Dashboard Articles Playground Discussions More
Follow

is there a security breach ?

ERGY13
8 years ago | edited 8 years ago

0

Hi everyone,

i would suggest you a challenge. I don’t think it will be hard, but interesting.

I’ve made a very simple website, a list of presence for a friend’s birthday. This is in French but with some words in English.

Your mission, if you accept it, is finding a maximum of security breach, how to exploit and how to resolve those, without breaking the server itself, with a minimum of informations.

Good luck

PS : i can give more informations if you really need ;)
PS2 : the server is in production

—– list of informations given —–

  1. The domain is :

    natalia.lunx.ch[/spoiler]

    1. There is an admin repository
      <!- /liste/

  2. Database name :
    [spoiler]vote_natalia -!>

24replies
4voices
331views
ERGY13
8 years ago | edited 8 years ago

0

I just changed the mysql accreditations.
the read user can only read the waned database, and the wrtite user can only SELCT UPDATE DELETE INSERT

dloser
8 years ago | edited 8 years ago

0

Well, there [s]are[/s]were plenty of hashed passwords to be found. Also a weird table about hunting; that one was a bit creepy because it contained a couple of human females as target. oO

ERGY13
8 years ago

0

shhh … it’s personal

ERGY13
8 years ago | edited 8 years ago

0

so, now i updated the mysql accreditations, it is secure, no ?

dloser
8 years ago

0

More secure. Something being ‘secure’ is a very big claim to make. Besides, the entry point is still there; you only limited what can be done with it.

ERGY13
8 years ago | edited 8 years ago

0

so it do the job, and doesn’t let do the rest. i’m pround, i made something what is no hackable by the first came. i don’t say it is military secured but it is better than nothing.

thank you

PS : watching the apache log in live was fun

dloser
8 years ago

0

How was it not hackable?

ERGY13
8 years ago

0

i don’t understand your question

dloser
8 years ago

0

[quote=ERGY13]i made something what is no hackable[/quote]
How do you figure that?

ERGY13
8 years ago

0

i said that is “not hackable by the first came”

i mean, it need a minimum of knowledge and work for hacking this website.

dloser
8 years ago

0

I still have no idea what you are trying to say.

ERGY13
8 years ago

0

kevin, 12 years old, minecraft gamecaster, who can only make appears “kikoo” in a windows terminal can’t hack my site.

dloser
8 years ago

0

Ok…

Carol, 25 years old, quadruple amputee, can’t kick me in the nuts.

ERGY13
8 years ago

0

it’s a cliche

dloser
8 years ago

2

I know I am, but what are you?

In any case, concluding it is safe on the grounds you do doesn’t make any sense. Especially when you allow people to do things that are not intended just because you don’t see a way that it could be exploited.

ERGY13
8 years ago

0

[quote=dloser]Especially when you allow people to do things that are not intended just because you don’t see a way that it could be exploited.[/quote]

you’re right

Mugi [Mugiwara27]
8 years ago

0

Is it a challenge or this guy is actually asking us to hack his website so he can fix some bugs/vulnerabilities ?

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

ERGY13
8 years ago | edited 8 years ago

0

both

am i running out of the rules ?

dloser
8 years ago

1

It’s not a challenge like on sites like this. Essentially free penetration testing, as per usual.

Mugi [Mugiwara27]
8 years ago

0

Nope, you’re not going through rules, dloser would have scream the code of conduct if you had to such a thing :p

It’s just that I didn’t really understand what you were talking about since what you’re writing is fairly nonsense

@dloser: As I though :)

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

ERGY13
8 years ago

0

perhaps my antiallergics are too strong lol

Mugi [Mugiwara27]
8 years ago

0

Wtf are you saying ? Why are you saying off-topics things every time someone answer your threads ? lol

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

ERGY13
8 years ago

0

i was responding to your text :
[quote=Mugiwara27]It’s just that I didn’t really understand what you were talking about since what you’re writing is fairly nonsense[/quote]
the fact that perhaps my antiallergics are too strong and make me drugged

cn9 [1337boy]
8 years ago

0

we were sure you did drugs man

 

WaRWolFz crew

You must be logged in to reply to this discussion. Login
1 of 25

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss