Airsoft Canada
https://blackblitzairsoft.myshopify.com/

Go Back   Airsoft Canada > General > General
Home Forums Register Gallery FAQ Calendar
Retailers Community News/Info International Retailers IRC Today's Posts

SQL Injection mass attack

:

General

Reply
 
Thread Tools Search this Thread
Old August 6th, 2008, 21:08   #16
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
SQL Injection has been here for years... and many websites now protect themselves from the sql injection. For php it's enough easy to fix, and as the ASC forum is a complete script (made by a company) I'm almost sure that this has been fixed, or at least very hard to execute.

Anyway, for the "virus" part... many web servers are running on linux, and virus aren't aiming at linux. If they manage to enter 1 server, maybe they could try to install theses "viruses" on computers with internetexplorer/firefox but the user will get a question if he wants to install it...

The only scaring thing on this is because all our passwords stored here can be retreived. However... password here are not plain text, nor crypted. They're hashed so impossible to decrypt. The only method you can use to crack hashed passwords is bruteforcing.

Bruteforcing is not something easy to do if you have a long password (can take up to years for 10-12+ chars password).

Hope some of you are going to sleep a bit better lol
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
Old August 6th, 2008, 22:21   #17
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
Except you're incorrect. Well, partly.

SQL injection doesn't care if the server is linux, windows, etc. It's SQL, and therefore any SQL database is potentially vulnerable.

The Achilles Heel of any web server is the application layer. If the application layer doesn't properly santize and/or validate input, you can potentially read/write to the database with the permissions of the application...or more.

If you can compromise the tables that present site content, you can include a cross-site script call to a foreign web server. That call can be for ,oh, let's call it "ngg.js". You can Google that if you like, but for God's sake don't click on the results.

Ngg.js is JAVA. Java doesn't care what OS you're running, or even what browser you're running. It runs in it's own sandbox and is completley portable.

So the Java WILL execute if you haven't prevented javascript execution with a tool like NoScript under Firefox. The JS can include browser checks, which can be used to control WHAT malware is presented to you. IE, a Macintosh-specific trojan for a Safari browser.

Yes, I know that Safari also runs on Windows, but the point is that this is a targetted, blended threat, so the usual rules about ciruclating viruses that would affect the larger market don't apply...these are professional criminals and they're well aware that many people out there feel safe and secure behind their Mac and Linux systems, and therefore may treat certain things as "safer" where they wouldn't trust them on Internet Explorer.

Say for example, visiting your favourite news site and being presented with a dialogue box asking you to install a Codec that's required to view specific content...we know that people are stupid, and they'll hapilly click on anything if they think they'll be able to watch stupid movies or free porn. So, you're on a site that you trust, and you've watched streaming content there before. It's only logical that you may need to update your codec, isn't it?
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?
MadMorbius is offline   Reply With Quote
Old August 6th, 2008, 22:27   #18
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
Yeah, you're right but I was more talking about the fact once you got access to the database, you can even upload some stuff in the website (yeah, that's an old hacking method).

For what you're talking about, yeah you're totally right. I didn't looked at this option!

But then again, you'll need to hack the database first which is enough hard to do on well protected website (like I already stated, I'm almost sure this website have a good/strong protection against this hacking attempt)

Edit: the java machine can be disable, or even restricted on most browser
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
Old August 6th, 2008, 22:34   #19
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
700,000 hacked databases on the Internet since May 23rd 2008 say otherwise. And sure, you can disable the JVM. In the proces, you'll break a shitload of web content and applications. Try it sometime.
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?
MadMorbius is offline   Reply With Quote
Old August 6th, 2008, 22:38   #20
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
Damn I was not aware of this number of hacked databases. It's a big wow :|

But do you have more informations on databases type? (MSSQL/MySQL/mSQL/etc)
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
Old August 6th, 2008, 22:40   #21
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
Any SQL database.
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?
MadMorbius is offline   Reply With Quote
Old August 7th, 2008, 13:33   #22
vatek
 
Join Date: Feb 2006
Location: Calgary
http://support.microsoft.com/kb/927177
vatek is offline   Reply With Quote
Old August 7th, 2008, 13:55   #23
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
Uninstalling internet explorer is dangerous...

It's part of the system's core and it's very risky to uninstall it. I know some services use IE to manage things, so uninstalling it would stop them.

If you have a second computer, you should try to install your first computer's harddisk into the second one, and use an antivirus to scan it. Having it's OS disabled, the hard disk can be fully scanned.

Note: If you're reading carefully the link to the microsoft's help, you'll notice they're saying you have to reinstall another version of internet explorer to ensure everything work right.
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
Old August 7th, 2008, 14:48   #24
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
Standard forensic methodology here. As EV states above, you can either mount the drive on another system and run an AV scan, or you can boot to a Linux toolkit and run AV from there.

In my experience, best not to uninstall IE. Just keep your machine updated via Windows Update, and dont forget about the applications like Adobe, Flash and others. They can make you just as vulnerable.

I have IE on all my machines. However, it almost never gets used, unless I have no option but to use it because the site *requires* activeX shit to work. There are very few sites that I'll use where they require that shit, but every now and then it's unavoidable.

CG - if you got it, then got it again, you're either un-patched or doing something wrong
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?
MadMorbius is offline   Reply With Quote
Old August 7th, 2008, 16:32   #25
Mantelope
Scotty aka harleyb
 
Mantelope's Avatar
 
Join Date: Mar 2004
Location: Toronto, Ontario
Send a message via AIM to Mantelope Send a message via MSN to Mantelope
I've done a crapload of investigation about this attack and how it spreads, and it seems to be limited to SQL servers supporting T-SQL; no, ASC running MySQL is not vulnerable to this attack.
__________________
Mantelope is offline   Reply With Quote
Old August 7th, 2008, 17:03   #26
warbird
 
warbird's Avatar
 
Join Date: Oct 2006
Location: NB, Canada
Good! Too bad I don't only visit ASC, lol.

So regular virus protection should pick this up, if updated?
warbird is offline   Reply With Quote
Old August 7th, 2008, 17:10   #27
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
As usual!

But the best antivirus I've ever saw is to pull the keyboard and mouse's cable lol :P
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
Old August 7th, 2008, 17:25   #28
warbird
 
warbird's Avatar
 
Join Date: Oct 2006
Location: NB, Canada
lol, I'd say the internet cable
warbird is offline   Reply With Quote
Old August 7th, 2008, 18:58   #29
warbird
 
warbird's Avatar
 
Join Date: Oct 2006
Location: NB, Canada
I'm using symantec, should be good...right?
warbird is offline   Reply With Quote
Old August 7th, 2008, 19:08   #30
eV.Viper
 
Join Date: Jun 2006
Location: Montreal, Quebec
yeah it's good, but norton360 (i think that's what you're talking about?) is decreasing the computer's performances. Most people install kaspersky/nod32/avast/and some other names I can't remember!

But yeah, it's doing the job
__________________
Aka Raptor
TM M3 Shorty
KJW Beretta M9
eV.Viper is offline   Reply With Quote
ReplyTop


Go Back   Airsoft Canada > General > General

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Airsoft Canada
https://blackblitzairsoft.myshopify.com/

All times are GMT -4. The time now is 11:57.


Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2017, vBulletin Solutions, Inc.