User Controls

ATTN: Lanny

  1. #1
    Sophie Pedophile Tech Support
    So i was kind of bored and when i am i usually default to checking the sec of the website i'm on for the lulz so i wanted to see if i could upload a php shell through your attachements option. Now obviously it enhancements on filetype so i fired up my intercepting proxy to see if i could tamper with the request. Well i did.



    Now i'm not a webdev or anything but i thought this might help me out, it did not unfortunately, which is good i suppose.



    That's pretty interesting, now since you know webdev i was hoping you could tell me how your website knows i am lying in my request when i say it's an image/jpeg when it's actually a php shell. It's probably pretty obvious to you but not so much to me, teach me the ways of the force lan.
  2. #2
    SpectraL, are you taking notes?
  3. #3
    Lanny Bird of Courage
    So the immediate answer is that it was the extension. If you happen to have a copy of vB5 you can see where it errors out in `VB_ROOT/core/includes/class_upload.php`, line 176. But you could just pick a different extension of course, this early error-out is just there to save transferring a large file just to reject it later. The larger security approach here is that only files with appropriate extensions can be uploaded and any file with one of those extensions is flagged to be served as a static (that is directly transmitted to the client, without invoking the PHP interpreter) so even if you get some custom script uploaded it will only be transferred as a literal file without ever running on the server. Two things I would think a blackhat would need to look out for is a mismatch between the upload whitelist and the "serve as static list". The former is encoded in that file I mentioned before, in the `is_valid_extension` method and the latter in the .htaccess files. A dev could add something to the former but not that latter and that could be a vulnerability. Alternatively some files like javascript are transferred as statics (the server never executes them) but can still be damaging if a client loads them, it's a possible vector for XSS. You have to weasel as `<script src="yourscript.bla">` into a page somehow and that may be possible with a script hosted by me rather than remotely but I can't think of a way to do it (it's possible url construction is non-unique, I've seen that used before, like user files are hosted from `/` so if a user uploads like "index.html" requests to `/index.html` could be routed to the statics first and allow for XSS. Building urls like that would be considered a fairly novice mistake but it still happens). But then maybe that's why I'm not a security professional.
  4. #4
    Chios Honey African Astronaut
    is this post about hacking forums? doesn't he require your password and admin name or do you use Lanny/1234 for your admin login?
    The following users say it would be alright if the author of this post didn't die in a fire!
  5. #5
    totse2118 Space Nigga [my ci light-haired pongee]
    wb
  6. #6
    Migh Houston
    Oh I thought Sophie was back for a second.
  7. #7
    Lanny Bird of Courage
    Originally posted by Chios Honey is this post about hacking forums? doesn't he require your password and admin name or do you use Lanny/1234 for your admin login?

    Yeah except I’d never use such an easy to guess password. That’d be super insecure. Instead I use a secure password, specifically “tedgrundersoneatsbabies”
    The following users say it would be alright if the author of this post didn't die in a fire!
  8. #8
    Chios Honey African Astronaut
    Originally posted by Lanny Yeah except I’d never use such an easy to guess password. That’d be super insecure. Instead I use a secure password, specifically “tedgrundersoneatsbabies”

    So how did this Sophie log onto your admin account to change things? are you Sophie?
  9. #9
    totse2118 Space Nigga [my ci light-haired pongee]
    Originally posted by Chios Honey So how did this Sophie log onto your admin account to change things? are you Sophie?

    yes that's my alternative account
    https://niggasin.space/thread/82115

    Originally posted by totse2118 muh alternatives

    facks machines



    fungazis and the fun bunch
    lous pizza
    #lilsportyshomelife
  10. #10
    Kafka sweaty
    Chios is targeting pedos, messaged me some crazy shit.
  11. #11
    Kafka sweaty
    They also indicated they aren't alone.
  12. #12
    Kafka sweaty
    Also this is Aldra's doing.
  13. #13
    mmQ Lisa Turtle
    you are the forum gaslighter and nobody is falling for it , ya heard
  14. #14
    Bradley Florida Man
    Lanny is easily in the top 100 of coolest members of our community.
  15. #15
    Lanny Bird of Courage
    Originally posted by Chios Honey So how did this Sophie log onto your admin account to change things? are you Sophie?



    Originally posted by Kafka Chios is targeting pedos, messaged me some crazy shit.

    You are both more retarded than you’ll ever know
  16. #16
    Speedy Parker Black Hole
    Originally posted by Bradley Lanny is easily in the top 100 of coolest members of our community.

    There is not 100 people here dumbass
  17. #17
    Originally posted by Speedy Parker There is not 100 people here dumbass

    That’s the joke you moron
    The following users say it would be alright if the author of this post didn't die in a fire!
  18. #18
    Speedy Parker Black Hole
    Originally posted by frala That’s the joke you moron

    Don't you have some rolls to tuck?
  19. #19
    Lanny Bird of Courage
    Originally posted by Speedy Parker Don't you have some rolls to tuck?

    I don’t know why I was expecting a better response from a double digit IQ poster like yourself, but I was.
  20. #20
    Speedy Parker Black Hole
    Originally posted by Lanny I don’t know why I was expecting a better response from a double digit IQ poster like yourself, but I was.

    Proof that you talk to yourself with a pretend girlfriend
Jump to Top