SticKyWoX Posted September 13, 2011 Report Posted September 13, 2011 Nu stiu daca este sectiunea buna pentru acest post,dar voi posta aici,cu riscul de a primi un warn.Azi,am purtat o conversatie cu un tip care spune ca nu mai pot sparge un site pe care l-am mai spart anterior.Conversatia arata cam asa:Yps y3 Yk: frateYps y3 Yk: nu saprgeti voi noul sitYps y3 Yk: de la metin2ultiamteYps y3 Yk: iti pun pariuSticKy^IcKy from WwW.WoXGames.CoM: Eu poate nu-l sparg,dar altii il sparg Yps y3 Yk: nu poate nimeniSticKy^IcKy from WwW.WoXGames.CoM: ce sa nu poata?Yps y3 Yk: sa spargaYps y3 Yk: situSticKy^IcKy from WwW.WoXGames.CoM: ok,postez asta pe rstcenter,si vedem Este vorba despre site-ul de mai jos:http://mt2ultimate.roEste site-ul unui server de metin.Prin spargerea site-ului as vrea sa intelegeti doar extragerea bazei de date,nimic mai mult.Am inteles ca dedicatul pe care sunt puse site-ul si serverul,implicit si baza de date,are niste scripturi foarte tari,ce detecteaza aproape orice tip de atac.Va provoc sa extrageti baza de date a serverului si sa o atasati la un fisier .txt/.php/.html ,nu are importanta.Eu unul cred ca veti reusi,Celalalt tip din discutie nu prea crede asta...Voi ce ziceti? Quote
M1Nu Posted September 13, 2011 Report Posted September 13, 2011 nu cred ca va incerca cineva de aici sa sparga site-ul doar pentru ai dovedi baietasului aluia ca poate fi spart.... Quote
Zatarra Posted September 13, 2011 Report Posted September 13, 2011 14. Cererile de tipul:a) "Imi sparge cineva id yahoo/hotmail?" "Imi sparge cineva site-ul xxx.com?"NU sunt tolerate decat in rubrica "Trade". Daca vi se cer bani sau ceva la schimb pentru aceste servicii ori platiti, ori inchideti subiectul.Read the fucking rules! Quote
LLegoLLaS Posted September 13, 2011 Report Posted September 13, 2011 platesti pe cineva si ti-l ''sparge'' Quote
SticKyWoX Posted September 13, 2011 Author Report Posted September 13, 2011 10 euro cui il sparge.Rog un moderator sa mute topicul xD. Quote
bambsy*wtf Posted September 13, 2011 Report Posted September 13, 2011 ofer 20euro sau 2milioane cine pote sparge situl add yps_y3 Quote
ROFL Posted September 13, 2011 Report Posted September 13, 2011 Ti-l sparg/rup/indoi/distrug pentru pesmet in valoare de 100E.Vreau mai intai dovada ca detii pesmetul. Quote
xpaulx Posted September 13, 2011 Report Posted September 13, 2011 (edited) Un path disclosure daca ajuta pe cineva:Information:error message: PHP warning in file /home/mtultima/public_html/board/wcf/lib/system/database/MySQLDatabase.class.php (231): mysql_real_escape_string() expects parameter 1 to be string, array givenerror code: 0file: /home/mtultima/public_html/board/wcf/lib/system/WCF.class.php (281)php version: 5.3.6wcf version: 1.1.7 (Tempest)date: Tue, 13 Sep 2011 19:20:13 +0000request: snipreferer:Stacktrace:#0 [internal function]: WCF::handleError(2, 'mysql_real_esca...', '/home/mtultima/...', 231, Array)#1 /home/mtultima/public_html/board/wcf/lib/system/database/MySQLDatabase.class.php(231): mysql_real_escape_string(Array, Resource id #28)#2 /home/mtultima/public_html/board/wcf/lib/core.functions.php(19): MySQLDatabase->escapeString(Array)#3 /home/mtultima/public_html/board/wcf/lib/system/session/Session.class.php(101): escapeString(Array)#4 /home/mtultima/public_html/board/wcf/lib/system/session/SessionFactory.class.php(98): Session->__construct(Array)#5 /home/mtultima/public_html/board/wcf/lib/system/session/SessionFactory.class.php(68): SessionFactory->getExistingSession(Array)#6 /home/mtultima/public_html/board/lib/system/WBBCore.class.php(200): SessionFactory->get()#7 /home/mtultima/public_html/board/wcf/lib/system/WCF.class.php(98): WBBCore->initSession()#8 /home/mtultima/public_html/board/global.php(18): WCF->__construct()#9 /home/mtultima/public_html/board/index.php(7): require_once('/home/mtultima/...')#10 {main} Edited September 13, 2011 by xpaulx Quote
SticKyWoX Posted September 13, 2011 Author Report Posted September 13, 2011 Eu am incercat cu havij.Nu mai merge...ieri mergea xD.Dar a schimbat sursa xD.p3tru,nu cred ca era cazu` sa spui "voi".E unul singur .Luati legatura cu tipu` ala care zice ca ofera 20 euro.Rog un moderator sa inchida topicul xD. Quote
sTn* Posted September 13, 2011 Report Posted September 13, 2011 date-n pula noastraImi place de tine ca nu esti egoist Quote
p3tru Posted September 14, 2011 Report Posted September 14, 2011 Imi place de tine ca nu esti egoist Ori suntem o comunitate ori numai suntem Quote
SticKyWoX Posted September 14, 2011 Author Report Posted September 14, 2011 Mie nu-mi pare deloc vulnerabila la xss,e adevarat ca nu le am prea bine,dar am incercat cu <script>alert(document.cookie);</script> si nu am obtinut nimic . Quote
zovy52 Posted September 14, 2011 Report Posted September 14, 2011 Daca folosesti Chrome, vezi cu Mozilla... Quote
SticKyWoX Posted September 14, 2011 Author Report Posted September 14, 2011 Multumesc frumos!Merge cu Firefox xD.Ma apuc de invatat xss. Quote
cristiano282 Posted September 16, 2011 Report Posted September 16, 2011 de "spart" site-ul este mai greu dar se poate "pica" relativ repede fara DDoS Quote
Vladorz Posted September 21, 2011 Report Posted September 21, 2011 (edited) un simplu search pe google: Burning Board 3.1.5 exploit (Burning Board 3.1.5 fiind scriptu pe care il folosesc ei la forum) si am gasit: http://board.mt2ultimate.ro/index.php?s[]=FPDEDIT: scuze nu am vazut ca a mai postat cineva ^^ Edited September 21, 2011 by Vladorz Quote
