vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Secure your vBulletin board (https://vborg.vbsupport.ru/showthread.php?t=35346)

TECK 02-23-2002 04:48 AM

ok, today i helped ptbyjason to take control again over his hacked board.
https://vborg.vbsupport.ru/showthrea...threadid=35339

while playing, i discovered a way to add myself as admin to any VB board, if i'm able to call the path from the server. FireFly, i want to email you the php file i made. email me so i can send you the file and you can look at it.

the solution is to change the permissions for the admin folder in a way that if any file is called from outside of the server, to display a show_nopermission error message.

UPDATE:
in /admin/config.php add this code, at the top:
PHP Code:

if(!strstr("$_SERVER[PATH_TRANSLATED]""$_SERVER[DOCUMENT_ROOT]")) {
  die();


that should prevent to run a script from outside your server. thanks PPN. ;)

TECK 02-23-2002 08:55 AM

try this:

make a info.php file with the code listed below and place it in your root:
PHP Code:

<?php

phpinfo
();

?>

i wonder if it is extremly easy to find out what is someone's path and manipulate his(her) board. what i can do, is make a directory for dynamic content (let's call it "dynamic"), and put in an .htaccess file that has the line:
PHP Code:

ForceType application/x-httpd-php 

in it. this will force all accesses from that directory to be processed as a PHP script. then I can just write a PHP script called, say, script (note, not script.php, just script), so if i call the path:
PHP Code:

http://domain.com/dynamic/script/this/is/all/fake/path/ 

after i call that path, i can check the variable $REQUEST_URI in PHP and strip off everything after /dynamic/script/, and that is the information i want...

you know what? all this info i found it on google.com.

Scott MacVicar 02-23-2002 09:33 AM

nakkid, email it to me and I'll look at it straight away. I don't think you can do this without FTP access though, and if mysql is setup correctly you shouldn't be able to access it via another server.

Lesane 02-23-2002 09:34 AM

I also think that this is not possible without uploading a file into that ftp account.....

TECK 02-23-2002 09:40 AM

hmm how do you explain the problem ptbyjason had? the hacker didnt have access as admin to his board.. he did it from another server!! we need to change the permissions.. is a fact. read the post where i helped jason...

TECK 02-23-2002 09:51 AM

ok, i emailed you the script PPN... do you know a way to don't let any file be called from outside of /admin dir? let me know. i'm not good with permissions.

Scott MacVicar 02-23-2002 09:55 AM

If he had access on the server, if it was a shared server? Then yes this happens, there is nothing that can be done about this if the permissions are not set correctly by the host then other users can read other users files.

TECK 02-23-2002 09:58 AM

i know i read somewhere about this type of permission, not to let call a script from outside the domain. that's where i need to focus on.. this is where the problem resides..

Scott MacVicar 02-23-2002 10:00 AM

Simpliest way to do something like this is use

PHP Code:

if(!strstr("$_SERVER[PATH_TRANSLATED]""$_SERVER[DOCUMENT_ROOT]")) {
die();


If the document root path is not found in the script filename path then exit the script. This means the script would have to had been executed above the users document root, so if you have /home/username/public_html then the script would have had to be executed in any of these folders. You can add this to the top of config.php but I don't see a point personally.

TECK 02-23-2002 10:07 AM

ok. can you make a quick hack? so we all can add it to the /admin folder? thanks.


All times are GMT. The time now is 12:32 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01049 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete