From the desk of Samy,
I didn’t want to post anything more today until next week… But this is almost compulsory! My fucking god, sometimes there are websites that make me freak out… How the hell can a so popular website have such a vulnerability?
Talking about SQL Injection is in my blog list now.
What do you think I could do with the following information I’ve just received after sending a VERY SIMPLE attack to the website?
Failed on select title.text, mistake.title, mistake.timecode, media, mistaketext.text, if((mistake.modified3) < (now() - interval 1 year),’yes’,'no’) as yearold, date(mistake.modified3) as date, mistake.type from title, mistake, mistaketext where mistake.id = ” or 1=1′ and mistaketext.id = mistake.id and mistake.title = title.id
Yes… You are right. EVERYTHING.
Reminding that all information (including admin password and so on) is stored in the website DataBase…
Have fun…
…SaMy*^30
ShareThis
From the desk of Samy,
First of all, we should know what SSH is:
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
This means that you may need to access from wherever to either your home-computer or work-computer. Using SSH protocol and Linux on the OS side, it’s easy. Anybody can use this protocol and he will be able to login remotely and execute commands (VNC is a alternative: it uses graphical mode, but data is not encrypted). I wanted to access my home-computer (reasons are besides the point), so I had to install a SSH server on my computer. As it gave me headache due to a silly thing, I’ll show you how you must do that.
(more…)
ShareThis
