can be used to gain super/root access to database's etc. I believe he just used a simple sql injection. my script i provided you with just looks for sql injection like codes put it. it logs the string they used, the ip, and a few other things in a .txt named [WEB]SQL_Injection.txt. and example of logs are here: Quote IP: 142.68.145.165 Method: COOKIE Value: {"distinct_id": "75dde009-e9fe-4dd3-a685-b758925f480f","$initial_referrer": "$direct","$initial_referring_domain": "$direct"} Script: Time: Sunday 20th 2012f May 2012 03:48:52 PM ================================== this guy tried to send that value to inject something into my game servers website database. failed as you an see. logs it for you to do w/e with. whati do with the ips is i just ban them from my game, websites, etc which is really easy to do. If you like to have some fun you can use his ip to find out were he lives, sniff the ip for open ports, security holes so that then you can put a "suprise" on his computer. i don't condone doing this just and example :) i put this on anything that has any contact with my database. also your config files on your website * i didnt sniff your site* but you should block access to stuff that a normal user should not have access to using .htaccess. cpanel also has a feature to do this for you. im old school so i write my .htaccess by hand. Title: Re: Hack my site, receive bitcoins Post by: papaminer on June 19, 2013, 09:52:02 PM it probably your little 10yr old sister... who knows user/pass :P
j/k Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 10:25:09 PM it probably your little 10yr old sister... who knows user/pass :P j/k lol could be :x Title: Re: Hack my site, receive bitcoins Post by: johnnyfla123 on June 19, 2013, 10:55:39 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. if he was using the form then he used sql injection which i provided the fix above for. Is apache the only other potential beach? apache doesn't look like it is a potential issue unless you are using stock apache. lol if you are using cpanel or plesk for the webhost then it should be fine. the only i found was the sql. running a sniffer on your site brought up no holes in security for me at least. : P the only way he could of gotten access to the database is 1 if you have remote login. and 2 if you didnt have slq protected inputs. which you fixed i guess. Title: Re: Hack my site, receive bitcoins Post by: Inedible on June 19, 2013, 11:00:49 PM I think the point everyone is missing is that the PHP file was altered.
Not something that's easy to do from the database. Title: Re: Hack my site, receive bitcoins Post by: 🏰 TradeFortress 🏰 on June 19, 2013, 11:02:11 PM Do you use eval() anywhere?
Title: Re: Hack my site, receive bitcoins Post by: td204 on June 19, 2013, 11:08:42 PM Just as a sanity check; the screenshot you provided, is this what you actually saw yourself?
Or is this what the 'hacker' provided you with? I did some checks on your website, but there is nothing really compromised as far as I can see. I did manage to register on your website and inject some code into scan.php e.g.: http://198.12.67.18/test/scan.php?code=%22%22%3ETroolol%3Ca By some source-code reviewing I saw you had used a login-script you downloaded somewhere ("Registration/Login Form by html-form-guide.com"). By downloading the package I found out which php-files exist in your directory (or existed) and managed to register myself as user "test". Didn't spend a lot of time, but maybe the code is vulnerable somewhere. The package I downloaded seems okay.. did you get an older version? Title: Re: Hack my site, receive bitcoins Post by: vit1988 on June 19, 2013, 11:10:44 PM Well... the form is vulnerable to XSS (and screenshot looks like, too) as single quotes in inputs are not escaped... but that alone would not gain him database credentials. did he really modify some files or only made it look like they were modified?
Can you provide the php source code? A code rewiew would be easier than blind guessing. Proof for XSS: enter Code: ' onfocus='alert(1337) Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 20, 2013, 05:11:27 AM I think the point everyone is missing is that the PHP file was altered. This.Not something that's easy to do from the database. Do you use eval() anywhere? No.Just as a sanity check; the screenshot you provided, is this what you actually saw yourself? That is what I saw and everyone else visiting my site.Or is this what the 'hacker' provided you with? I did some checks on your website, but there is nothing really compromised as far as I can see. I did manage to register on your website and inject some code into scan.php e.g.: http://198.12.67.18/test/scan.php?code=%22%22%3ETroolol%3Ca By some source-code reviewing I saw you had used a login-script you downloaded somewhere ("Registration/Login Form by html-form-guide.com"). By downloading the package I found out which php-files exist in your directory (or existed) and managed to register myself as user "test". Didn't spend a lot of time, but maybe the code is vulnerable somewhere. The package I downloaded seems okay.. did you get an older version? Well... the form is vulnerable to XSS (and screenshot looks like, too) as single quotes in inputs are not escaped... but that alone would not gain him database credentials. did he really modify some files or only made it look like they were modified? He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. td204 is right in that I am using that 3rd party form for logins, so you can look for it and see the source.Can you provide the php source code? A code rewiew would be easier than blind guessing. Proof for XSS: enter Code: ' onfocus='alert(1337) Title: Re: Hack my site, receive bitcoins Post by: 🏰 TradeFortress 🏰 on June 20, 2013, 09:00:14 AM Quote He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. What? You know that you pay 0.05 BTC regardless, so why not make it faster by (privately) releasing the source? Also, check access logs. Title: Re: Hack my site, receive bitcoins Post by: vit1988 on June 20, 2013, 09:09:43 AM He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. td204 is right in that I am using that 3rd party form for logins, so you can look for it and see the source. Did you get my PM? It's not the 3rd party part, it's (at least) your custom save script. Title: Re: Hack my site, receive bitcoins Post by: Inedible on June 20, 2013, 09:34:58 AM He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. td204 is right in that I am using that 3rd party form for logins, so you can look for it and see the source. I can understand why you're doing this as it recreates the environment that the hacker had but if you give everyone a copy of your source it'll a) prevent duplication of effort b) make it easier for people to debug c) other bugs might be identified for you d) will get you a much better response as you're only providing $5 for what amounts to penetration testing Title: Re: Hack my site, receive bitcoins Post by: bernard75 on June 20, 2013, 12:35:19 PM Can somebody check my site for a bounty?
PM me. Title: Re: Hack my site, receive bitcoins Post by: buyer on June 21, 2013, 01:52:45 AM I'll check both your sites, but your bounty is low... checking now....
Title: Re: Hack my site, receive bitcoins Post by: buyer on June 21, 2013, 02:06:55 AM dear OP. turn off your website. it's bad.
back in a couple. short version: You have more than 30 vulnerabilities including a severe one that you need to address immediately. I've only completed 5% of my scan. I think I found your problem. sending report via PM Title: Re: Hack my site, receive bitcoins Post by: grue on June 21, 2013, 02:44:36 AM short version: This sounds like those "your computer has 9001 viruses! click here for free security scan" ads.You have more than 30 vulnerabilities including a severe one that you need to address immediately. I've only completed 5% of my scan. Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 21, 2013, 03:07:51 AM dear OP. turn off your website. it's bad. Actually, you didn't find anything but the already existing XSS that I knew about... using Web Vulnerability Scanner.back in a couple. short version: You have more than 30 vulnerabilities including a severe one that you need to address immediately. I've only completed 5% of my scan. I think I found your problem. sending report via PM Title: Re: Hack my site, receive bitcoins Post by: buyer on June 21, 2013, 03:37:51 AM lol, oh ok... so the 49 vulnerabilities including 25 serious ones mean nothing.
why are you asking for help if you obviously know it all and can't learn a thing? my assessment of your high school coding is worth thousands. jackass here's the report I sent the idiot op, don't waste your time tryng to earn his pittance offer http://s3.postimg.org/rnegf0m6n/Untitled.jpg (http://postimg.org/image/rnegf0m6n/) I hit your server 25,000 times. You have serious vulnerabilities as listed in this image: http://postimg.org/image/rnegf0m6n/ 06.20 20:04.24, Started scanning http://http:80//198.12.67.18/test:80/ ... 06.20 20:04.24, Start URL : http://http:80//198.12.67.18/test:80/ 06.20 20:04.24, Scanning Mode : Heuristic 06.20 20:04.24, Server banner: Unknown 06.20 20:04.25, Crawling started, URL: http://http//198.12.67.18/test:80/ 06.20 20:04.26, Unable to detect custom 404 pattern automatically. 06.20 20:04.26, Some crawling options will be automatically disabled. 06.20 20:04.26, Processing file /198.12.67.18/test:80 06.20 20:04.27, Analyzing client side JavaScripts 06.20 20:04.27, Analyzing file: http://http/198.12.67.18/test:80/ 06.20 20:04.27, Script analysis done 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 1) 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 2) 06.20 20:04.27, Searching for possible site errors. 06.20 20:04.27, Searching for aspect alerts. 06.20 20:04.27, Crawling done. 06.20 20:04.27, Scanning started. 06.20 20:05.20, Finished scanning. 06.20 20:05.20, Flush file buffers. 06.20 20:05.41, Started scanning http://198.12.67.18:80/test:80/ ... 06.20 20:05.41, Start URL : http://198.12.67.18:80/test:80/ 06.20 20:05.41, Scanning Mode : Heuristic 06.20 20:05.41, Server banner: Apache 2.x 06.20 20:05.41, Crawling started, URL: http://198.12.67.18/test:80/ 06.20 20:05.42, Apache mod_negotiation filename bruteforcing 06.20 20:05.42, Error page Web Server version disclosure 06.20 20:05.43, Searching for possible site errors. 06.20 20:05.43, Searching for aspect alerts. 06.20 20:05.43, Crawling done. 06.20 20:05.43, Scanning started. 06.20 20:05.45, Apache httpd Remote Denial of Service 06.20 20:06.00, CSRF testing finished. 06.20 20:06.00, Finished scanning. 06.20 20:06.00, Flush file buffers. 06.20 20:06.47, Started scanning http://198.12.67.18:80/ ... 06.20 20:06.47, Start URL : http://198.12.67.18:80/ 06.20 20:06.47, Scanning Mode : Heuristic 06.20 20:06.47, Server banner: Apache 2.x 06.20 20:06.47, Crawling started, URL: http://198.12.67.18/ 06.20 20:06.49, Processing file / 06.20 20:06.49, Apache mod_negotiation filename bruteforcing 06.20 20:06.49, Error page Web Server version disclosure 06.20 20:06.51, Analyzing client side JavaScripts 06.20 20:06.51, Analyzing file: http://198.12.67.18/ 06.20 20:06.51, Script analysis done 06.20 20:06.51, Processing file / (variation 1) 06.20 20:06.51, Processing file / (variation 2) 06.20 20:06.51, Searching for possible site errors. 06.20 20:06.51, Searching for aspect alerts. 06.20 20:06.51, Crawling done. 06.20 20:06.51, Scanning started. 06.20 20:06.51, Apache httpd Remote Denial of Service 06.20 20:07.08, Possible sensitive files 06.20 20:07.12, Possible sensitive directories 06.20 20:07.15, Possible sensitive directories 06.20 20:07.53, Restart crawling 06.20 20:07.53, Processing file /test.php 06.20 20:07.53, Processing file /phpmyadmin 06.20 20:07.53, Processing file /test 06.20 20:07.53, Processing file /index.php 06.20 20:07.54, Processing file /test 06.20 20:07.54, Processing file /phpmyadmin 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /test/basic.css 06.20 20:07.54, Processing file /test/login.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 1) 06.20 20:07.54, Processing file /phpmyadmin/themes 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 2) 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 4) 06.20 20:07.54, Processing file /phpmyadmin/themes/original 06.20 20:07.54, Processing file /phpmyadmin/themes/original/img 06.20 20:07.54, Processing file /phpmyadmin/phpmyadmin.css.php 06.20 20:07.54, Processing file /phpmyadmin/Documentation.html 06.20 20:07.55, Processing file /phpmyadmin/Documentation.html (variation 1) 06.20 20:07.56, Processing file /phpmyadmin/print.css 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 1) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 3) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Processing file /test/style/fg_membersite.css 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /test/scripts/gen_validatorv31.js 06.20 20:07.56, Processing file /test/style 06.20 20:07.56, Processing file /test/login.php (variation 1) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /test/UPC.ttf 06.20 20:07.56, Processing