[Guide] Blasts, Injections, and how to stop them

View previous topic View next topic Go down

[Guide] Blasts, Injections, and how to stop them

Post by  on Mon Dec 24, 2007 5:23 am

CzF explanation: Simple but effective Server Security

  1. Blasts - server files manipulations
    The muserver files are quite good, but some of them are not with a good security level.

    • Dataservers
      The
      dataservers are used to connect the ODBC Data source to the GameServer,
      but there is no ip limitations and basicly the unlimited (untouched)
      dataserver can be connected through any other host pretending to be a
      persistant gameserver. Which may cause the all known of you item,stats
      blast and other server manipulations
      Solution:
      install a firewall or portblocker and stop the incomming/outgoing
      traffic from the dataservers (Allow only for the host on remote server
      (IF) working remotely)
    • MSSQL Server 2000
      The
      server is used to store all your server online info. It connects to the
      ODBC. However there are some exploits,hacks,hijacking applications to
      break up mssql's security (google it).
      Solution:
      same as dataserver...allowing traffic for a specific host should be
      only for your remote mueditor or dataserver or just a machine you want
      to have access to the server

  • Web code manipulations


    • SQL injections in php
      How does it work?
      lets suppose we have a page containing the registration form the server the code
      PHP Code:
      mssql_connect(..);
      mssql_select_db(..);
      $account = $_POST['acc']; // account field
      $password = $_POST['pass']; // password field
      // other vars bla bla..
      // Now here is the base query
      // First we check if this acc exists
      $query = mssql_query("select count(*) from [memb_info] where [memb___id]='$account'"); // This is where the 'hacker" (lame kiddie) will hit you
      //other code does not matter
      ?>


      lets change the $account with
      Quote:

      '; shutdown; --


      the code becomes
      PHP Code:
      mssql_connect(..);
      mssql_select_db(..);
      $account = $_POST['acc']; // account field
      $password = $_POST['pass']; // password field
      // other vars bla bla..
      // Now here is the base query
      // First we check if this acc exists
      $query = mssql_query("select count(*) from [memb_info] where [memb___id]=''; shutdown; --'"); // This is where the 'hacker" (lame kiddie) will hit you
      //other code does not matter
      ?>


      defining the ';shutdown; --

      ' - ends the define of the acc name
      ; - ends the current query line
      shutdown - our new query (shuts down mssql server)
      ; -- - completes our new query (in case there is further code after the if memb___id bit)

      This way everyone can inject whatever query he likes into ur database. Really easy
      Most people think that by limiting there fields to maxlength=10 they
      will avoid anything - nah totally wrong...the only thing that our NEWB
      hacker must do is to create the same form in his own html file and
      remove the maxlength...and KABOOOM..you get fucked up again

      Solution: A way to avoid this w/o disabeling any symbols ?
      PHP Code:
      mssql_connect(..);
      mssql_select_db(..);
      $account = addslashes($_POST['acc']); // account field
      $password = addslashes($_POST['pass']); // password field
      // other vars bla bla..
      // Now here is the base query
      // First we check if this acc exists
      $query = mssql_query("select count(*) from [memb_info] where [memb___id]='$account'"); // This is where the 'hacker" (lame kiddie) will hit you
      //other code does not matter
      ?>


      effective and easy

      Injections can be done in $_POST, $_GET or $_REQUEST, $_COOKIE or every
      value that the user has access to, so i suggest you addslashes() to all
      (addslashes changes ' to \' and " to "\ - this way user cannot end ur
      current query)
    • XSS web vunrability
      What is XSS? - Cross Style Sheeting
      Usable: Stealing user passwords (Cookies or Session issues)
      Ends a html code and may execute a js in client side (retreiving cookies)
      Php - Solution: htmlspecialchars(); in every variable that is entered by the user and DISPLAYED in the server page

  • Basicly thats most of the stuff you need to do to stay alive .... Smile
    But NOTHING online is secured enough u know ^^


    Favourite Game : MuOnline
    Registration date : 1969-12-31

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum