Tuesday, March 23, 2004

::. InterBIu Question ::.



WHat is the MySQL command to select only 5 rows?? <== I x leh nak jawab cariks kat ittutor nie jwaban die


guner SELEECT matricid,name FROM ayam WHERE name='ahmad' LIMIT 0,5 ;


LIMIT lah funtion dier.. 0-offset and 5 tu diernyer jumlah row


atau leh guner nie


select top 10 * from table_name.



* thanks to paksi N bulan_terang.



2) Pasai table kantoi kat coding.. kener letak td pas tu colpsan="3" ....

Wednesday, March 17, 2004

::. PHPBB HACKS ::. Dont Know How 2 uSE..

Products: phpBB 2.0.6 and below (http://www.phpbb.com)
Found date: 4 January 2004
Publish date: 15 March 2004
Author: pokleyzz
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net

Summary: phpBB 2.0.6 and below sql injection.

Description
===========
phpBB is a high powered, fully scalable, and highly customisable
open-source bulletin board package. phpBB has a user-friendly interface,
simple and straightforward administration panel, and helpful FAQ. Based on
the powerful PHP server language and your choice of MySQL, MS-SQL,
PostgreSQL or Access/ODBC database servers, phpBB is the ideal free
community solution for all web sites.(from phpbb.com)

Details
=======
We have found sql injection vulnerabilities in phpBB which is exploitable
when register_global is set to "On" in php configuration.

SQL Injection in search.php
---------------------------
There is SQL injection in $search_results variable when performing search
in phpBB
on line 711 when $show_results variable not set to 'posts' or 'topics'.

$sql = "SELECT t.*, f.forum_id, f.forum_name, u.username, u.user_id,
u2.username as user2, u2.user_id as id2, p.post_username, p2.post_username
AS post_username2, p2.post_time
FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f, " . USERS_TABLE .
" u, " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2, " . USERS_TABLE . " u2
WHERE t.topic_id IN ($search_results)
AND t.topic_poster = u.user_id
AND f.forum_id = t.forum_id
AND p.post_id = t.topic_first_post_id
AND p2.post_id = t.topic_last_post_id
AND u2.user_id = p2.poster_id";



One of the table which is selected in this "SELECT" query is users table.
This can
be use to determine admin hash by guesting whether certain query is true
or false with
search result for MySQL 3. With autologin feature in phpbb attacker can
generate cookies
to login to phpBB without need to crack the password.

Quick Solution
--------------
Turn Off register_global in php.ini.

Proof of concept
----------------
[http://www.scan-associates.net/papers/gemuruh-v2.php.txt]

Vendor Response
===============
5 February 2004 : security@phpbb.com have been contacted but no response
given.

- Happy Birthday faradingdong :-)-



Friday, March 12, 2004

::. Linux ::.


Okey let me start ngan.. LInux mount..
dah banyak kali test lasr guner yg nie baru buleh.. nie nak mount aku nyer usb external casing....

lepas buat mkdir run can command kat bwh.. jenuh gaks lah...


mount -t vfat /dev/sda1 /mnt/removable



tp unmount command tak leh run kat Linux den camner nie.. heh