file /phpmyadmin/themes 06.20 20:07.56, Processing file /phpmyadmin/themes/original 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 2) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/themes/original/img 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 7) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 5) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 9) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/changelog.php 06.20 20:07.57, Processing file /phpmyadmin/docs.css 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 6) 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 8) 06.20 20:07.57, Processing file /phpmyadmin/translators.html 06.20 20:07.57, Broken links 06.20 20:07.57, Processing file /phpmyadmin/license.php 06.20 20:07.57, Processing file /test/scripts 06.20 20:08.06, Processing file /test/style 06.20 20:08.06, Processing file /test/scripts 06.20 20:08.08, Processing file /phpmyadmin/setup 06.20 20:08.08, Analyzing client side JavaScripts 06.20 20:08.08, Analyzing file: http://198.12.67.18/phpmyadmin/ 06.20 20:08.08, Analyzing file: http://198.12.67.18/test/login.php 06.20 20:08.08, Script analysis done 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 11) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 10) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 12) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Searching for possible site errors. 06.20 20:08.08, Searching for aspect alerts. 06.20 20:08.08, Session Cookie without HttpOnly flag set 06.20 20:08.08, Session Cookie without Secure flag set 06.20 20:08.08, Crawling done. 06.20 20:08.08, Scanning started. 06.20 20:08.18, Cross Site Scripting (verified) 06.20 20:35.33, Cross Site Scripting (verified) 06.20 20:35.33, Possible username or password disclosure 06.20 20:35.37, Possible server path disclosure (Unix) 06.20 20:35.37, Possible username or password disclosure 06.20 20:35.38, Error message on page 06.20 20:35.39, Email address found 06.20 20:35.40, Email address found 06.20 20:35.40, Possible server path disclosure (Unix) 06.20 20:36.09, Possible sensitive directories Title: Re: Hack my site, receive bitcoins Post by: n4ru on June 21, 2013, 03:48:10 AM lol, oh ok... so the 49 vulnerabilities including 25 serious ones mean nothing. Running an app you downloaded is so serious bro. Especially when it finds the one "serious" vuln that I already knew about.why are you asking for help if you obviously know it all and can't learn a thing? my assessment of your high school coding is worth thousands. jackass here's the report I sent the idiot op: I hit your server 25,000 times. You have serious vulnerabilities as listed in this image: http://postimg.org/image/rnegf0m6n/ 06.20 20:04.24, Started scanning http://http:80//198.12.67.18/test:80/ ... 06.20 20:04.24, Start URL : http://http:80//198.12.67.18/test:80/ 06.20 20:04.24, Scanning Mode : Heuristic 06.20 20:04.24, Server banner: Unknown 06.20 20:04.25, Crawling started, URL: http://http//198.12.67.18/test:80/ 06.20 20:04.26, Unable to detect custom 404 pattern automatically. 06.20 20:04.26, Some crawling options will be automatically disabled. 06.20 20:04.26, Processing file /198.12.67.18/test:80 06.20 20:04.27, Analyzing client side JavaScripts 06.20 20:04.27, Analyzing file: http://http/198.12.67.18/test:80/ 06.20 20:04.27, Script analysis done 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 1) 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 2) 06.20 20:04.27, Searching for possible site errors. 06.20 20:04.27, Searching for aspect alerts. 06.20 20:04.27, Crawling done. 06.20 20:04.27, Scanning started. 06.20 20:05.20, Finished scanning. 06.20 20:05.20, Flush file buffers. 06.20 20:05.41, Started scanning http://198.12.67.18:80/test:80/ ... 06.20 20:05.41, Start URL : http://198.12.67.18:80/test:80/ 06.20 20:05.41, Scanning Mode : Heuristic 06.20 20:05.41, Server banner: Apache 2.x 06.20 20:05.41, Crawling started, URL: http://198.12.67.18/test:80/ 06.20 20:05.42, Apache mod_negotiation filename bruteforcing 06.20 20:05.42, Error page Web Server version disclosure 06.20 20:05.43, Searching for possible site errors. 06.20 20:05.43, Searching for aspect alerts. 06.20 20:05.43, Crawling done. 06.20 20:05.43, Scanning started. 06.20 20:05.45, Apache httpd Remote Denial of Service 06.20 20:06.00, CSRF testing finished. 06.20 20:06.00, Finished scanning. 06.20 20:06.00, Flush file buffers. 06.20 20:06.47, Started scanning http://198.12.67.18:80/ ... 