Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Fix Proxy Listing Exploit

  1. #21
    xrvel's Avatar
    xrvel is offline Newbie Net Builder
    Join Date
    Mar 2009
    Location
    Xrvel.com
    Posts
    37
    Blog Entries
    1
    Thanks
    19
    Thanked 19 Times in 8 Posts

    Thumbs up

    To fix a problem, we should know the problem first.

    So after a glance on the original "admin.php" file, the problem is the authentication process, about when a user is considered as not logged in, and when a user is considered as logged in and is considered as a valid admin and therefore display normal admin menu, etc.

    The main problem is the admin script is only check the cookie value ($_COOKIE['admin'])
    If the script recognizes "admin" cookie, and its value is "1", you are considered as logged in.
    Here is the original troublesome code
    PHP Code:
    if ((empty($_COOKIE['admin']) or $_COOKIE['admin']==0) and $access_flag==0){
        
    $l_d=1;
        if (isset(
    $_POST['password']) and $_POST['password']==$admin_pass){
            
    setcookie('admin','1');
            
    $access_flag=1
        } 
    So, if somewhat a user has an "admin" cookie, with "1" as the value, he is considered as the admin, no matter what (although he does not know the admin password & does not log in by the normal admin login form).
    It can be performed by several ways, but i can not mention here.

    So quickest fix is use session ($_SESSION) instead of cookie ($_COOKIE).

    Because cookie is client side, anything inside cookie can be modified ( if the user knows how to )
    But the session is somewhat "server side".

    I've seen chetan's code.
    At a glance, you modified the authorization code by checking the "admin" cookie value, and compare it with md5 hashed admin password.
    Which means the attacker can not use simple "1" as the value,
    but he should guess the admin password too
    Last edited by xrvel; 20 June, 2009 at 15:41 PM.
    . Xrvel . Free Proxy List Script (on Google Code) .

  2. Thanked by:

    Aquarezz (20 June, 2009), Soulzripper (25 September, 2009), Will.Spencer (20 June, 2009)

  3. #22
    chetan's Avatar
    chetan is offline PHP Coder
    Join Date
    Mar 2009
    Location
    India , Nagpur
    Posts
    74
    Thanks
    3
    Thanked 6 Times in 5 Posts
    Quote Originally Posted by xrvel View Post
    To fix a problem, we should know the problem first.

    So after a glance on the original "admin.php" file, the problem is the authentication process, about when a user is considered as not logged in, and when a user is considered as logged in and is considered as a valid admin and therefore display normal admin menu, etc.

    The main problem is the admin script is only check the cookie value ($_COOKIE['admin'])
    If the script recognizes "admin" cookie, and its value is "1", you are considered as logged in.
    Here is the original troublesome code
    PHP Code:
    if ((empty($_COOKIE['admin']) or $_COOKIE['admin']==0) and $access_flag==0){
        
    $l_d=1;
        if (isset(
    $_POST['password']) and $_POST['password']==$admin_pass){
            
    setcookie('admin','1');
            
    $access_flag=1
        } 
    So, if somewhat a user has an "admin" cookie, with "1" as the value, he is considered as the admin, no matter what (although he does not know the admin password & does not log in by the normal admin login form).
    It can be performed by several ways, but i can not mention here.

    So quickest fix is use session ($_SESSION) instead of cookie ($_COOKIE).

    Because cookie is client side, anything inside cookie can be modified ( if the user knows how to )
    But the session is somewhat "server side".

    I've seen chetan's code.
    At a glance, you modified the authorization code by checking the "admin" cookie value, and compare it with md5 hashed admin password.
    Which means the attacker can not use simple "1" as the value,
    but he should guess the admin password too

    Awsome Buddy


    Yeah I did same i changed authorization to md5 and cookie to session ....its now 1000 times hard to hack admin panel without knowing the password
    Visit : Paste-Bin | Yahoo Tracer | Twitter Signatures
    Contact Me For PHP Works
    An cURL Expertise

  4. #23
    chetan's Avatar
    chetan is offline PHP Coder
    Join Date
    Mar 2009
    Location
    India , Nagpur
    Posts
    74
    Thanks
    3
    Thanked 6 Times in 5 Posts
    Quote Originally Posted by Freshide View Post
    You need to change it from saving in Cookies from saving in Sessions, Sessions are saved , Server side and noone can access them,
    I did same in my provided admin.php
    Visit : Paste-Bin | Yahoo Tracer | Twitter Signatures
    Contact Me For PHP Works
    An cURL Expertise

  5. #24
    Keldorn's Avatar
    Keldorn is offline Net Builder
    Join Date
    Dec 2008
    Location
    Canada
    Posts
    400
    Thanks
    21
    Thanked 60 Times in 52 Posts
    I found this exploit while looking over the code too,
    All you have to do is set a cookie that says "admin=1;" and your logged in. Its friggen genious. The person who wrote that scripts needs to learn a thing or two about security. The admin panel is also vulnerable to XSS. (Cross site scripting) from the submission details.
    Keldorn
    Submit new proxies -

  6. #25
    nux
    nux is offline Moderator
    Join Date
    Dec 2008
    Location
    Minneapolis
    Posts
    534
    Thanks
    28
    Thanked 77 Times in 54 Posts
    Lol, very useful post Freshide.

    So if we have indexes turned off, brute force scanning for a file named "193437383283.php" would take years.

    Not worth the effort IMO.
    Submit Your Proxies @ NewProxySites.com

Page 3 of 3 FirstFirst 123

Similar Threads

  1. Proxy Supply .com - New Proxy Listing Site
    By nux in forum Proxy List Announcements
    Replies: 24
    Last Post: 13 January, 2013, 04:04 AM
  2. [WTS] Proxy Template Download Site cum Proxy Listing
    By AstroNyu in forum Sites
    Replies: 0
    Last Post: 1 September, 2010, 00:26 AM
  3. Replies: 2
    Last Post: 1 April, 2010, 14:51 PM
  4. [WTS] Proxy listing site The Proxy Finder PR3
    By Ogle in forum Sites
    Replies: 5
    Last Post: 16 December, 2009, 08:16 AM
  5. [WTB] Proxy Listing Script
    By iHate in forum Scripts
    Replies: 13
    Last Post: 22 November, 2009, 07:01 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •