Discussion in 'General Discussion' started by av0n, Apr 15, 2011.

  1. Anonymous Member

    You've also mangled our time. Fuck Completely Off!
    • Like Like x 3
  2. dmx Member

    Ok, you need to find a friendly hacker to help you with this man, and by friendly hacker I mean someone who is GOOD (not just a kid who points nmap and then some downloaded script, but one who knows how to *find* vunerabilities in software) you know IRL and can go after IRL if you get betrayed. Securing a website is not for amateurs. Tracing IPs from apache or php logs is NOT the only way to guard against this. There are tools that will plain out null-route hostile web traffic that don't keep on-disk logs.

    No offense, but if I was looking for a secure channel to discuss either legally suspect or "could get me sued , beaten up or put on a wierd cults shitlist" I wouldn't trust your site from what you've said so far.

    Don't take that as a personal slight. I wouldn't trust a site set up by ME either. But promising security without a full understanding of it can get people arrested, or shit in the case of some of the regimes anon has been tangled with, killed.
    • Like Like x 3
  3. WMAnon Member

    your site's broken
    • Like Like x 1
  4. av0n Member

    Yes I know, i'm moving some files around, check back in half an hour
  5. Anonymous Member

    is this like one of those things where you get creative people to freely submit their creativity, and then profit?
  6. Anonymous Member

    I'll be checking back in about 20 years.
  7. av0n Member

    no it isn't, but it is open source if thats what you mean by getting creative people together.
    This is not for quasi-illegal activity. Although I would hope there will be a higher level of trust down the line as all our code is transparent.
    @dmx the ip hashes arn't not meant to be secure, just not plain text readable, and SSL is very much alive.
  8. Anonymous Member

    holy shit this looks great
  9. av0n Member

    thank you :)
  10. dmx Member

    $q2 = "SELECT userlevel FROM users WHERE username='$_COOKIE[userID]' AND userlevel >= 2"; //makes sure has clearence or is breaking in. I just need to edit my cookies to add something like ' or 1 = 1; <insert malicous sql here> -- and I have owned your server. hint: Use session variables rather than directly fumblefucking with cookies.

    Plus numerous instances of just assuming the mysql_escape_chars will be protection enough

    I can not repeat this enough. Use prepared statements. Use prepared statements. Use prepared statements. These are *much* harder to hack.

    And for god sake NEVER just blindly insert shit coming from the far end dude. Seriously.
    • Like Like x 1
  11. Anonymous Member

    I love it when I can clearly hear the sounds of sanity expressed in the vast digital wilderness.
  12. Anonymous Member

    use whitlist
    dotn try shit with blacklist input.
    its a horror trip you never can win.
    HTML5 makes its even moar funny
  13. dmx Member

    if (in_array($_GET['view'], $files)) { //if the file exists
    echo '<br>';
    include ('articles/' . $_GET['view'] . '.html');
    echo '<br>';
    Please tell me $files is not going to eventually be dynamic+user supplied? :(

    I don't know of a working exploit around your array check, but passing an unfiltered get paramater DIRECTLY into a file path is ALWAYS a bad idea. No exceptions.

    (Hint: Until then this is much safer
    files = {'article':'article1.html','article2','article2.html', etc etc}
    if (array_key_exists($FILES,'$_GET['view']) {
       include ('articles/'. $FILES['$_GET['view']]);

    Note: I havent coded PHP in years, so my memory of its syntax is a bit wobbly.
  14. Herro Member

    • Like Like x 4
  15. Anonymous Member

    A whole herd of nerds...
  16. anonymous612 Member

    • Like Like x 2
  17. Anonymous Member

    • Like Like x 1
  18. Dragononymous Member

    Woow what?
    Herro + present = Good?
    What did I miss..
  19. Zak McKracken Member

    I think this guy has the chops, and might even be willing to help if you can find him.

    • Like Like x 2
  20. Herro Member

    I'm sleeping with av0n. This entire thread has been nothing but sexual innuendo.
  21. Dragononymous Member

    Shouldnt it be like this;
    Herro receiving present = Good
  22. av0n Member

    it isn't going to be dynamic user supplied data, also it is only passed to a file path when it is the same as a file name. Also at pointing out the unfilter cookie, thank you, if you've signed up i'd give you a contrib badge.

