Bitcoin Forum
June 24, 2024, 10:45:45 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 [115] 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 »
2281  Other / Meta / Re: PMs and TOR - Dear mods, is it possible to whitelist me for TOR use? on: August 20, 2011, 08:12:07 PM
Connect to "Hide my ass" through a tor node Tongue
2282  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 is a go!] Hack my site {Server back up} on: August 20, 2011, 03:13:27 AM
From the looks of the database,  I just need to validate email addresses and I'm golden Wink
2283  Bitcoin / Project Development / Re: [Hack-A-Thon: In-Progress] Hack my site (Server Back up) on: August 20, 2011, 02:08:02 AM
SQL injection in qty parameter of cart.php?

If you send a single quote (') for the qty parameter,

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00'

you get a mysql database error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4

If you use two single quotes instead:

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00''

you don't get the error:

Code:
HTTP/1.1 302 Found
Date: Thu, 18 Aug 2011 04:21:44 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Location: /login.php?
Vary: Accept-Encoding
Content-Length: 13
Connection: close
Content-Type: text/html


So it looks like the site tries to block SQL injection, but you just URL-encode a NULL (%00) before the quote or whatever's getting blocked, and you've gotten around the filter.

So is this some kind of php extension that's checking for sql injection characters like the single quote?

Did you develop the shopping cart in-house, or is it "third-party" software?

Can you show us the code?

While it doesn't fix or prevent the underlying sql injection issue in the php code, I would have your developer add some more "friendly" and generic error handling so these mysql errors don't get sent back to the user.

I'm sure by the time I finish typing this someone will show you how to actually exploit the sql injection vulnerability.

I will give 0.30BTC for some one to successfully exploit this suggestion.

As a note I have only granted the following privileges scince the beginning of this hack-a-thon "SELECT,UPDATE,INSERT,DELETE"
2284  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 is a go!] Hack my site {Server back up} on: August 20, 2011, 01:10:44 AM
Looks like i forgot to reset prices back to .01BTC I'll change that so everyone can continue to test the shopping cart system and the refund system. Please PM if you you deposit money as I haven't made an admin panel that will notify me of such things and must to manual lookups.
2285  Bitcoin / Project Development / Re: BTCRadio - Bitcoin Shoutcast Radio Station on: August 20, 2011, 12:49:03 AM
See I knew there was a reason I included mplayer on the next release of linuxcoin Cheesy

Mplayer can play streams! Oh meh gezuhz ive been using amarok and that fails every hour Tongue
2286  Bitcoin / Project Development / Re: BTCRadio - Bitcoin Shoutcast Radio Station on: August 19, 2011, 11:51:15 PM
Finally got enuff posts to post on my own topic Cheesy

Anyway, yes we have plans on doing shows, music and news related.

The site is currently in the works, as those of you that have tried the link have noticed by now.

Any suggestions or advice? Any bit helps build a bigger/better site.

Are you affilated with BTCradio? I can't tell.
2287  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 is a go!] Hack my site {Server back up} on: August 19, 2011, 11:48:05 PM
Is it OK to go after the database server itself?

I won't kill it.  Grin

I encourage you to extract database information and provide a pastebin on it Cheesy

Something like that includes bonus rewards
2288  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 is a go!] Hack my site {Server back up} on: August 19, 2011, 10:57:17 PM
login.php is transmitting the password over regular HTTP.

Which reminds me to setup the SSL certs on the new server. Thanks mate!
2289  Bitcoin / Project Development / Re: [ANNOUNCE] Abe 0.5: Open Source Block Explorer Knockoff on: August 19, 2011, 07:21:54 PM
Watching github and following thread Wink
2290  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 starts 12AM] Hack my site (New server almost up) on: August 19, 2011, 07:18:13 PM
Hack-A-Thon is a go Cheesy

I've patched up some things and edited some stuff, let me know if you find anything this time. After this round I plan on doing some discussions with those that have offered the help to get right down to PHP security.
2291  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 starts 12AM] Hack my site (New server almost up) on: August 19, 2011, 07:07:00 PM
I know i said hack-a-thon would start at 12am today but I haven't uploaded new files. So I'm doing that right now....should only be 30 minutes then hack-a-thon will resume
2292  Bitcoin / Project Development / Re: What about a host which doesn't discriminate against people? on: August 19, 2011, 02:24:13 AM
if you've downloaded your clients from source forge you can checksum them your self

'k, will do, thanks.

Hmm, that begs the question, how to verify the checksum for those downloading them?

Say, I post a checksum for each client in a txt file. How do people downloading them know that it is valid?

Is there a way to point to an official/verified checksum that they can check against?

