GoFuckYourself.com - Adult Webmaster Forum - View Single Post

V_RocKs · 08-11-2009, 07:10 AM

If you are on that list you were hacked at some point. The hack could have been remote server access like when you are SSH'ed into the server or a simpler one where you had an old ccbill, ibill, globill, etc script where someone can add a combo to the file without any kind of authentication.

On that last one, you might have a php script and an htaccess file that checks user/pass to the "admin script"... the check has:
<limit get post>

Which means you are only limited the get and post requests to the script... PHP doesn't care how it is called so I can craft a header with a method of V_RocKs and PHP will run it just the same... which renders your htaccess/htpasswd files useless...

08-11-2009, 07:10 AM
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,422	If you are on that list you were hacked at some point. The hack could have been remote server access like when you are SSH'ed into the server or a simpler one where you had an old ccbill, ibill, globill, etc script where someone can add a combo to the file without any kind of authentication. On that last one, you might have a php script and an htaccess file that checks user/pass to the "admin script"... the check has: <limit get post> Which means you are only limited the get and post requests to the script... PHP doesn't care how it is called so I can craft a header with a method of V_RocKs and PHP will run it just the same... which renders your htaccess/htpasswd files useless...