Hack My Site :D

Discuss the many weaknesses of browser security and ways to mitigate the threat

Hack My Site :D

Post by Kataclysmic on Wed Oct 16, 2013 11:45 pm
([msg=77718]see Hack My Site :D[/msg])

Alright so first off there is a comment on the home page that says <!-- Welcome HTS --> You may hack this site. However I would prefer that no one attempts anything on the feedback page because I would then have to manually delete all posts on the page. If you do find something please let me know! Thanks everyone.

P.S.
If you would like if you do manage to hack this site
let me know and I can add something in the news section about it and mention your name or you can stay anonymous.
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by pretentious on Thu Oct 17, 2013 6:12 am
([msg=77720]see Re: Hack My Site :D[/msg])

Naturally i went straight to the feedback page but noticed
Code: Select all
Great job, man &lt;3
so I take it you took at least some measures to secure it.
Also
'All abusive posts (hacking attempts) have their I.P. addresses logged.'
the request for http://lawofcode.com/admin was me. I'm not as crafty as i used to be haha :?
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 667
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Hack My Site :D

Post by DrRoach on Thu Oct 17, 2013 8:31 am
([msg=77722]see Re: Hack My Site :D[/msg])

Hey I took a look at your site, I didn't bother trying to hack it because I'm no good at hacking but I did notice that your page is very static, width ways, I would recommend that you use percentages for your site so it re-sizes better for phones. Just a suggestion =D
DrRoach
Poster
Poster
 
Posts: 155
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by Kataclysmic on Thu Oct 17, 2013 12:07 pm
([msg=77728]see Re: Hack My Site :D[/msg])

pretentious wrote:Naturally i went straight to the feedback page but noticed
Code: Select all
Great job, man &lt;3
so I take it you took at least some measures to secure it.
Also
'All abusive posts (hacking attempts) have their I.P. addresses logged.'
the request for http://lawofcode.com/admin was me. I'm not as crafty as i used to be haha :?

Lol its fine. Only the feedback page is monitored by me all others were disabled so that no one has to worry about the ip logs :)

-- Thu Oct 17, 2013 12:08 pm --

DrRoach wrote:Hey I took a look at your site, I didn't bother trying to hack it because I'm no good at hacking but I did notice that your page is very static, width ways, I would recommend that you use percentages for your site so it re-sizes better for phones. Just a suggestion =D

Actually idk how, but it does size to phones.
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by DrRoach on Thu Oct 17, 2013 4:57 pm
([msg=77731]see Re: Hack My Site :D[/msg])

I'd be happy to do it for you if you like :)
DrRoach
Poster
Poster
 
Posts: 155
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by Kataclysmic on Thu Oct 17, 2013 6:10 pm
([msg=77733]see Re: Hack My Site :D[/msg])

DrRoach wrote:I'd be happy to do it for you if you like :)

Yeah if you want to do the css that's fine haha.
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by -Ninjex- on Thu Oct 17, 2013 6:11 pm
([msg=77735]see Re: Hack My Site :D[/msg])

Two things you should look into:
here - wha what
here - Settings.png <3 - block them dirs boi
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1344
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by Goatboy on Thu Oct 17, 2013 6:14 pm
([msg=77736]see Re: Hack My Site :D[/msg])

-Ninjex- wrote:Two things you should look into:
here - wha what

Actually pretty safe. There is some SQLi in there but I haven't found it. try:

7 or 1=1

and it gives all articles one after another.

-Ninjex- wrote:here - Settings.png <3 - block them dirs boi

That was just a picture used in one of his articles, but I agree the directory should 403 at the least.

-- Thu Oct 17, 2013 5:28 pm --

I think I broke it >_>

Kataclysmic, check your feedback database. Look for something like this:

¼script¾alert(¢XSS¢)¼/script¾
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by Kataclysmic on Thu Oct 17, 2013 6:56 pm
([msg=77738]see Re: Hack My Site :D[/msg])

-Ninjex- wrote:Two things you should look into:
here - wha what
here - Settings.png <3 - block them dirs boi

Can't change those :/ host is fgt.

-- Thu Oct 17, 2013 6:59 pm --

Goatboy wrote:
-Ninjex- wrote:Two things you should look into:
here - wha what

Actually pretty safe. There is some SQLi in there but I haven't found it. try:

7 or 1=1

and it gives all articles one after another.

-Ninjex- wrote:here - Settings.png <3 - block them dirs boi

That was just a picture used in one of his articles, but I agree the directory should 403 at the least.

-- Thu Oct 17, 2013 5:28 pm --

I think I broke it >_>

Kataclysmic, check your feedback database. Look for something like this:

¼script¾alert(¢XSS¢)¼/script¾
Well i can load the page. Host may have just gone down again. I have been trying to get some stuff in motion to get a better host. It goes down everyonce in a while. The php script strips html and also quotes.
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Hack My Site :D

Post by -Ninjex- on Fri Oct 18, 2013 6:11 am
([msg=77741]see Re: Hack My Site :D[/msg])

Kataclysmic wrote:Can't change those :/ host is fgt.


True and false. True: "host is fgt", False: "Can't change those"

create a .htacess file in the public_html directory.
Inside the .htacess file add this:
Code: Select all
Options -Indexes


You could also create a custom 404 error message and add a redirect to it with something like:
Code: Select all
ErrorDocument 404 /foo/bar.php
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1344
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Next

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests