Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Fix Proxy Listing Exploit

  1. #21

    Thumbs up

    To fix a problem, we should know the problem first.

    So after a glance on the original "admin.php" file, the problem is the authentication process, about when a user is considered as not logged in, and when a user is considered as logged in and is considered as a valid admin and therefore display normal admin menu, etc.

    The main problem is the admin script is only check the cookie value ($_COOKIE['admin'])
    If the script recognizes "admin" cookie, and its value is "1", you are considered as logged in.
    Here is the original troublesome code
    PHP Code:
    if ((empty($_COOKIE['admin']) or $_COOKIE['admin']==0) and $access_flag==0){
        
    $l_d=1;
        if (isset(
    $_POST['password']) and $_POST['password']==$admin_pass){
            
    setcookie('admin','1');
            
    $access_flag=1
        } 
    So, if somewhat a user has an "admin" cookie, with "1" as the value, he is considered as the admin, no matter what (although he does not know the admin password & does not log in by the normal admin login form).
    It can be performed by several ways, but i can not mention here.

    So quickest fix is use session ($_SESSION) instead of cookie ($_COOKIE).

    Because cookie is client side, anything inside cookie can be modified ( if the user knows how to )
    But the session is somewhat "server side".

    I've seen chetan's code.
    At a glance, you modified the authorization code by checking the "admin" cookie value, and compare it with md5 hashed admin password.
    Which means the attacker can not use simple "1" as the value,
    but he should guess the admin password too
    Last edited by xrvel; 20 June, 2009 at 15:41 PM.

  2. #22
    Quote Originally Posted by xrvel View Post
    To fix a problem, we should know the problem first.

    So after a glance on the original "admin.php" file, the problem is the authentication process, about when a user is considered as not logged in, and when a user is considered as logged in and is considered as a valid admin and therefore display normal admin menu, etc.

    The main problem is the admin script is only check the cookie value ($_COOKIE['admin'])
    If the script recognizes "admin" cookie, and its value is "1", you are considered as logged in.
    Here is the original troublesome code
    PHP Code:
    if ((empty($_COOKIE['admin']) or $_COOKIE['admin']==0) and $access_flag==0){
        
    $l_d=1;
        if (isset(
    $_POST['password']) and $_POST['password']==$admin_pass){
            
    setcookie('admin','1');
            
    $access_flag=1
        } 
    So, if somewhat a user has an "admin" cookie, with "1" as the value, he is considered as the admin, no matter what (although he does not know the admin password & does not log in by the normal admin login form).
    It can be performed by several ways, but i can not mention here.

    So quickest fix is use session ($_SESSION) instead of cookie ($_COOKIE).

    Because cookie is client side, anything inside cookie can be modified ( if the user knows how to )
    But the session is somewhat "server side".

    I've seen chetan's code.
    At a glance, you modified the authorization code by checking the "admin" cookie value, and compare it with md5 hashed admin password.
    Which means the attacker can not use simple "1" as the value,
    but he should guess the admin password too

    Awsome Buddy


    Yeah I did same i changed authorization to md5 and cookie to session ....its now 1000 times hard to hack admin panel without knowing the password
    Visit : Paste-Bin | Yahoo Tracer | Twitter Signatures
    Contact Me For PHP Works
    An cURL Expertise

  3. #23
    Quote Originally Posted by Freshide View Post
    You need to change it from saving in Cookies from saving in Sessions, Sessions are saved , Server side and noone can access them,
    I did same in my provided admin.php
    Visit : Paste-Bin | Yahoo Tracer | Twitter Signatures
    Contact Me For PHP Works
    An cURL Expertise

  4. #24
    I found this exploit while looking over the code too,
    All you have to do is set a cookie that says "admin=1;" and your logged in. Its friggen genious. The person who wrote that scripts needs to learn a thing or two about security. The admin panel is also vulnerable to XSS. (Cross site scripting) from the submission details.
    Keldorn
    Submit new proxies -

  5. #25
    Lol, very useful post Freshide.

    So if we have indexes turned off, brute force scanning for a file named "193437383283.php" would take years.

    Not worth the effort IMO.
    Submit Your Proxies @ NewProxySites.com

Page 3 of 3 FirstFirst 123

Similar Threads

  1. Proxy Supply .com - New Proxy Listing Site
    By nux in forum Proxy List Announcements
    Replies: 24
    Last Post: 13 January, 2013, 05:04 AM
  2. [WTS] Proxy Template Download Site cum Proxy Listing
    By AstroNyu in forum Sites
    Replies: 0
    Last Post: 1 September, 2010, 00:26 AM
  3. Replies: 2
    Last Post: 1 April, 2010, 14:51 PM
  4. [WTS] Proxy listing site The Proxy Finder PR3
    By Ogle in forum Sites
    Replies: 5
    Last Post: 16 December, 2009, 09:16 AM
  5. [WTB] Proxy Listing Script
    By iHate in forum Scripts
    Replies: 13
    Last Post: 22 November, 2009, 08:01 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •