Not your website. The website you were somehow accusing of being shit based on it's lack of interesting information when obviously hacktalk is a plethora of information, expertise and semen samples.
On Fri, Dec 21, 2012 at 2:44 PM, Luis Santana <[email protected]> wrote: > Lulz? Sorry bro but uh, the main page runs SMF not WeBid so I'm not really > too sure where you pulled that from. Good job though, maybe santa will give > you some of his cookies for your effort. > > > On Dec 21, 2012, at 5:26 AM, Benji <[email protected]> wrote: > > Also genius, I know you're quick to kick things down because you are > inept. However, I'd say after my whole 10 minute review of that code and a > simple check with PHP that, that site is vulnerable to SQLi and by the look > of it. > > If we take a look at latest WeBid code, specifically selleremails.php, we > see them doing an array_merge from $_POST to $user>user_data (user_data > being a trusted array it would appear). > > include 'includes/common.inc.php'; > > if (!$user->is_logged_in()) > { > $_SESSION['REDIRECT_AFTER_LOGIN'] = 'selleremails.php'; > header('location: user_login.php'); > exit; > } > > // Create new list > if (isset($_POST['action']) && $_POST['action'] == 'update') > { > $query = "UPDATE " . $DBPrefix . "users SET endemailmode = '" . > $system->cleanvars($_POST['endemailmod']) . "', > startemailmode = '" . $system->cleanvars($_POST['startemailmod']) . "', > emailtype = '" . $system->cleanvars($_POST['emailtype']) . "' WHERE id > = " . $user->user_data['id']; > $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); > $ERR = $MSG['25_0192']; > $user->user_data = array_merge($user->user_data, $_POST); //update the > array > } > > After staying up all night and working through this code, I came up with > this test case: > <?php > $array1 = array("color" => "red"); > $array2 = array("color" => "test"); > $result = array_merge($array1, $array2); > print_r($result); > ?> > Array > ( > [color] => test > ) > > So as we can overwrite any array value, we have SQLi across the > application. Maybe a first 0day for hacktalk.net? > > I will take your 'hella l33t', print it out, and then shit on it. > > Suck my dick. > > > On Fri, Dec 21, 2012 at 10:12 AM, Benji <[email protected]> wrote: > >> You say "n00bz" welcome, where is my assistance and the warm atmosphere >> to embrace me into the world of script kiddy-ism? Oh, and the obvious >> literary genius. >> >> >> On Fri, Dec 21, 2012 at 8:25 AM, Luis Santana <[email protected]>wrote: >> >>> Hella l33t bro, you can read an email address. Much propz >>> >>> >>> On Dec 21, 2012, at 3:22 AM, Benji <[email protected]> wrote: >>> >>> in other news, have you heard of the super cool site hacktalk.net where >>> they almost have 1000 members? >>> >>> >>> On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana <[email protected]>wrote: >>> >>>> Not a single fucking exploit on the entire site. gg sir, gg >>>> >>>> >>>> On Dec 10, 2012, at 2:17 PM, [email protected] wrote: >>>> >>>> > In Deep Web has created a new online site a few days ago that allows >>>> you >>>> > to sell even exploits, malware, etc. etc.. >>>> > The site works like Ebay so everything is auctioned. >>>> > >>>> > you can get from tor: http://qatuopo4wmzkirlo.onion >>>> > >>>> > Or by proxy (tor2web): https://qatuopo4wmzkirlo.tor2web.org >>>> > >>>> > _______________________________________________ >>>> > Full-Disclosure - We believe in it. >>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >>> >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
