February 2012
1 post
Deltascripts.com *promo* code!
Get everything for free with this unique promo code: pastebin.com/j9Qkdsyg
This gets you everything off their site, such as their $349 “PHP Classifieds” script.
I’m posting this to raise awareness. If a company like this can’t even protect what’s most valuable to them, how do you think they can protect what’s most valuable to you and your users?
It has...
May 2011
1 post
BigDump, big goof!
I just had to import a big database, and I used BigBump for that.
My dirty mind immediately thought, how many people do actually leave the script on the server after importing their databases? Turns out, a lot.
Now that’s pretty careless, but hey, their loss is my gain. Pretty quickly I found my first victim: A phpBB board. I always used to be more of a vBulletin guy, and since I have no...
Client-side password hashing before log-in.
UPDATE: This method protects your password (slightly, at least), but it does not protect user accounts on the forum. If someone *sniffed* your password hash, it could just be captured and resent to the server it was gathered from, along with your user name. The forum would not know whether the hash was directly submitted, or if your Javascript code created it before logging in.
I’ve...
9 tags
Dear "CyD Software Labs"...
CyD Software Labs claim themselves “WEB security specialists”.
Sounds great… so I decided to look at the stuff they’re actually doing. After a short while, I stumbled up on this post about Cross Site Scripting (XSS).
While they make a good point about HTML entities, they’re completely forgetting SQL injections. The code they’re suggesting to prevent Cross Site...
Some common PHP security pitfalls...
… and how to exploit them.
Chapter One: Image uploading.
Allowing users to upload files to your server needs to be done carefully. Very carefully. If a user manages to upload a (PHP) script, they’ll be able to do pretty much anything with your server, including the database (if any).
Let’s assume for a moment that you only want to allow images to be uploaded. So how can you...
April 2010
2 posts
Dreamweaver CS4 and PHP 5.3 code highlighting.
Dreamweaver CS4 was released in late 2008, when a lot of PHP 5’s functions weren’t available yet (especially PHP 5.3’s stuff). Needless to say, those functions/constants, and language constructs won’t be highlighted properly. But luckily, this is easy to fix.
There’s an XML file located at:
C:\Program Files\Adobe\Adobe Dreamweaver...
It's time again... exit;
As most of you probably don’t know, I work in a real estate agency. So every now and then I search for new websites where I can upload our properties to.
Recently I came across bancodecasas.com
When I first saw the site, I already had the feeling that something wasn’t quite right with it.
The site allows you to upload up to 8 images per property. So basically, you have 8 steady...
February 2010
5 posts
Fun with JavaScript injection.
UPDATE: Now that I’ve patched the exploit, you might no longer be able to inject your code. So in this post I’ll just assume that you’ve found your way to inject code and are curious as to what you can do now.
Now that we can inject JavaScript into our posts, why not have some fun with it?
How about we make some users give us some reputation? I wrote some functions which make...
Unwanted promotion.
UPDATE: I’ve patched this exploit using my newly acquired admin powers. It will no longer work. So don’t waste your time! ;p
There’s another section on this site, where users can upload their music to promote it.
On the front page of the forum, there are the top 5 songs of the month. (The 5 most played songs).
In the user CP, there’s a form where you can upload your...
Don't ever trust the user... he might be a cunt!
I’m still on the same message board, and I’m still looking for useful exploits.
I think the only things that keeps me motivated are boredom, and the fact that there are so many exploits.
Here’s a new one.
There are two plug-ins that work together. A public gallery (PhotoPost), and a custom add-on by the admin, which allows users to customize their post area. You can set a...
htmlspecialchars() doesn't prevent JavaScript...
In this post, I’ll be using the same exploit as in the last post.
Yet again, the user input wasn’t being escaped using mysql_real_escape_string(). I figured this out the same way I always do, by entering a single quote and receiving a MySQL error about an invalid syntax.
However, htmlspecialchars() with default quote style ENT_COMPAT was applied. This results in my input being...
7 tags
How to take ownership of a forum.
UPDATE: I’ve patched this exploit using my newly acquired admin powers. It will no longer work. So don’t waste your time! ;p
I’ve been on this vBulletin message board for quite a while now, and we have a problem there; The administrator left us for dead. He hasn’t been online for… way too long, and we need some changes on the site.
I figured this was an...