jipman

yup, above situation is incase you only know the usernameIf you don't know the username and the password, what you said with those OR's probably would work too but is quite difficult to understand, and i also recall something about ... OR .. OR .. structures. Let's make it a bit easierusername: a' OR '1password: a' OR '1SELECT * FROM users WHERE user = 'a' OR '1' AND pass = 'a' OR '1'although you should not put numeric values between quotes, you will get away with this. Since the INTEGER 1 still equals the string 1 (same byte)

no, it's a just chops off the rest of the query. eg

SELECT * FROM users WHERE user = 'foobar' -- AND 'a'='a' AND pass = 'thisdoesnotmatter'

will become

SELECT * FROM users WHERE user = 'foobar'

I should have explained it better but the -- makes everything behind it comment so the server ignores them. It's not really pretty I guess, but it works.

Read about them here:
http://forums.xisto.com/no_longer_exists/

Could you explain more exactly what doesn't work? On first appearance, (as elf already said) it looks ok. Or could you send in a screenshot on how the site looks at your problem pc/browser. That would be a great help for us helping you

I think he means that he has just a total amount of 75mb space showing up in his cPanel, I had that sort of problem too. You need to ask opaque (der uber admin) to fix this, since he's the only one with the appropriate clearance level) .... appropriate clearance level... dang, that sounds cool

Unless you can create a model that creates the most possible combination of keys that you get when i mash my keyboard randomly you're not likely to find out my secret answer.TIPTake questions like "What's my pet's name" and answer like this.asdflj12l34j12089sdfasdlfkjl12j3l1j23409809qw8er0qwerjlasdjfWanna bet that noone guesses that? Only problem is that you cannot afford to lose your normal password.

Secure PHP coding

Today, PHP is a very common and very popular scripting language that is used by many people over the world. However, many php scripts that they make are vulnerable to 'hacks' by leaving some security holes open. This article will explain how someone can abuse your script and can alter your site/files, but also (even more important), this article will tell you how to PREVENT your site from being hacked and how to spot and fix those security holes.

Contents:

- Chapter 1 : To serve or not to serve
- Chapter 2 : MySql, friend or foe?
- Conclusion

Chapter 1

As many people know, you can use the include command to will save you from doing tedious copy's and paste's by including a file directly into the script for processing. Almost everyone that uses PHP in their website use it to make it easier to serve it's contents.

a small example

INDEX.PHP------------<?php  $page = $_GET['page'];   include ($page.'txt');?>

The include-line opens the file $page, add the extension .txt to it and virtually pastes the contents instead of the include line. variable $page is filled by using a GET request in your browser.

e.g. <a href="index.php?page=foobar">Click here</a>

However, what if someone does this

index.php?page=http://forums.xisto.com/no_longer_exists/

This will have YOUR index.php running PHP code (from the file exploitcode.txt , the script adds the txt extension itself (in this case)) from another site, there's no need to say that now you're entire site is open and the attacker can run any code he/she wants at will.

We ofcourse certainly don't want this, so here are a few ways to prevent this from happening.

1. using the file_exists command that verifies if a file exists on the server itself. eg.
 

<?php  $page = $_GET['page'];  if (file_exists($page)) {     include ($page.'txt');  }?>

This will first check if the file exists on the server itself and will not include files from other servers. (In php5 it's slightly different, see http://php.net/manual/en/function.file-exists.php)

2. Second method (my personal favorite), i like to call this method barrier style. It's perfect only it needs quite more code. example:
 

<?php  $page = $_get['page'];  switch ($page)    default:      include ('home.txt');      break;    case 'foobar':      include ('foobar.txt');      break;    case 'links':      [I]etc etc[/I]

This actually places some sort of barrier between the user input and the execution. This is what is does.

the switch is an extended if-then sequence, it basicly checks every 'case' and watches if there is a value stated behind it that matches the input variable. If it matches it then will do the action stated under it and jump out of the switch at the break command. Since the input is always checked so it's no use to enter something that will leave your script open, e.g. If you'd enter http://forums.xisto.com/no_longer_exists/, it would not match up with any of the cases and will force the default action to be executed.

3. Of course there are many other ways to do this but the most important thing is to check the user input.

This brings us to the second chapter, mysql

Chapter 2

It's also a common sign for site use databases like MySQL, since I don't give a ** about M$-SQL, I will discuss MySQL only.

For password authentications, MySQL databases can prove to be very usefull and hold a few advantages to flat-files, they are encrypted, they are password protected and they are way easier to manage. Here's a little example system
 

<?php  $handle = mysql_connect($server,$user,$pass);   mysql_select_db($databasename);       $input_user = $_POST['user'];   $input_pass = $_POST['pass'];   $result = mysql_query('SELECT * FROM users WHERE user = '{$input_user}' AND pass = '{$input_pass});   if (mysql_num_rows($result) == 0)   {      echo 'Not logged in';    }    else    {      echo 'Logged in';     }?>

The system first connects to the database server with the username and password. Then it selects the database. (note. I left out the error handling code because it's not relevant in this case).

Then it searches the table users for records (rows) that have $user as user and $pass as password. Since every user must be unique, all you need is to count the number of rows that has the correct password/username. For that we use the mysql_num_rows command, it simply returns the number of rows that are in the result of the previous query.

This system can also be easily exploited.

let's say that we have something like this

SELECT * FROM users WHERE user = 'foobar'-- AND 'a'='a' AND pass = 'thisdoesnotmatter'

In this case, the inputted username is foobar'-- AND 'a'='a
Since the input is not checked, the script plainly passes the input to the query. The query will do something different now, the -- tells the SQL server to ignore everything that comes after it so the query would look like this : SELECT * FROM users WHERE user = 'foobar' ...... Well I guess anyone would see this is a free login without even needing to know the password. There are endless variations like using .. OR .. statements, or UNION statements etc etc.

