11:49 About hackers kadabru and TM | |
Decided to support the hacking trends, and dilute the Habr its history. In it you will find elegant receptions, tru characters and exciting plot, but the story is absolutely real, and reveals some very interesting things. In addition, all ended well, my conscience does not hurts, and write about it anyway stoit until he is at least something I remember. Thing happened last spring and is associated with the redesign avtokadabry. If suddenly someone does not know, this is a project of the TM, which is not very unsuccessful, and therefore is not spoiled by attention from their own developers. In any case, it is not important, and we just transported there in the 15th May 2009-th year. Occurred on kadabre global redesign, not only in terms of appearance, but also a number of self-regulation mechanisms, as well as other things. People rushed poking around in the interface, unsubscribe someone had found, and someone that likes this. Seething mass only, and were that the long-awaited redesign, the more so as he will not know anybody. I did against all these follies finally decided to write something something in your profile "about themselves." Wrote two lines, but realized that the output will be all alone. Entirely without ulterior motive inscribed <br />, preserved, and it worked ... The thought began to move, tried other tags - no restrictions. Decided to try to JS, has written, and to my amazement discovered that it also works in all! In the new interface hung a button to send error messages, which I decided to use. Described what so and so, kind people, Philo you have a parser in the profile, dzhavaskripty any misses. Posted by yes posted, at the same time went to the Habr check, but Habre, of course, everything is fine filtered. With a sense of accomplishment I had almost calmed down, but got caught in the messenger with an old acquaintance, who is also the developer. He described the situation to him, laughed, and went ... and now thought to work for two. He quickly realized JS, who has sent cookies GETom, and I painted skriptik on the server that the log discards all requests. JS has written in his profile, updated the page, cast a spell over the logs as a PHPSESSID. Next was not very interesting, and I went for lunch. Had complete confidence that the hole quickly zamazhut, and therefore the prospects of pampering in the head were drawn only in theory. No wonder that there is a button to hang errors? Will necessarily react quickly - so I thought. Amazingly, after dinner, there remain gaping hole, and in my profile, even went a man, leaving a session identifier. I opened my browser, changed his ID to sent - voila, as expected, I became someone else! It was a delight! Naturally, delete posts or write nasty things on behalf of others, I never thought it was interesting only from the standpoint of the experiment, which clearly succeeded! The first, last and only thing I did - it has entered the same skriptik in their profiles too:) Now, where you can imagine how it looked. Each new visitor trapped Profile replenished not only database logins, by which I could surf around the site, but also extends the interception of identifiers. The first success happened when I got access on behalf of the AVP - it's such a veteran site, close to the developers. On his account there were several thousand (or still hundreds?) Posts, and a huge archive of personal correspondence, including developers, to read that I thought it beneath his dignity. In any case, the vulnerability has not looked so much innocent. But good luck knocked again - I've got an account of one of the developers! Alas, I do not remember the nickname but who cares? Red Ferrari in his garage, I replaced with something such as light green Cossacks, then several other people also added machines: pink and white Bentley, Maybach. The site features posts that supposedly garage buggy, strange machines appear:) And my mood at the moment better was simply nowhere to go, I have a few hours of feeling on top of the world. Continued to embarrass except that the lack of response from developers. However, to honor HM must acknowledge that change the e-mail and / or password was not possible. The danger was purely at the level of access: you can erase all the stories of the author, writing on behalf of the nasty things to someone in a personal, comment on something. Do not say it strongly irreparably, but even destroying nerves so you can hoo. When the next post bug someone from the developers politely asked to use special molds, I can not help but jeered on this topic, using access to other developers. At this point, I honestly was tired of the situation. Not like "Barnyard", a hole is clearly not exclusive, you write them on a special form - and no reaction! All that is left to do to take over the world life is to write an innocent post that will make all go to someone's profile. In fact, nothing complicated! "I've got blue lights in your profile, but I have this bug?" - And a lot of people rushed to the link, leaving behind their ID! Leave the main so that I could not, you never know who is grief-zaplatchikov overtake? I had to write a post on behalf of the developer that the capture of kadabry left nothing at all, and the administration dries wafers instead of reaction to error messages:) Of course, a few minutes after the publication kadabru closed for maintenance work, and after some time discovered and scripting in the profile is no longer held. * * From the history you can do a lot of conclusions, and I suggest everyone take this personally. Take this opportunity to convey greetings to HM:) Thank you all for your attention! | |
|
Total comments: 0 | |