Please Try To Break My Website!

[JeffreyEagan]

I get a feeling people find this a very appealing activity...... 

 

What have i done????

Where's the DB.

[Alterlai]

Where's the DB.

On the same server. If that answers your question.

[SIGSEGV]

Already broken it, for example, if you upload a file with %20 in the filename it will parse it, it shouldn't do that

[SIGSEGV]

I get a feeling people find this a very appealing activity...... 

 

What have i done????

That's because pentesting is fun!

[SIGSEGV]

Lol, broke it again by uploading a file called ""/.pdf it uploads it and I think it puts it in a new directory

[Alterlai]

Already broken it, for example, if you upload a file with %20 in the filename it will parse it, it shouldn't do that

Thank you reporting! 

I'm not familiar with that problem. What does that allow you to do exactly?

 

Also see if you can find a way to screw with input. Like SQL injection or HTML script tags or whatever.

[Alterlai]

Lol, broke it again by uploading a file called ""/.pdf it uploads it and I think it puts it in a new directory

Did not make a new directory but i'll take a look at the file uploader. 

[SIGSEGV]

Thank you reporting! 

I'm not familiar with that problem. What does that allow you to do exactly?

 

Also see if you can find a way to screw with input. Like SQL injection or HTML script tags or whatever.

Not much, but it can be a bit annoying when uploading files

Also going to http://alterlai.com/school/bestanden/ lets me see all the directories and I don't need to log in to access it, it should be giving me a 403 - forbidden error like some of the other directories

[JeffreyEagan]

On the same server. If that answers your question.

But how do I seeeeee it. I'm bad at this. I'm still going through the JS payload from last night's attack. ;-;

[Alterlai]

But how do I seeeeee it. I'm bad at this. I'm still going through the JS payload from last night's attack. ;-;

You don't . That's the trick. See if you can figure out how to extract information from the DB without having access.

[SIGSEGV]

I hit it with a shellshock tester and it said it might be vulnerable, so I suggest you go patch that:

https://shellshocker.net/

[Alterlai]

I hit it with a shellshock tester and it said it might be vulnerable, so I suggest you go patch that:

https://shellshocker.net/

Is windows vulnerable to shellshock?

[SIGSEGV]

Is windows vulnerable to shellshock?

No, only Unix based systems (so OSX and Linux), if you're running a Windows server then you are fine

[Alterlai]

No, only Unix based systems (so OSX and Linux), if you're running a Windows server then you are fine

Any luck so far?

[SIGSEGV]

Any luck so far?

With what?

[SIGSEGV]

You don't . That's the trick. See if you can figure out how to extract information from the DB without having access.

Hey, I can get into all of the files without logging in by just going to this: http://alterlai.com/school/bestanden/

Also, uploading a file that has a " in the filename causes any links to it to give you 403 - forbidden

[Alterlai]

With what?

Any SQL injection vulnerabilities. Idk if you checked

[Robi_g]

Yea that was a pretty unusual error I encounterd. It was only produced by certain allowed files. Other files of the same filetype were allowed to. I'm gonna have to take a better look at that. Thank you

I deliberately uploaded a file of the wrong type to see what would happen

[SIGSEGV]

Any SQL injection vulnerabilities. Idk if you checked

Yeah I tried SQL injections, I think they're patched, did you see the other exploit I found?

[Alterlai]

Hey, I can get into all of the files without logging in by just going to this: http://alterlai.com/school/bestanden/

Also, uploading a file that has a " in the filename causes any links to it to give you 403 - forbidden

Hmm, i'll have to see if i'm able to add requirements for filenames.

[SSL]

I tried multiple basic XSS and SQL injections, none of which were fruitful.

 

If you want to disable directory browsing with apache, create an .htacces or edit your vhost file with something like:

Options -Indexes

[Alterlai]

 

I tried multiple basic XSS and SQL injections, none of which were fruitful.

 

If you want to disable directory browsing with apache, create an .htacces or edit your vhost file with something like:

Options -Indexes

Thanks, very helpfull!

[iHammmy]

Thanks, very helpfull!

http://alterlai.com/school/delete_taken.php

[mightytech]

I see you've made progress

I'm learning a bit of PHP now myself and have my first site up with a login and stuff made for my dad's business.

[ekv]

Site is mess, sry bro, but u have low security on register/login.

Same as on delete, or other functions.

Work on design too.

This is SQLi i made on chaning value par. on button.