From: Sir Mordred (
Date: Mon, 05 May 2003 15:58:59 +0000
Subject: [Full-Disclosure] @(#)Mordred Security Notice - exporing the hacking websites

// @(#)Mordred Labs security notice - exploring the hacking websites

Release date: May 5, 2003
Author: Sir Mordred (


It is a first security notice about the real state of web app security  
with the real world examples. In this issue we will be focusing on websites
related to hacking.
Security companies and news portals will be discussed later.
For now, it would be nice to see the reaction of the community on this

Looking at this notice, one can clearly see, that the combination of
ASP/PHP and relational database 
is a very dangerous, even the "security experts" make mistakes :-).

Surely, not all of the vulnerabilities have been found/disclosed. 
For example, there was no testing for CSS vulnerabilities at all.

Note that the vulnerabilities are presented here in the following format:

* ISSUE  - description of the vulnerability
blank line the url to demonstrate this vulnerability
blank line the error message (if exists)

One last word to tripz: thanks for the help.



5) -------------------------------- ----------------------------------- is a security portal dedicated to providing security professionals with the knowledge and resources needed to help protect all of their data. applications ... etc... It was developed by IT and security experts to facilitate discussion on security related topics, promote security awareness and to provide comprehensive and helpful database of security.
* ISSUE 1 - Path disclosure in /articles.php page'

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL
result resource in /home/1111146160/www/web/articles.php on line 37
Unabled to read from database.

* ISSUE 2 - SQL injection in /articles.php page

Visiting the url gives us back the
article "Copying Copy Protected CD's".

However, visiting the gives us
the page
with the error message "Unabled to read from database".

But the url gives us
the above article.

* ISSUE 3 - Path disclosure in /download.php'

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL
result resource in /home/1111146160/www/web/download.php on line 7
Warning: Cannot add header information - headers already sent by (output
started at /home/1111146160/www/web/download.php:7) in
/home/1111146160/www/web/download.php on 12

* ISSUE 4 - SQL injection in /download.php

This is almost identical to the issue 2, only the url is

main page ATTRITION feedback