Jump to content

Hack this Upload Site

Warptweet

By Warptweet
in Beta Test Your Stuff!

 Share

Recommended Posts

helraizer Regular Member

helraizer

Posted
Posted

evidenceeq2.jpg

 

Hmm...

SQL injection attempt. However, only files were uploaded, none of my database entries were modified...

 

Why don't you log IPS?

 

If you meant IP address; he does log it.  Only from what I can imagine, he's using a hidden field with value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" and thus someone made an identical form pointing to the same place and and sent it with the hidden input value of 'i lurves no ipz'.

Guest Xanza

Guest Xanza

Posted
Posted

Yea, database uploaders are nice, but they are subject to hacks very easily... My advice would be to create a pure php file uploader... You'll be able to specify the files that are allowed to be uploaded, and blacklisted files just as easily only their are no vulnerable databases that can be hacked. :P

Warptweet Advanced Member

Warptweet

Posted
  • Author
Posted

It happened again.

 

I have a backup of all files, so it took seconds for me to reboot the site.

The new front page was actually quite funny. "CANT TOUCH DIS HACKARY. ROFL"

And a video of "Can't Touch This". I actually listened to it a couple of times.

 

I made some tight measures against the hacking..

Warptweet Advanced Member

Warptweet

Posted
  • Author
Posted

I fixed the typo :D

Sorry, was in a rush to restore the site.

 

Please try hacking the website.

I implement mysql_escape_string to practically every variable in my PHP.

Also, for direct links, it direct links to a .php file which sends the direct download. You don't actually know the directory that the file is stored in. And the chances of you guessing it is too low to be considered possible. There are 1.84710571 × 10^89 possibilities :D

Warptweet Advanced Member

Warptweet

Posted
  • Author
Posted

HYPER EMERGENCY:

 

I wake up in the morning.

Forbidden: Warptweet.com, caramea.com, uploadpoints.com, merandtroy.com, everything. All my sites, all my folder.

I can't even access my files from my own highest-access cpanel.

 

They locked down my server. I had to contact my host to fix the problem!

 

I took uploadpoints.com offline. I made a backup and deleted all the files.

For some reason, the hackers can STILL edit the index.php! I'm guessing they hid a .php file somehwere in my other directories.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.