Monday, 7 December 2009

www.pea.edu.np simple JS hack

Ok this was given to me as a challenge by sam and he said that he was given information about this site by some friend of him. He said me about javascript hacking in admin panel and I started to dig up. And finally I found that it didn't require any login(even the login user/pass is easy one: admin/a). I then found that the upload feature was also insecure. I got the shell and I could have utilized to root the box but I didn't. I just thought to make defacement of pea.edu.np.

Some PHP dumps:

addnew.php:

//clearly reflects their poor coding way...
<?
$path = "../";
//$thePage = "home";
include $path."includes/adminhead.php";
include $path."includes/headeradmin.php";
if($_POST['ok'])
{

$date1=$_POST['Date1'];
$title=$_POST['Title'];

$newfile=returnfilename($_FILES['fileattach'],"downloads");

$sqlquery= "INSERT INTO downloads VALUES('','$date1','$title','$newfile')";
$rt1=mysql_query($sqlquery) or die(mysql_error());

if($rt1)
{
print "<script>document.location='download.php';</script>";

}


}
?>

settings.php:
<?

// Online
/**/
$hostname="localhost";
$username="peaedu_peaedu";
$password="delta2009";
$db="peaedu_peadb";


/* LOCAL *

$hostname="localhost";
$username="root";
$password="";
$db="pea_db";
*/
$connectme=mysql_connect($hostname,$username,$password);
?>


Now the screenshot of the defaced site:



Thanks for reading this... and to site developers, learn fucking sense of security...

2 comments:

  1. Hey guys, thanks for alarming...but couldn't get you people. Is the server insecure or what? This site was hacked previously as well. Could you please tell me the exact reason?

    Thanks

    ReplyDelete
  2. ok bro, its not the server but its the poor coding with which we had hacked you. If you want to know what exact is the reason,please contact me or sam. We will be more than happy to help you secure your site otherwise it is still same.

    ReplyDelete