Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Friday, April 18 2014 @ 04:27 AM EDT

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Current Security Issues (Sept 2003)
  • Authored by:Anonymous on Friday, October 10 2003 @ 09:40 AM EDT
So far like the other stuff the python script has not been able to be a success. I have personally tried running it and it gives an error when trying to run. I can't really tell what its trying to do except maybe exploit something else in the forum plugin. . . theres something to do with the forum plugin there.

So what have we still learned? The core geeklog has yet to have any security flaws actually seen. Plugin that a 3rd party made has some issues that need to be cleared up.
  • Current Security Issues (Sept 2003)
  • Authored by:Anonymous on Friday, October 10 2003 @ 02:46 PM EDT
>So far like the other stuff the python script has not been >able to be a success. I have personally tried running it and >it gives an error when trying to run.

It requires python 2.2 or higher

>I can't really tell what its trying to do except maybe exploit >something else in the forum plugin. . .
>theres something to do with the forum plugin there.

"/forum/memberlist.php?order=mid(passwd," + str(i + 1) + ",1),uid&prevorder=uid&direction=ASC&page=" + str(page))

you can order the memberlist by password or more specificly one character of the password. and thus determine its contents

>So what have we still learned? The core geeklog has yet to >have any security flaws actually seen.

We'll just see about that

>Plugin that a 3rd party made has some issues that need to be cleared up.

yes and this site is running it, it could easily be defaced
  • Current Security Issues (Sept 2003)
  • Authored by:tomw on Friday, October 10 2003 @ 03:06 PM EDT
I think you had better look at your code again. The forum memberlist.php does not allow you to sort the user list. Quit spreading this fud until you know what you are talking about. Here is the code that retrieves the member list.

$memberlistsql = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid <> 1 ORDER BY regdate");

The order by is not changeable!

I also ran your python script and could not get it to run -- by the way my python version is 2.3.

TomW
Not Anonymous
  • Current Security Issues (Sept 2003)
  • Authored by:DTrumbower on Friday, October 10 2003 @ 03:15 PM EDT
Sorry Tom, you can order it.
http://www.geeklog.net/forum/memberlist.php?order=username&prevorder=uid&direction=DESC&page=1

The headings are links.

I can get the script to run a while but then it pukes.
  • Current Security Issues (Sept 2003)
  • Authored by:wlparks on Friday, October 10 2003 @ 03:24 PM EDT
tomw, sorry but there are huge security issues with the forum plugin(I was the one defending geeklog earlier in this thread). I suggest anybody using it take it down until it is fixed.

I was the one replying to the other things but anyway I looked at the python script. I got it to ran. It puked 5 minutes in but his theory is right.

I guess it won't hurt for me to explain it here since anybody can look at his script.

You CAN order by anything on the memberlist page... I can't say that I have looked at the code for the forum plugin at all. Hell I haven't even installed it on my own personal site. But if they're using the latest version of the forum on geeklog.net you can sort by whatever you want. Order it anyway you want and more.

EXAMPLE.
http://www.geeklog.net/forum/memberlist.php?order=uid&direction=ASC

His python script didn't work for me but I could write something in another language that did the exact same thing. His theory is correct.

Heres how it works.

memberlist.php?order=mid(passwd," + str(i + 1) ",1),uid&prevorder=uid&direction=ASC&page=" + str(page)).read()

What he is doing is pulling back a character at a time and ordering the page based on the one character that is returned from the password field. From this he can compare it to where your own placement is on the return and tell if its higher or lower or equal. If you did look at the python script it is constantly changing your own password so it can compare it better.

I believe this is how it was working if not, that way should work :-p
  • Current Security Issues (Sept 2003)
  • Authored by:wlparks on Friday, October 10 2003 @ 03:29 PM EDT
woopsy sorry didn't see the dudes post that already explained how it worked.
  • Current Security Issues (Sept 2003)
  • Authored by:tomw on Friday, October 10 2003 @ 03:30 PM EDT
I admit I wasn't looking at the new version since it hasn't been released officially yet. The version for download here and most widely used does not have a sortable memberlist.

TomW