ATTN: Lanny

1. 2015-08-30 at 8:08 PM UTC

   #1
   

   Sophie Pedophile Tech Support
   So i was kind of bored and when i am i usually default to checking the sec of the website i'm on for the lulz so i wanted to see if i could upload a php shell through your attachements option. Now obviously it enhancements on filetype so i fired up my intercepting proxy to see if i could tamper with the request. Well i did.
   
   
   
   Now i'm not a webdev or anything but i thought this might help me out, it did not unfortunately, which is good i suppose.
   
   
   
   That's pretty interesting, now since you know webdev i was hoping you could tell me how your website knows i am lying in my request when i say it's an image/jpeg when it's actually a php shell. It's probably pretty obvious to you but not so much to me, teach me the ways of the force lan.
2. 2015-08-30 at 8:10 PM UTC

   #2
   The Self Taught Man Black Hole
   SpectraL, are you taking notes?
3. 2015-08-30 at 10:31 PM UTC

   #3
   

   Lanny Bird of Courage
   So the immediate answer is that it was the extension. If you happen to have a copy of vB5 you can see where it errors out in `VB_ROOT/core/includes/class_upload.php`, line 176. But you could just pick a different extension of course, this early error-out is just there to save transferring a large file just to reject it later. The larger security approach here is that only files with appropriate extensions can be uploaded and any file with one of those extensions is flagged to be served as a static (that is directly transmitted to the client, without invoking the PHP interpreter) so even if you get some custom script uploaded it will only be transferred as a literal file without ever running on the server. Two things I would think a blackhat would need to look out for is a mismatch between the upload whitelist and the "serve as static list". The former is encoded in that file I mentioned before, in the `is_valid_extension` method and the latter in the .htaccess files. A dev could add something to the former but not that latter and that could be a vulnerability. Alternatively some files like javascript are transferred as statics (the server never executes them) but can still be damaging if a client loads them, it's a possible vector for XSS. You have to weasel as `<script src="yourscript.bla">` into a page somehow and that may be possible with a script hosted by me rather than remotely but I can't think of a way to do it (it's possible url construction is non-unique, I've seen that used before, like user files are hosted from `/` so if a user uploads like "index.html" requests to `/index.html` could be routed to the statics first and allow for XSS. Building urls like that would be considered a fairly novice mistake but it still happens). But then maybe that's why I'm not a security professional.
4. 2023-09-02 at 9:56 PM UTC

   #4
   

   Chios Honey African Astronaut
   is this post about hacking forums? doesn't he require your password and admin name or do you use Lanny/1234 for your admin login?
   The following users say it would be alright if the author of this post didn't die in a fire!

   • I Live In Your Crawlspace Secretly4
5. 2023-09-02 at 10:35 PM UTC

   #5
   

   totse2118 Space Nigga [my ci light-haired pongee]
   wb
6. 2023-09-02 at 11:09 PM UTC

   #6
   

   Migh Houston
   Oh I thought Sophie was back for a second.
7. 2023-09-02 at 11:15 PM UTC

   #7
   

   Lanny Bird of Courage

   Originally posted by Chios Honey is this post about hacking forums? doesn't he require your password and admin name or do you use Lanny/1234 for your admin login?

   
   Yeah except I’d never use such an easy to guess password. That’d be super insecure. Instead I use a secure password, specifically “tedgrundersoneatsbabies”
   The following users say it would be alright if the author of this post didn't die in a fire!

   • Meikai
8. 2023-09-02 at 11:42 PM UTC

   #8
   

   Chios Honey African Astronaut

   Originally posted by Lanny Yeah except I’d never use such an easy to guess password. That’d be super insecure. Instead I use a secure password, specifically “tedgrundersoneatsbabies”

   
   So how did this Sophie log onto your admin account to change things? are you Sophie?
9. 2023-09-02 at 11:44 PM UTC

   #9
   

   totse2118 Space Nigga [my ci light-haired pongee]

   Originally posted by Chios Honey So how did this Sophie log onto your admin account to change things? are you Sophie?

   
   yes that's my alternative account
   https://niggasin.space/thread/82115
   
   

   Originally posted by totse2118 muh alternatives
   
   facks machines
   
   
   
   fungazis and the fun bunch
   lous pizza
   #lilsportyshomelife

10. 2023-09-03 at 12:27 AM UTC

    #10
    Kafka sweaty
    Chios is targeting pedos, messaged me some crazy shit.
11. 2023-09-03 at 12:28 AM UTC

    #11
    Kafka sweaty
    They also indicated they aren't alone.
12. 2023-09-03 at 12:32 AM UTC

    #12
    Kafka sweaty
    Also this is Aldra's doing.
13. 2023-09-03 at 12:45 AM UTC

    #13
    

    mmQ Lisa Turtle
    you are the forum gaslighter and nobody is falling for it , ya heard
14. 2023-09-03 at 1:05 AM UTC

    #14
    

    Bradley Black Hole
    Lanny is easily in the top 100 of coolest members of our community.
15. 2023-09-03 at 3:17 AM UTC

    #15
    

    Lanny Bird of Courage

    Originally posted by Chios Honey So how did this Sophie log onto your admin account to change things? are you Sophie?

    
    
    
    

    Originally posted by Kafka Chios is targeting pedos, messaged me some crazy shit.

    
    You are both more retarded than you’ll ever know
16. 2023-09-03 at 4:12 AM UTC

    #16
    

    Speedy Parker Black Hole [my absentmindedly lachrymatory gazania]

    Originally posted by Bradley Lanny is easily in the top 100 of coolest members of our community.

    
    There is not 100 people here dumbass
17. 2023-09-03 at 4:14 AM UTC

    #17
    

    frala Avant garde shartist

    Originally posted by Speedy Parker There is not 100 people here dumbass

    
    That’s the joke you moron
    The following users say it would be alright if the author of this post didn't die in a fire!

    • Lanny, 
    • mmQ
18. 2023-09-03 at 4:17 AM UTC

    #18
    

    Speedy Parker Black Hole [my absentmindedly lachrymatory gazania]

    Originally posted by frala That’s the joke you moron

    
    Don't you have some rolls to tuck?
19. 2023-09-03 at 4:21 AM UTC

    #19
    

    Lanny Bird of Courage

    Originally posted by Speedy Parker Don't you have some rolls to tuck?

    
    I don’t know why I was expecting a better response from a double digit IQ poster like yourself, but I was.
20. 2023-09-03 at 4:23 AM UTC

    #20
    

    Speedy Parker Black Hole [my absentmindedly lachrymatory gazania]

    Originally posted by Lanny I don’t know why I was expecting a better response from a double digit IQ poster like yourself, but I was.

    
    Proof that you talk to yourself with a pretend girlfriend