    @herro's present I had to look long and hard for it
  23. dmx Member

    Ok, its very important that a user can never supply the name of the file if your doing it this way, because there are a lot of potential ways to break this. I'd strongly recomend moving the flat file includes to a database record, because if somone sets a filename to '../../../../etc/passwd or something ,you could end up in deep trouble.

    The method I've given makes sure that the supplied input *never* comes into contact with the filesystem, but a database backed system would be even better.

    Naturally I'm assuming your media input is being checked for a whitelisted list of mime and file extension types, but I will add to make sure that the directories they are stored in do NOT have access to the php/etc interpreters, or you *will* be owned (I learned this the hard way!)

    And yeah, I do strongly suggest migrating to prepared statements (Or prepared statements and stored procedures if you want to be REALLY fast and secure). Its a pretty easy process (Just grep for your various SQL clauses and then start moving across, because its a mile more secure to use, and its actually a little bit faster under the hood. Remember , in the world of chans, theres a LOT of dipshits who will think nothing of owning you for lulz, with a fraction of those dipshits actually being rather talented at such owneage.
  24. av0n Member

    Thankyou very much for the response. I've looked into prepared statements a couple times but have never had the time to convert all of my queries over (that's a lot of time when a 'htmlspecialchars(mysqli_real_escape_string(' would suffice). Also are you refering to the .gif exploit?

    The uploaded files are checked for white listed mime types (you can view the php file at if interested).
  25. Anonymous Member

    And all this faggotry can't happen in PMs? Amazing.
    • Like Like x 1
  26. Anonymous Member

    case 'text/plain' : $ext=".txt";break;
    case 'application/pdf' : $ext=".pdf";break;
    case 'application/msword' : $ext=".doc";break;
    case 'audio/mpeg' : $ext=".mp3";break;
    case 'application/x-bittorrent' : $ext=".torrent";break;
    case 'image/jpeg' : $ext=".jpg"; break;
    case 'image/png' : $ext=".png"; break;
    case 'image/gif' : $ext=".gif"; break;
    case 'video/x-flv' : $ext=".flv"; break;
    Why would flash files be allowed when there is a currently exploited Flash vulnerability out in the wild?
    Also, it's missing genuine mimetypes that all modern browsers play natively:
    and given the current native support:
  27. av0n Member

    I believe the flash vulnerability was recently patched, Also I'll look into the link and adding some mime types
  28. Smurf Member

    • Like Like x 2
  29. Anonymous Member

    • Like Like x 1
  30. av0n Member

    accidental prescription overdose, which is about as vague as it gets.
    • Like Like x 1
  31. Robocat Member

    No thank you.
  32. Dragononymous Member

    Say whut?
    well you are OP so that explains alot in this thread..
  33. DeathHamster Member

    That Wiki article is full of AIDS, cancer and faggotry.
  34. Anonymous Member

    Because he died of AIDS, cancer and faggotry?
  35. DeathHamster Member

    No, because very few of the references lead to anything that's remotely verifiable.
  36. Dragononymous Member

    Like AIDS, cancer and faggotry?
    • Like Like x 2
  37. Anonymous Member

    flash not so long blitzableiter have a better none asp version for checking flashfiles
    svg+xml dont open the hell door. or is there a good whitlist?
  38. Anonymous Member

    case 'application/pdf' : $ext=".pdf";break;
    case 'application/msword' : $ext=".doc";break;

    dont do this, or you cant to start da maleware dump
  39. over9000OT Member

    You need to optimize yer site for viewing on Netscape. I found some sweet white papers describing php but that's probably a fad so I wouldn't get too excited about that. Have you herd about these new "dynamic elements" that are about to come out? They are going to be da bomb. I also hear that some of the moar advanced sites are using animated .gifs. Check 'em. Angelfire and Geocities have some pretty awesum online html (that's hypertext markup language for you newbs!) designs. You could totally have a crazy mouse cursor shaped like a dong or something.
    • Like Like x 3
  40. Zak McKracken Member

    So, between him and Herro, who would you choose to secure your site from Scientologists?

    It hasn't even got a leg to stand on.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins