We wiped to Cazic for 6 hours on Saturday
 

Werent able to kill him, only had 22 players that logged on

And then we spent 5 hours in Air last night

Who'se jelous?

http://dkp.swiftglobal.com/viewraid.php?r=234

heheh

Title: EQdkp <= 1.3.1 Referer Spoof to access to SQL Database
URL: http://www.eqdkp.com
Hook: "Powered by EQdkp"
Author: Eight10
Contact: Eight10@gmail.com
--------------------------------------------------------------------------------------------------------
Background: EQdkp is the largest DKP tracking program utilized largely
by the MMORPG community, specifically
large use in the World of Warcraft Community among Guild/clan Websites.
--------------------------------------------------------------------------------------------------------
Discussion: A Vulnerability exists in all current versions of EQdkp that
allows one to
spoof Their refering URL to gain access to an integrated class-1 MySQL
Backup/Restore program
which allows one to download and modify sensitive SQL data. The script
only checks for authentication
via refering url from the administration control panel. Note some sites
have this funcitonality
disabled/not installed. From the EQdkp_USERS.sql file, the
username/email and MD5 Hashed password can be
obtained. From there the password needs to be cracked.

Tested on: 1.3.1 Default install.
1.3.0 Default install.
---------------------------------------------------------------------------------------------------------
Exploit:
Use a referer spoofing program, like quickspoof.

Refering URL - - http://www.sitehere.com/pathtoeqdkp/admin/
Target URL - - http://www.sitehere.com/pathtoeqdkp/admin/backup

From the Control menu goto "Backup MySQL data" and select the
appropraite Database*.
Download eqdkp_users.sql from there and MD5 Hashes and usernames/emails
will be present.
E.g.
VALUES ('1', 'admin', 'ec67739608318602f2dd6bcb141b56bc',
'admin@guildswebsite.com', ......
---------------------------------------------------------------------------------------------------------
Alternative type attack**:
One downloads the EQDKP_users.sql and modifies the administration hash
in there to be
"5f4dcc3b5aa765d61d8327deb882cf99" == password
One could then restore said Database and login to the EQdkp system as
admin.

Alternate type attack 2**:
One Downloads the EQDKP_users.sql and modifies the email address to his
own. Then one requests
a password reset from the "forgot my password" page. Then the reset
password is emailed to the
new email address.
----------------------------------------------------------------------------------------------------------

Futher Discussion: As we know people tend to use the same passwords in
multiple places, especially when
the topics are related, for instance WoW account information and WoW
clan websites. Along with similiar
passes often used for the email address, which one can retrieve account
names from the blizzards site.
Note, when cracking, the requirements for WoW passwords, I believe it is
atleast 8 characters long containing
both numbers and letters. These can be difficult hashes to break but
when the passwords are weak dictionary words
simply followed by numbers, a good amount of success can be achieved.
This method is especially good when
you already have appropriately generated rainbow tables, or hashes can
be sent to online hash crackers.

*Note Other databases can be obtained using this SQL backup tool too!
Such as PHPBB databases.
**(Note Sometimes Permission settings prevent SQL restores)

Shout Out:
RichyPoo (Calrich AKA Faglord). Throhg (pwnt). BrowerPower. Bliznat(ty)
_______ _________ _______ _________ __ _______
( ____ \\__ __/( ____ \|\ /|\__ __// \ ( __ )
| ( \/ ) ( | ( \/| ) ( | ) ( \/) ) | ( ) |
| (__ | | | | | (___) | | | | | | | / |
| __) | | | | ____ | ___ | | | | | | (/ /) |
| ( | | | | \_ )| ( ) | | | | | | / | |
| (____/\___) (___| (___) || ) ( | | | __) (_| (__) |
(_______/\_______/(_______)|/ \| )_( \____/(_______)

[code=plugins/mediacenter/include/mediacenter.class.php:421]
function check_content($fieldname){

$disallowed = "body|head|html|img|plaintext|a href|pre|script|table|title|php";
$disallowed_content = explode('|', $disallowed);
if (empty($disallowed_content))
{
return false;
}
[/code]

To get around this, you can use the Next design:
After downloading the file to the server, you can find the file on request:
http://site.com/dkp/plugins/mediacen...p?mode=ajax&id = [ID].
[ID] - simple exhaustive search.

Example:
http://www.eqdkp-plus.com/demo06/dat...a3825c2494f2/m
ediacenter/thumbs_b/ee5bb2c59c237307d61bcb0bae1e08f2.htm

Vulnerable versions: <=0.6.4.5

i dont get it

Who is pathetic enough to obsess over a guild on a server that they no longer play on to the degree of "sleazing" into their vent, DKP, forums, etc.?

You need a life far more than the people enjoying their hobby in a videogame that you got owned on and laughed off of, Salty.(even if they are cheating pieces of shit who should be banned like you are)

so true, this is the part that i never got. If I was done playing on the server, i'd sure as hell not lurk around obsessing on it all day. This just shows how bitter and mad they are, they could not beat Nihilum in game, so they try to poison the atmosphere on the fourums for.... what? In hopes of a wipe?

lol, never gonna happen. This is project99, not some fly by night shitbox that can wink out in a heartbeat. See you in Kunark and Velious.

Good fucking riddance

Yeah I don't really see why peopel care so much about the inner workings of nihilum