[SERVICE] Patch Exploits/Leaks ect.. [TRYING]

[Habblet]

How do you meen 'trying' well im not really 100% PRO so im also gonna test my skills here...

What i need to do?
Describe your situation and report what the scripters do.

For example:
My database is getting deleted
[Check before you report: apache/logs/acces.log]

Index me / me is getting redirected
[Check before you report: database]

All room names are suddenly changed
[Check before you report: database or apache/logs/acces.log]

etc .........

Notice! I can`t patch everything... but i can patch the most.

Sorry for my bad english, im dutch.


EXPLOITS RESOLVED:

its the checknametaken injection, ok first go to 'inc/class.users.php'

Look for

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
	}

replace that with

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . mysql_real_escape_string(stripslashes($nm)) . "' LIMIT 1")) > 0) ? true : false);
	}

[MentaL]

[Arnii]

so you will make it some kind of anti-hack stuff? well, goodluck marco?

Grr..
Arnii

[HabMoon]

Don't need any help with it yet, but goodluck with this service :]

[Hejula]

Looks good, but to stop the database getting deleted, just put the database on another account on the SQL Server (not root) and remove the DELETE privileges..! Just thought I would say in case anyone wanted to know :P

[FlyCoder]

Doubt this will go far..
Posted via Mobile Device

[Habblet]

Looks good, but to stop the database getting deleted, just put the database on another account on the SQL Server (not root) and remove the DELETE privileges..! Just thought I would say in case anyone wanted to know :P

Hmm, mostley on xampp can only localhost connect with root account, and to stop this really you need to patch.

[Hejula]

Hmm, mostley on xampp can only localhost connect with root account, and to stop this really you need to patch.

I have multiple MySQL accounts on my XAMPP Development server, and they work fine, I tried deleting a database with the DELETE command and seeing as it was disabled on the MySQL account chosen, it wouldn't execute the command. This might not patch the exploit, but it renders it useless pretty much? I do see where you are coming from though!

[Grenadier]

How can anyone trust you?

[Habblet]

How can anyone trust you?

There are more programmes and they can check it... or else im telling you the exploit/leak, and you can try it youreselfs.

[ntl200]

right ok so your goin to patch first? the tcp connection of uberemu? ;)

[FlyCoder]

Hmm, i see. This thread is waste of space.
Posted via Mobile Device

[salah-salah]

Hablet , thanks for this service but i think that no one needs this..
No one is posting anything

[Habblet]

right ok so your goin to patch first? the tcp connection of uberemu? ;)

More information, i dont know anything about this one...

[Eronisch]

Direct hacking, some fággot keeps going in my database and edit everything he wants ..

[Habblet]

Direct hacking, some fággot keeps going in my database and edit everything he wants ..

i think its the checknametaken injection, ok first go to 'inc/class.users.php'

Look for

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
	}

replace that with

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . mysql_real_escape_string(stripslashes($nm)) . "' LIMIT 1")) > 0) ? true : false);
	}

[Eronisch]

I forgot to say that i am using phpretro

[Winter]

How can anyone trust you?

All a matter of if you don't trust, don't post.

Anyway this seems like a good service. Thanks for doing this!

[Habblet]

I forgot to say that i am using phpretro

Hmm, do you got any idea how he did it, or you got logs on 'xampp/apache/logs/acces.log' look for article.php?id= things or shomething with ?thing=thing

[Eronisch]

Hmm, do you got any idea how he did it, or you got logs on 'xampp/apache/logs/acces.log' look for article.php?id= things or shomething with ?thing=thing

He said he was "direct hacking"

[Habblet]

He said he was "direct hacking"

Send me a privet message and say our link and i will check for injections, than i know how to patch. thankyou. patch will be here in the thread!

[Zak©]

i trust this guy known him for long.

[NewLights]

You can search you cms for exploits by using a anti-virus program, etc. Norton, Avast, Normann ++ But there is always exploits in apache/ server languages, thats why theese service are ALWAYS updated

[Superfun]

You can search you cms for exploits by using a anti-virus program, etc. Norton, Avast, Normann ++ But there is always exploits in apache/ server languages, thats why theese service are ALWAYS updated

'le' excuse moi? (oh i sound so french) Scan for exploits? You probaly mean scan for a infected exe that people put in .zip folders as well. Finding these exploits is more like "find and destroy", aka debugging.

[Richardjuhh]

You can search you cms for exploits by using a anti-virus program, etc. Norton, Avast, Normann ++ But there is always exploits in apache/ server languages, thats why theese service are ALWAYS updated

Lol, if that is right i download right now an Anti-virus program

[Habblet]

Erm lol? but maybe it's a good idea..
that people posts exploits and then I try to patch them,
for everyone is it useful ...