To whoever hacked into my Database
nikos.gr33k at gmail.com
Sat Nov 9 08:54:29 CET 2013
Στις 9/11/2013 9:05 πμ, ο/η Νίκος Αλεξόπουλος έγραψε:
> Στις 9/11/2013 8:37 πμ, ο/η Chris Angelico έγραψε:
>> On Sat, Nov 9, 2013 at 5:32 PM, Νίκος Αλεξόπουλος
>> <nikos.gr33k at gmail.com> wrote:
>>> I'am not saying out of arrogance but i was really under the
>>> impression i had
>>> secure my script.
>>> And i had until i made some new changes last night, which i think i have
>>> corrected now as we speak.
>> In other words, you closed off whatever you could see as being a
>> problem, and then boasted that the script was secure... until someone
>> proved to you that it wasn't. Your script is insecure by default, and
>> you're band-aid patching everything you happen to be made aware of.
>> What makes you think that it's now secure?
> Its probably unwise to post the following snippet of code that validates
> user input so an attacker wouldn't pass arbitrary values to my script
> but what the heck.....
> # initiate some local variables
> htmlvalid = pyvalid = False
> path = '/home/nikos/public_html/'
> cgi_path = '/home/nikos/public_html/cgi-bin/'
> # define how the .html or .python pages are called
> file = form.getvalue('file') # this value should come only
> from .htaccess and not as http://superhost.gr/~nikos/cgi-bin/metrites.py
> page = form.getvalue('page') # this value comes from
> 'index.html' or from within 'metrites.py'
> # is it a python file or an html template?
> if page and os.path.exists( cgi_path + page ):
> pyvalid = True
> elif os.path.exists( file ):
> page = file.replace( path, '' )
> htmlvalid = True
> file = 'forbidden'
> if 'forbidden' in file:
> print( '''<h2><font color=red>Δεν επιτρέπεται η απευθείας πρόσβαση
> στο script παρά μόνον μέσω της αρχικής σελίδας! Ανακατεύθυνση σε
> 5...''' )
> print( '''<meta http-equiv="REFRESH"
> content="5;URL=http://superhost.gr">''' )
> Now, when it comes to database insertions i use this check to prevent
> bogus data:
> if cookieID != 'some_secret_here' and ( htmlvalid or pyvalid ) and
> host ) is None:
> Even if i get re-hacked i'll find a security alternative.
How on earth did the hacker managed to alter the database again:
i can't ****ing believe it!
He is actually trying to read sensitive stuff from my linux server by
passing arguments into 'page' variable like '../../../../etc/passwd'
How was he able to pass that info again....?!?!
More information about the Python-list