To prevent this kind of abuse you need to know the following stuff. MySQL is very sensitive for quotes placed on the wrong place. Luckily, there is a command that will addslashes to a string to neutralize those bloody quotes, mysql_real_escape_string() does that, it makes the input foobar'-- AND 'a'='a looks like
foobar\'-- AND \'a\'=\'a, which can be inserted into a query without a prob since it will check for the username foobar'-- AND 'a'='a, which is not a danger. Because now it cannot cut off the rest of query as it previously could.

Conclusion

This kinda wraps it up for today, these are the most important things to look at if you ever decide to create some site in PHP. There is one rule that is highly important and if you live by it you should be quite safe:

Don't ever ever trust the bloody user input

Why? you ask, that's logical, it's USER input.

normal-user = user
american = user
hacker = user

On the other hand, if you do get hacked, check the serverlogs and see how he got in. These mistakes aren't beginner-mistakes, most bulletin board software system exploits also work in this way (slightly more complicated though).

tip: If you learn to write cleanish and neat code, indents and stuff. It's much easier to debug .

There could be errors in this, if you see any, feel free to reply below
version 0.1

correction, you need a GOOGLE account, that's something different.A google account is just a normal google account without gmail access. Gmail accounts are just like google accounts + gmail accounts.

Just for the comparison, my (now at the repairs) Intel P4 3.00 Ghz runs about 50 degrees idle while having 60+ at stress situations. I do kinda regret that I got myself a P4 though.

<insert name of father of modern computing> -> You don't mean Turing do you?

small note from me:I think he maybe used some kind of an array with predefined characters, and did something with the original ascii code of the input so it would return a number within the array's range and match the appropriate character for it.Also, it seems that he also used somekind of way to randomize his output, because i can't see much frequency in the used characters. Maybe something with the position of the file.I really doubt it if this secret will be solved one day.

Consider yourself lucky, if it were me, you wouldn't know . And still how did you get so called hacked, I can't imagine he hacked the AIM server or something, he just probably did one of the 4 things here: 1. guessed your pass2. logged your pass3. sent you a program you opened that sent him your pass4. unlikely, bruteforced your pass

Look inside the admin panel in the PhpBB forum -> there should be an option for logo's.Alternatively, you could browse the image files of the phpbb installation and replace the logo with your own picture.

qwij, you mean flash like memory devices? :PMost of them would dead after a half an hour of computing time, I thought flash memory couldn't have so much writing actions performed on them? Unless they fix that, there's little chance that there will be flash hdd'sblaaaaaaaaaaaaaat :(update: Still moving the 50 GB's ... (time for SATA && RAID I guess)

3.5 inch is nothing special. All of todays harddrives are 3.5 inch. However, there should be a limit for harddisc sizes though. Since the density of any material cannot be infinite.I also hope that future harddrives will be faster, I'm moving 50 gb of data here and it's taking me an hour already. :S

I don't understand you question? Please explain it better

you cant expect any linux-gui to run properly on a 486 which were released near 1991 i think. Console is the way to go with those oldtimers . You could take any distro and strip the GUI and all graphical stuff from installing, using only the console based programs.

Talking about the asta frontpage, I do think it needs some remaking forinstance, the sounds quite annoy me especially the start ones and those bleeps you hear when you go over a menu item.Also the links with the 2 boxes in the center (that arrow like link) does'nt link to anythingFinally when i click on a menu item on the left, there's no way to return to the homepage( I think).But, I do like the news thingy and the features of the site and the specifics of the hosting are very well explained and listed.Kinda off topic I guess :|, sorryps. I usually skip the frontpage though, just jump right into the forumsps2. Your not going to kick me away for this are you Opaque :D?

Would it be a good idea to ban the combination of the username and (multiple) IP's?For reference, in games like SoF2 or CoD, when you get banned, you have a big problem. Since you don't get banned by IP but by CDkey, and since you get only 1 cdkey for each time you buy the game (serialgenerators don't work) you can never play again.So, what if you could have a ban based on a computers hardware specs or something. Something like MAC addresses ?

You're not missing anything, that's all.

The only sucking part is which one is the real one

But... to help you guys. do this if you think you got the real thing

http://forums.xisto.com/no_longer_exists/ the password here>

for instance

If you think the password is foobar

you should type this in your browser

http://forums.xisto.com/no_longer_exists/=foobar

1. I think you're looking for a command called headers_list();

more info : http://forums.xisto.com/no_longer_exists/

2. for expiring issues. you could try to set the expiring variable to something like -10. If this doesn't work, maybe you should follow googles example and set the expiry date to 2038 :D

Below 300 (dollars)? I'd go for the Nvidia Geforce 6600 (GT) chipset, most cards that use this one ar e around the 300 dollars. Also, Nvidia's SLI technology is quite worthwhile.There aren't many ATI cards that are around 300, most of them are 400+ or 200-.ps. Do you have a AGP or PCIe slot? probably AGP eh?

I doubt if it was really your own creation.

learntohack.org also has a challenge very (too) similar like yours.

http://forums.xisto.com/no_longer_exists/

I don't think that this topic is allowed, letting forum people crack programs made by yourself is ok, but cracking copyrighted programs OR telling someone to do so is not allowed. I'll have to close this topic

Good news is that the entire Fedora project is more open now.Also, Fedora Core is one of the most popular Linux distributions out there, so there is no need to worryps. Fedora was never fully under control of red hat, the reason red hat started Fedora was because they wanted to abandon red hat linux for personal use and concentrate on the server market.