GoFuckYourself.com - Adult Webmaster Forum - View Single Post

quantum-x · 12-22-2007, 03:11 AM

I was looking for a fake account to post under, then though what the fuck.
Here's where it stands.
There are 2 scenarios:
1- Internal Job. Won't even speculate on this, I've got nothing to say. It's just an option.

2- Exploit.
If it's an exploit, it'll be coming in via SQL injection attacks.
I know this, because [as demonstrated] previously, NATS filtering of $_REQUEST variables has been incredibly poor. In what I've glimpsed of source code, and played with [I'm by no means a 'black hat', but I know an exploit when I see one] - they weren't even using mysql_real_escape_string for passing strings to the databases.

6-12 months ago I did a POC where I dropped an entire database by injecting the SQL through a NATS [or CARMA, can't remember] URL.
I notified them via ticket. Have things improved? Not sure.

So, if it's as above, it doesn't matter how good your sql restrictions are, because the SQL requests come from the localhost anyhow.

It's easily conceivable that you can have full control over the database, hence the creation / deletion of accounts.

12-22-2007, 03:11 AM
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	I was looking for a fake account to post under, then though what the fuck. Here's where it stands. There are 2 scenarios: 1- Internal Job. Won't even speculate on this, I've got nothing to say. It's just an option. 2- Exploit. If it's an exploit, it'll be coming in via SQL injection attacks. I know this, because [as demonstrated] previously, NATS filtering of $_REQUEST variables has been incredibly poor. In what I've glimpsed of source code, and played with [I'm by no means a 'black hat', but I know an exploit when I see one] - they weren't even using mysql_real_escape_string for passing strings to the databases. 6-12 months ago I did a POC where I dropped an entire database by injecting the SQL through a NATS [or CARMA, can't remember] URL. I notified them via ticket. Have things improved? Not sure. So, if it's as above, it doesn't matter how good your sql restrictions are, because the SQL requests come from the localhost anyhow. It's easily conceivable that you can have full control over the database, hence the creation / deletion of accounts.