December 21, 2024, 11:12:12 PM

1,531,361 Posts in 46,734 Topics by 1,523 Members
› View the most recent posts on the forum.


~Gri to Khadafi~

Started by gri, July 19, 2011, 02:35:17 AM

previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Go Down

Daddy

Quote from: gri on March 06, 2014, 08:29:17 AM
What is more dangerous for your forum -

your laughing on your office guys
or EVAL() function in the posts
?
EVAL() in posts.

I'm an administrator at work. The guy across the hall is a director but he's not my boss SO I DON'T FEAR SHIT  akudood;

Clara Listensprechen

gri, the link in your sig doesn't work.
Hmph.

gri

Quote from: Khadafi
EVAL() in posts.


Khadafi,
Equally in lower and upper case of letters ?

Daddy

I have no control over that. It's something outside of SMF.

gri

Quote from: Khadafi
The phrase you were trying to post is disabled by our PHP server
because if ANY escape sequence manages to work, and that command is issued
then one of PHP's largest vulnerabilities can be exploited
and any script can be injected in a page.


Who is the Author of this php patch for lower case letters only
?

Daddy

idk cloudflare or something. 

snoorkel

Quote from: gri on March 06, 2014, 08:57:20 AM
Quote from: Khadafi
The phrase you were trying to post is disabled by our PHP server
because if ANY escape sequence manages to work, and that command is issued
then one of PHP's largest vulnerabilities can be exploited
and any script can be injected in a page.


Who is the Author of this php patch for lower case letters only
?



O Gri, it is Apache's mod_security.

gri

Quote from: Khadafi
idk cloudflare or something.


What can be achieved by means of EVAL() function ?

Can you write a code for dowloading of Display.template.php file
if to post such a code to a forum
at the server without the mentioned patch ?

snoorkel

Quote from: gri on March 06, 2014, 12:35:35 PM
Quote from: Khadafi
idk cloudflare or something.


What can be achieved by means of EVAL() function ?

Can you write a code for dowloading of Display.template.php file
if to post such a code to a forum
at the server without the mentioned patch ?



Yes, that could happen on an unprotected server. An attacker could also upload a malicious file, or something similar, then proceed to attack information in the database.

gri

I need both the code for downloading of the predefined file
and the code for uploading of the modified file.

To test this technology on my forum first..

snoorkel


Daddy

who the hell is pedro

snoorkel

who the fuck is carlos?

gri

March 06, 2014, 08:01:44 PM #118 Last Edit: March 07, 2014, 12:29:21 AM by gri
Quote from: Khadafi
Check this resources about SQL injection:


Was not very helpfull for me, unfortunately.

A coder Carlos is needed
who will suggest the definite code of the test post.

gri

Quote from: Clara Listensprechen
The error I get is that it takes too long to respond, that it has timed out.


Khadafi,
please create an account on your hosting
for my tiny forum mirror.

Go Up