Results 1 to 5 of 5

Thread: Simple PHP Blog vulnerabilities - can't figure it out

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    2

    Default Simple PHP Blog vulnerabilities - can't figure it out

    Hi, I just had to register to the forums because I couldn't find any info about this. I have a web server with Simple PHP Blog installed on it. I noticed it had interesting vulnerabilities so I decided to try exploiting them. I looked in to milw0rm's Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities article.

    It says the attacker can send a HTTP packet like this:

    GET /index.php HTTP/1.1\r\n
    Host: localhost\r\n
    X-Forwarded-For: 127.0.0.1\r\n
    Connection: keep-alive\r\n\r\n


    I'm not sure about this, how would you send a HTTP packet?

    I somehow googled and made a program that maybe does it, I don't know if it works cause I'm not sure what it does! Fakes some info about the attacker to the server?

    $serv = 'server';
    $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80")
    or die "Died.\n\n";

    print $sock "GET /blog/index.php HTTP/1.1\r\n";
    print $sock "Host: localhost\r\n";
    print $sock "X-Forwarded-For: 127.0.0.1\r\n";
    print $sock "Connection: keep-alive\r\n\r\n";
    close($sock);

    What does HTTP-packet mean in that demonstration paper?
    Am I supposed to make a program that'll send those weird http-(header?)things to the blog?

  2. #2
    Junior Member
    Join Date
    Oct 2008
    Posts
    33

    Default

    I suggest you read up on the basics of packets and headers and such before doing anything else. Reading about different xss hacks might be a good idea too.

  3. #3
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    So, since we are a Backtrack related forum (at least in most cases) i would advise you to read about packETH.
    I like that one, and it will help you to deal with the things you want to do.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  4. #4
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    2

    Default

    Nice thing to move the topic to unauthorized forums :P

    Anyway, I've been reading about HTTP. I prefer doing the program myself so I'm doing it with perl.

    But I ran into a problem - there's a captcha, how is that supposed to be bypassed :s. and the IP check, I have to "fake" IP in the header and so pass the ip-check, right?

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    First of all, you need to realize that you're in over your head. If you don't understand basic constructs like packets and protocols you've started in the wrong place. This isn't a diss it's just the truth, we all start somewhere but based on your questions a little bit of foundation will help you a lot.

    Start here:
    http://www.wdvl.com/Authoring/HTML/Tutorial/http.html
    http://blog.monstuff.com/archives/000149.html

    Then so some reading on the difference between GET and POST.

    Then maybe checkout the WebGoat project by OWASP, it's a pretty decent learning tool. (Though some of it's English translations suck .... I'll be submitting a number of fixes too them).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •