Since hacking lavalair is scattered like a disease. Im going to reveal some hakworx to alert some newbies and not be played by sum outpatient psychotic hackers.[br/] SQLi is nt only in registration bt also cn b done in HTTP headers like UA, http_x_forward etc etc. Take a look at this query: update table_users set browserm='sqli here' and ip='function getip'; and look at the function getip and analyze how sqli workx wid http header using curl manipulation. One must fix that query since it is nt covered wid magic quotes.
-
-
im pretty much sure dat dz kind of topic/issue/exploit wil be posted on sum1 elses syt or forum and claim it to be theirs. Anyways my concern is for the noobs lyk me not on sum bunch of clowns. -
Yeah mobileGIGs wrote this in forums a long time ago but his post got ignored. This applies to most of the scripts on here.Comment
-
Yep dat applies to all hu uses HTTP headers to be included in their query widout being sanitizedComment
-
myt i add dz aswell. btw http headers cn also be change using http headers edit tools. more info on gugelComment
-
Hack blah blah hack blah blah. Lava wil always be full of exploits especialy the 1s here. Were theres a will theres a way. I was thinking of makeing the pages more random example domain.com/56t5au5629j2 like that so it changes everytime you refresh. That should do the trick.BakGat
Code:class Counter { public: void Count(); int ReadDisplay(); private: int CurrentCount; };
Back up my hard drive? How do I put it in reverse?My Community
BakGat
sigpicComment
-
how would that stop hacking? you could just copy link address to get the next random folder name ? .... i guess it would help against session stealing but if your going to do that you might aswell make session id constantly change so when people on here boast about stealing a session on your site (no names mentioned) you can just laugh at them.Originally posted by bOrN2pwn View Post
eg:
Start Of Page
session is collected here to see if your logged in.
center of page.
wannabe hacker places a cr@ppy session stealer here.. (php image ...javascript etc)
very end of page
update session id to new session id here ...... making the session the wannabe hacker stole f**king uslessLast edited by something else; 27.05.10, 21:14.Comment
-
Also you can log the old session id .... then if session is posted and if ip doesnt match current ip in database for that old session.... you then have the hackers ip and browser details which u can automatically ban
Comment
-
ah shut up :-/
Changin session per page load is d dumbest idea eva. Wot it means is if i press "back" i wil be logged out cuz d last session is no longer valid. Is dat dumb or wot.Comment
-
Are You Really That Dumb?Originally posted by mobileGIGS View Post
think about it.....
if the session changes to a new session id at the very bottom of the page ..... means it will not be changing any links in the page. which then means im talking about cookies or sessions
So therefore pushing back on your browser keeps you logged in ....
and stops you from stealing a valid session id
(round of applause for GIGsy)Last edited by something else; 28.05.10, 02:54.Comment
-
-
gigs why have you always got to put people down if your so high and mighty coder what the hell are you doing here?Originally posted by mobileGIGS View Post
Isnt it about time you grew up and helped people with there coding instead of say "thats cr@p" thats dumb" "that stupid"
Im not interested in a slanging match with you.... im more interested in helping others code on here.
So either explain why you think my idea is dumb or be immature and have another go at me .... your choice.Comment
-
doesn't suck quite well as you though...Originally posted by shad0wComment
-
f.uck u, u, and oh you too. ;-)
I help when its necessary, nt like nw. And kev u shudnt be even talkn considerin u got a team who cant even spot a crevice in ur script even if it hit them in the face.Comment
-
Session stealing is old and most of the scripts me and rider shared you cant hack the session. The reason why i wana make a page display as random numbers and letters is because it wil be impossible to figure out staff pages. Like who ever posted in shout. Sum1 is changing posts and perms means theres a back door in the staff pages probaly a exit() missing like usual thats how people share the script then by hacking it they think their leet haha hacking your own script makes you a common moron...BakGat
Code:class Counter { public: void Count(); int ReadDisplay(); private: int CurrentCount; };
Back up my hard drive? How do I put it in reverse?My Community
BakGat
sigpicComment
Comment