lavalair script holes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    People wont share the holes as it will make a mad frenzy on hacking!
    The 2 main injection holes have been wrote in this forum already.
    and the solutions are in here aswell.

    Comment


      #17
      pff.. is there anything to keep in secret??

      some pages doesn't have
      Code:
      mysql_escape_string
      most of them was in older lavalair scripts, main page's.

      if u get number from database, like uid, than query make in intval();
      etc..
      type in adress log-
      Code:
      g sql injection
      Nous Ne Dansos Pas, Nous Sommes Le Danse.!

      Comment


        #18
        i don't know more about c99shell..i think it's a php script right?so, just don't allow php files to be uploaded..or if you want, block php files using your htaccess as what ozzie has posted here..
        Last edited by kiLLeR-eyEd_14; 11.09.09, 10:53.
        My Blog: http://jhommark.blogspot.com
        My Facebook: http://www.facebook.com/jhommark
        My Official Site: http://www.undergroundweb.tk
        My Community Site: http://undergroundwap.xtreemhost.com

        Comment


          #19
          Yeah the secret mafia of lava will concrete your feet and sink u to the bottom of the ocean???? wtf?

          Im just saying that people wont pin-point the holes as it will cause a mass hacking spree

          Comment


            #20
            Originally posted by anderson View Post
            Originally posted by ozziemale31 View Post
            i know how to block c99shell from being used in any upload folder
            ozzie plz share ur experience on it sothat we can know more.
            he already did that..
            you should take a good look into MOBILEZONEZ
            posted by him...
            It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
            ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
            ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
            キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

            Comment


              #21
              u better check all of ur folders, think y some script here are hacked from other site? Even they dont know ur cpanel login details but uploaded the backdoor key, you wil be hacked... im only sharing this coz im a victim of this. and the hacker forgot to remove that tools.
              Last edited by tres; 11.09.09, 23:28.

              Comment


                #22
                Ozzie try to visit my site and try to hack my session or my members sessions and see what message will prompt! tnt.

                Comment


                  #23
                  Originally posted by kuklux View Post
                  Ozzie try to visit my site and try to hack my session or my members sessions and see what message will prompt! tnt.
                  Ozzie will hack your site a piece of piss lol

                  Comment


                    #24
                    lol

                    Comment


                      #25
                      Originally posted by kiLLeR-eyEd_14 View Post
                      i don't know more about c99shell..i think it's a php script right?so, just don't allow php files to be uploaded..or if you want, block php files using your htaccess as what ozzie has posted here..
                      hackers change the extesinn of c99shell script.. E.G. a.php.Jar or a.php.nth
                      LESS TALK. LESS MISTAKE.

                      HTTP://APPSROB.COM - LIST OF MY FACEBOOK APPS!

                      Comment


                        #26
                        Originally posted by robzky View Post
                        hackers change the extesinn of c99shell script.. E.G. a.php.Jar or a.php.nth
                        i dnt understand how a php file will work if its extension changed to jar.,plz explain
                        she is beautifull than php.and i love her more than php.
                        sigpic

                        Comment


                          #27
                          Originally posted by ranzit2 View Post
                          i dnt understand how a php file will work if its extension changed to jar.,plz explain
                          improper or **** configuration of apache and the mime types thats one reason
                          basic protection is mod_security so use that

                          plus there are many many ways of hacking the script i sent my last lava script before i went to my current one to some european security team and had an audit put on it, cost me 320 euros to do and the results i got were unbelievable

                          i'm not going to share the results reason being the cost it was for me was a lot 1/4 of my monthly wage and a bet many others will do the same here also, but if you are using it don't piss off anybody who can "actually" and not the people here and around other such communities saying i'll hack this and that, i'll murk ya site biatch etc etc

                          no offence to them people but if anyone had the sense to actually send it to a 3rd party you wouldn't be using it any longer

                          just my 2 fat Australian cents there

                          Comment


                            #28
                            ya not fat lloll i seen ya pic :P
                            Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                            Visit: WapMasterz Coming Back Soon!
                            _______
                            SCRIPTS FOR SALE BY SUBZERO
                            Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                            FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                            _______
                            Info & Tips
                            php.net
                            w3schools.com

                            Comment


                              #29
                              Originally posted by ranzit2 View Post
                              i dnt understand how a php file will work if its extension changed to jar.,plz explain
                              try to rename it to filename.php.nth then upload it to ur file manager and browse the file.. gOogle Search 4 c99shell, etc..

                              Comment


                                #30
                                Originally posted by robzky View Post
                                hackers change the extesinn of c99shell script.. E.G. a.php.Jar or a.php.nth
                                the php word is still there..just do a pregmatch of the word..like if(preg_match("/php/i",basename($file))) then invalid extension..Can also use htaccess trick..Just use some head..
                                My Blog: http://jhommark.blogspot.com
                                My Facebook: http://www.facebook.com/jhommark
                                My Official Site: http://www.undergroundweb.tk
                                My Community Site: http://undergroundwap.xtreemhost.com

                                Comment

                                Working...
                                X