Thats a good question, If you can't find the original checksums, maybe there will be enough people to provide their checksums and you can get enough of the same confirmations to affirm that is the correct checksums.
2293  Bitcoin / Project Development / Re: What about a host which doesn't discriminate against people? on: August 19, 2011, 02:14:02 AM
Open directory on my seedbox with current clients:

Here

Let me know if there are any problems. Also, would be nice to include a link to the current checksums, but can't seem to find them.

if you've downloaded your clients from source forge you can checksum them your self
2294  Bitcoin / Bitcoin Discussion / Re: State of TradeHill [Bitcoin.com Announcement] on: August 19, 2011, 01:11:04 AM
Okay, so everyone's happy with treadmill being THE bitcoin.com company.  Great.  But remember when they do something you don't like on their site you can't say jack shit about it.

I do hope it all works out I'm just bring up the issue.

j

Its only THE bitcoin company when everyone thinks of it that way. But you do have a point. They could start hosting the bitcoin client on their main page imitating the .org website. and thus CONTROLLING TEH BITCOINZ!!
2295  Bitcoin / Project Development / Re: Should we buy bitcoin.com ? on: August 18, 2011, 11:09:58 PM
(found this thread again, hooray)

Tradehill has bought bitcoin.com... anyone know how much they paid?


guessing more then 10,000$
2296  Bitcoin / Project Development / Re: [Hack-A-Thon: In-Progress] Hack my site (Server Back up) on: August 18, 2011, 10:57:18 PM
SQL injection in qty parameter of cart.php?

If you send a single quote (') for the qty parameter,

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00'

you get a mysql database error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4

If you use two single quotes instead:

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00''

you don't get the error:

Code:
HTTP/1.1 302 Found
Date: Thu, 18 Aug 2011 04:21:44 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Location: /login.php?
Vary: Accept-Encoding
Content-Length: 13
Connection: close
Content-Type: text/html


So it looks like the site tries to block SQL injection, but you just URL-encode a NULL (%00) before the quote or whatever's getting blocked, and you've gotten around the filter.

So is this some kind of php extension that's checking for sql injection characters like the single quote?

Did you develop the shopping cart in-house, or is it "third-party" software?

Can you show us the code?

While it doesn't fix or prevent the underlying sql injection issue in the php code, I would have your developer add some more "friendly" and generic error handling so these mysql errors don't get sent back to the user.

I'm sure by the time I finish typing this someone will show you how to actually exploit the sql injection vulnerability.

From what I can tell you, I've basically just mysql_real_escape_string()'d everything before getting set to functions as well as the functions themselves mysql_real_escape_string().

Use PHP exceptions to check form input and handle any errors (ie. try/catch).  You can even extend the exception class to your liking.  I am willing to help you with this if need be.

Yes I'll definably needs some assistance with escaping.

PM'ing
2297  Bitcoin / Project Development / Re: [Hack-A-Thon: Round 2 starts 12AM] Hack my site (New server almost up) on: August 18, 2011, 10:24:56 PM
I will be requesting payment addresses today, while i fix up the new server. Round 2 starts at 12am pacific standard time and will go on as long as it must
2298  Bitcoin / Project Development / Re: [Hack-A-Thon: In-Progress] Hack my site (Server Back up) on: August 18, 2011, 10:23:21 PM
SQL injection in qty parameter of cart.php?

If you send a single quote (') for the qty parameter,

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00'

you get a mysql database error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4

If you use two single quotes instead:

Code:
POST /cart.php?act=add&productId= HTTP/1.1
***SNIP HEADERS ***

qty=1%00''

you don't get the error:

Code:
HTTP/1.1 302 Found
Date: Thu, 18 Aug 2011 04:21:44 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Location: /login.php?
Vary: Accept-Encoding
Content-Length: 13
Connection: close
Content-Type: text/html


So it looks like the site tries to block SQL injection, but you just URL-encode a NULL (%00) before the quote or whatever's getting blocked, and you've gotten around the filter.

So is this some kind of php extension that's checking for sql injection characters like the single quote?

Did you develop the shopping cart in-house, or is it "third-party" software?

Can you show us the code?

While it doesn't fix or prevent the underlying sql injection issue in the php code, I would have your developer add some more "friendly" and generic error handling so these mysql errors don't get sent back to the user.

I'm sure by the time I finish typing this someone will show you how to actually exploit the sql injection vulnerability.

From what I can tell you, I've basically just mysql_real_escape_string()'d everything before getting set to functions as well as the functions themselves mysql_real_escape_string().
2299  Economy / Services / Re: Pixel Images on: August 18, 2011, 08:09:50 PM
When does the world get to play 'Mango Mango Monsters MMORPG (MMMMMORPG)'? looks nostalgically fun!!
2300  Economy / Services / Re: [CLOSED] 1BTC to assist me with sending/recieving email on my ubuntu server on: August 18, 2011, 07:49:43 PM
Lol well at least you got it to work.

what is your animated avatar image doing?

I really can't tell if it is skooting around or doing a head bob?
Pages: « 1 ... 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 [115] 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!