Jump to content
vBWarez - Rest In Peace

Vbwarez - Exploit


Recommended Posts

You guy's have an exploit here:
https://vbwarez.net/forumdisplay.php?daysprune=12345%27%22\%27\%22%29;|]*%00{%0d%0a%3C%00%3E%bf%27%27%C3%B0%C5%B8%E2%80%99%C2%A9&f=12&order=asc&page=1&pp=20&s=&sort=title

If I exploit into it more, I will be able to get your Mysql password.
Link to post
Share on other sites
[quote name='TeamDx']You guy's have an exploit here:
https://vbwarez.net/forumdisplay.php?daysprune=12345%27%22\%27\%22%29;|]*%00{%0d%0a%3C%00%3E%bf%27%27%C3%B0%C5%B8%E2%80%99%C2%A9&f=12&order=asc&page=1&pp=20&s=&sort=title

If I exploit into it more, I will be able to get your Mysql password.[/QUOTE]

If you a hacker, do it, don't wast your time.

Funny.
Link to post
Share on other sites
[quote name='TeamDx']You guy's have an exploit here:
https://vbwarez.net/forumdisplay.php?daysprune=12345%27%22\%27\%22%29;|]*%00{%0d%0a%3C%00%3E%bf%27%27%C3%B0%C5%B8%E2%80%99%C2%A9&f=12&order=asc&page=1&pp=20&s=&sort=title

If I exploit into it more, I will be able to get your Mysql password.[/QUOTE]



Whoever you are, I have no idea, nor do I care. You're ridiculous. I won't tell you what I've accomplished (which I still regret) but I'll tell you this much, please for the love of all things pretty, pink, and nonverbal; go troll elsewhere. You're disrupting our fine community. Note, I'm not attempting to "mini mod" here just telling you my humble opinion. Man I hope the admins get hold of you and ban you. Not to mention your English is a little off the mark "if I exploit into it more..." Most of my good friends from other countries can make a more convincing threat, and English is not their primary language.
Link to post
Share on other sites
  • Admin
[CODE]https://vbwarez.net/forumdisplay.php?daysprune=12345'"\'\"); |]*�{
<�>�''💠©&f=12&order=asc&page=1&pp=20&s=&sort=title[/CODE]

k you just add new line to the daysprune parameters which actually generates a fatal user error.

Nothing to do with sql.

edit: now stop trolling because [COLOR=#ff0000]you are bad at it[/COLOR] and get into the community, or just go away. :russian1:
Link to post
Share on other sites
[quote name='UnstucK'][CODE]https://vbwarez.net/forumdisplay.php?daysprune=12345'"\'\"); |]*�{
<�>�''💠©&f=12&order=asc&page=1&pp=20&s=&sort=title[/CODE]

k you just add new line to the daysprune parameters which actually generates a fatal user error.

Nothing to do with sql.[/QUOTE]

Way to stick it to em UnstucK! LOL :-)
Link to post
Share on other sites
Actually, what he was doing is warning that a really, really old database exploit (may have) still existed on this forum (or any prior to 5.0).
It took advantage of a non-protected data dump.
By injecting control codes into the dump it would cause the SQL to display data outside the normal range, including user passwords.
In vB 5+ a trap was added to prevent this sort of exploit (even though they failed to do it on many other files which have led to current exploits).
The poorly coded PHP scripts however can be blocked from exploits simply by securing your SQL server to accept calls only from the localhost and not accepting non-standard ASCII.
In doing so, all non alpha-numeric code is simply changed to a question-mark.
As there is no justified reason to have non alpha-numeric code within an URL, HTML masking could also be imposed on the HTTP/s server.
Many Apache servers come packaged with this security feature activated.

It really is amusing from a coding and security view point because these exploits are really little more than classic ANSI Bombs, some of the oldest forms of coding exploits and something which can only happen by bad programming today.
Link to post
Share on other sites
[quote name='Snail']Actually, what he was doing is warning that a really, really old database exploit (may have) still existed on this forum (or any prior to 5.0).
It took advantage of a non-protected data dump.
By injecting control codes into the dump it would cause the SQL to display data outside the normal range, including user passwords.
In vB 5+ a trap was added to prevent this sort of exploit (even though they failed to do it on many other files which have led to current exploits).
The poorly coded PHP scripts however can be blocked from exploits simply by securing your SQL server to accept calls only from the localhost and not accepting non-standard ASCII.
In doing so, all non alpha-numeric code is simply changed to a question-mark.
As there is no justified reason to have non alpha-numeric code within an URL, HTML masking could also be imposed on the HTTP/s server.
Many Apache servers come packaged with this security feature activated.

It really is amusing from a coding and security view point because these exploits are really little more than classic ANSI Bombs, some of the oldest forms of coding exploits and something which can only happen by bad programming today.[/QUOTE]

I learned something today.
Link to post
Share on other sites
Glad this old dog could teach some youngsters a few old tricks ;)

For those who inquired by PM as to, What is an ANSI Bomb? I give this response.

I was a little surprised by the question until I realized that ANSI is something many users today have never seen.
It is OLD SCHOOL computers.
I know because I was there, and I still run a B.B.S.
I did a quick Google search and was very disappointed in the results.
Most of the results are written by those who have never seen an ANSI Bomb. One person wrote that they go back to the 1990's. Others results call them Trojans and Virii. This is all wrong!

I did find one result that comes close, yet it is still badly lacking.

[QUOTE]
ANSI Bomb
gay ansi art

ANSI Bombs were one of the most common hax in the BBSes, they were used by trolls and by skids.


Contents

1 What are they?
2 Examples
3 See Also
4 Links and Sources

What are they?
Batman??? In my BBS???

ANSI bombs usually change key mapping, delete stuff from computer or spam ANSI art on a BBS. They existed thanks to ANSI.SYS, which was a device driver in the DOS family of operating systems that provides extra console functions through ANSI escape sequences.

In ANSI everything is done with a system of escape codes, the code syntax is like this:

ESC [13;27p

All the commands start with the word ESC (for the retards: it doesn't mean escape) followed by a "[", after it is where the code is placed. The previous would change the Enter key (13 in ANSI) to the Escape key (27 in ANSI), the "p" means that its the end of the command. You can find the full list of key codes here.

The same method can be used for massive text spamming, by changing the 27 to "LOLDONGS" for example, once you click Enter it would print LOLDONGS into the console. A more elaborate thing could be used to print gay coloured ANSI art. And also you can delete stuff from the computer by doing something like this:

ESC [13;"Del *.*";13p


Examples
Please, help the duck

The following ANSI BOMB will make that once the user types Enter, the thing he submitted gets automatically deleted, which will make him to rewrite.

ESC [13;2Kp

The ammount of lulz can increase dramatically if you swap Y/y and N/n keys, since they are the ones used in BBS for registering an account for example.

ESC [78;89;13p ESC [110;121;13p

Butthurt can increase even more by autoreproducing the bomb with a batch script that copies itself to the root of the computer, so it will run every time you turn on the PC and will scare the shit out of the faggot user.

ESC [13;27;13;"copy bomb.ans c:";13;"copy con c:\autoexec.bat";13;"type bomb.ans";13;0;109;13;"cls";13p

The worm can be easily cleaned by going to the folder where it is and deleting it, but if you go back to the same BBS where you got it, it will come back.


[/QUOTE]

1. A trojan is an injected program, not injected code.
2. A virus is a piece of code that is damaging. Most ANSI Bombs were merely annoying.
3. ansi.sys was replaced with nansi.sys which filters harmful codes and is still used in DOS emulators.
4. An ANSI Bomb is closer related to TELNET control codes. This is why if you look at the above examples, you will see a similarity in the exploit code used in the URL sent to the PHP files that access the SQL server. In short, it is injected control codes.

This method of code injection has been around since DOS ruled, and that goes back to the early 1980's (not late 1990's).
Even by 1983 the ANSI driver had been well in use for nearly a year and covered by magazines. This driver gave colour and simple graphics to TELNET which gave remote hardware access to computers and equipment.
[QUOTE]
PC Magazine - Nov 1983 - Page 559
The first step is to get the ANSI.SYS program loaded into the computer by creating a configuration file called "CONFIG.SYS" ...
[/QUOTE]

The evolution of computers, URL (command line) to PHP (OS) to SQL (a virtual server) after more than a quarter century still hasn't plugged these exploits because programmers have become so lazy they don't error trap their code any more or are so oblivious to computer history they repeat the mistakes. Just like in the real world upon which computers are based, he who fails to learn from history is doomed to repeat it. That is something that ought be tattooed onto the programmers for vB ;)
Nearly every exploit of vB in the past 2 years has been a direct result of code injection due to lack of filters/error traps, and, due to users not comprehending how to set up servers to block these age old exploits.

Lesson over kids.
Link to post
Share on other sites
  • Admin
[quote name='fortune']If anything you should all be thanking this guy for discovering this exploit and not ridicule him...[/QUOTE]

1) That's not an exploit
2) Even if it was, posting it in a public thread is just plain stupid.

So since that was not a real exploit & it was posted in public INSTEAD of private messaging the admins which is ... logic.. it sounds more like a threat or e-fame boost rather than "i'm here to help u guyz"

So yea, trolling is trolling, and not necessary here.
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...