06.20 20:06.47, Start URL : http://198.12.67.18:80/ 06.20 20:06.47, Scanning Mode : Heuristic 06.20 20:06.47, Server banner: Apache 2.x 06.20 20:06.47, Crawling started, URL: http://198.12.67.18/ 06.20 20:06.49, Processing file / 06.20 20:06.49, Apache mod_negotiation filename bruteforcing 06.20 20:06.49, Error page Web Server version disclosure 06.20 20:06.51, Analyzing client side JavaScripts 06.20 20:06.51, Analyzing file: http://198.12.67.18/ 06.20 20:06.51, Script analysis done 06.20 20:06.51, Processing file / (variation 1) 06.20 20:06.51, Processing file / (variation 2) 06.20 20:06.51, Searching for possible site errors. 06.20 20:06.51, Searching for aspect alerts. 06.20 20:06.51, Crawling done. 06.20 20:06.51, Scanning started. 06.20 20:06.51, Apache httpd Remote Denial of Service 06.20 20:07.08, Possible sensitive files 06.20 20:07.12, Possible sensitive directories 06.20 20:07.15, Possible sensitive directories 06.20 20:07.53, Restart crawling 06.20 20:07.53, Processing file /test.php 06.20 20:07.53, Processing file /phpmyadmin 06.20 20:07.53, Processing file /test 06.20 20:07.53, Processing file /index.php 06.20 20:07.54, Processing file /test 06.20 20:07.54, Processing file /phpmyadmin 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /test/basic.css 06.20 20:07.54, Processing file /test/login.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 1) 06.20 20:07.54, Processing file /phpmyadmin/themes 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 2) 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 4) 06.20 20:07.54, Processing file /phpmyadmin/themes/original 06.20 20:07.54, Processing file /phpmyadmin/themes/original/img 06.20 20:07.54, Processing file /phpmyadmin/phpmyadmin.css.php 06.20 20:07.54, Processing file /phpmyadmin/Documentation.html 06.20 20:07.55, Processing file /phpmyadmin/Documentation.html (variation 1) 06.20 20:07.56, Processing file /phpmyadmin/print.css 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 1) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 3) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Processing file /test/style/fg_membersite.css 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /test/scripts/gen_validatorv31.js 06.20 20:07.56, Processing file /test/style 06.20 20:07.56, Processing file /test/login.php (variation 1) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /test/UPC.ttf 06.20 20:07.56, Processing file /phpmyadmin/themes 06.20 20:07.56, Processing file /phpmyadmin/themes/original 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 2) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/themes/original/img 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 7) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 5) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 9) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/changelog.php 06.20 20:07.57, Processing file /phpmyadmin/docs.css 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 6) 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 8) 06.20 20:07.57, Processing file /phpmyadmin/translators.html 06.20 20:07.57, Broken links 06.20 20:07.57, Processing file /phpmyadmin/license.php 06.20 20:07.57, Processing file /test/scripts 06.20 20:08.06, Processing file /test/style 06.20 20:08.06, Processing file /test/scripts 06.20 20:08.08, Processing file /phpmyadmin/setup 06.20 20:08.08, Analyzing client side JavaScripts 06.20 20:08.08, Analyzing file: http://198.12.67.18/phpmyadmin/ 06.20 20:08.08, Analyzing file: http://198.12.67.18/test/login.php 06.20 20:08.08, Script analysis done 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 11) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 10) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 12) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Searching for possible site errors. 06.20 20:08.08, Searching for aspect alerts. 06.20 20:08.08, Session Cookie without HttpOnly flag set 06.20 20:08.08, Session Cookie without Secure flag set 06.20 20:08.08, Crawling done. 06.20 20:08.08, Scanning started. 06.20 20:08.18, Cross Site Scripting (verified) 06.20 20:35.33, Cross Site Scripting (verified) 06.20 20:35.33, Possible username or password disclosure 06.20 20:35.37, Possible server path disclosure (Unix) 06.20 20:35.37, Possible username or password disclosure 06.20 20:35.38, Error message on page 06.20 20:35.39, Email address found 06.20 20:35.40, Email address found 06.20 20:35.40, Possible server path disclosure (Unix) 06.20 20:36.09, Possible sensitive directories Skid' on out of here. Title: Re: Hack my site, receive bitcoins Post by: buyer on June 21, 2013, 03:56:37 AM Gee if you see the problem why are you still allowing hackers full access to your buddies server? nm, you clearly know what you are doing. ::)
|