Welcome, Guest

Recent Posts

Pages: [1] 2 3 4 5 6 ... 10
1
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by eivindm on Today at 11:52:24 am »
I had initially thought of not replying to you as I don't think you deserve the attention you try to get. But to assure the other members that we are not into deep security issues I will anyways:

1. If you ever place your security in the fact that your admin URL is not easy to guess, you are simply doing it wrong. It is perfectly possible to secure the admin login with other means.

2. The exploit you point to is old, very old in fact. This issue was patched here a long time ago. An exploit to a previous version is not a problem for us. You could at least checked if our version was affected as we don't even hide our current version. That said; popular software like wordpress and SMF have had many security issues. If you had looked for it you would have found many of them. Running old versions is always a bad idea.

3. Manipulating post counts: We have run this site for many many years. It is not strange we have a high post count.

4. Congratulations. You learned to reverse lookup on DNS and found that the server runs other sites as well. My company runs  a two digit number of sites behind the same IP with a 6 digit number of users. I handle security issues for many of them, and I sleep very well at night.

5. Allowing random parameters to the URL: You mean any random URL parameter should cause a 403 HTTP response, or just a strip off of the parameter with a 302 redirect? Why would this make the site more secure? In order to get a security issue this must be picked up somehow meaning that either the back end code or the front end code would have to pick it up and evaluate it or print it to the response un escaped. Any code showing data from a parameter should escape the data, no matter if it belongs to a supported parameter or not. Whitelisting parameters won't help for this. In fact; many frameworks auto escapes data like this unless otherwise stated. PHP does not, but any programmer with basic skills should know how to handle this. Try random code at a site like CNN. They don't strip it off with a 302 or give a 403 either.  Millions of lines of code to a GET request won't even work: Apache has a default limit of 8K in the header and IIS has 16K, so it is hard to fit million of lines of code into a 8K header.

I don't appreciate your attitude. You got a warning for a good reason, so handle it and move on. You obviously want to make us mods look bad because of this by finding "security issues". That is a very bad start when you are fairly new to a forum. If you in any way was concerned about the security, you should have approached the admins/mods and give us a heads up, not posted this in public. That is basic security knowledge. We do in fact appreciate any tip about security issues when it is done with a positive attitude and is meant to help.

I will close this thread now as I don't have any wish to fight you in public. I just replied to assure the users that all is well.

2
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 10:58:38 am »
https://beemaster.com/archive/

This is actually pretty neat. I like it.
3
GREETINGS/TELL US ABOUT YOURSELF / Re: Salutations Grand Readers !
« Last post by M3RLIN on Today at 10:45:20 am »
Hmmmm. I'm thinking about growing hundreds around the hives. Maybe just maybe it will prevent absconding behaviour. Is there some plant that small hive beetle and wax moth hate but bees love ?
4
GREETINGS/TELL US ABOUT YOURSELF / Re: Salutations Grand Readers !
« Last post by eltalia on Today at 10:24:03 am »

I watched my bees go absolutely mental for Thai basil the other day. They are literally drunk on the little purple flowers.


: nods:

Basil is a well kept secret as "bee bait"... having pots of last year's issue looking more than a tad sad I have just done potting up a dozen more for this year - that and putting the Oleo-mac to some fresh logs (swarm traps) earnt me a few cold Great Northerns under a sailor's sunset!

There are Aussies reading here, not so many posting these days.

'ooroo

Bill



5
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 10:17:21 am »
Guys....giving the attacker a warning isn't gonna stop your site getting wrecked.....

So basically I found where your software sucks....

I can insert complete BS into the browser and it accepts it.

For example: https://beemaster.com/forum/index.php?instructDeceptaconHere0101010

As a link still works. That should be an error or something. I could put a million lines of code in there.

Anyways: thanks for the warning, and lucky I'm not malicious. Out.

P.S. Your Mod powers should have had this account closed and me banned by now. So yeah...
6
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 10:03:19 am »
http://beefreaks.com/wp-login.php

Another easy to find login......
7
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 09:56:00 am »
104.237.142.38


This takes me to beefreaks....weird
8
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 09:52:24 am »

IP Address   104.237.142.38 - 2 other sites hosted on this server     
IP Location   United States - New Jersey - Pomona - Linode Llc


9
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 09:47:09 am »
Without publishing it on your site, it would appear that manipulating post numbers data, it is possible to see WAYY to much on here.
10
COMPUTER TECH HELP FORUM / Re: Penetration Test on Beemaster ?
« Last post by M3RLIN on Today at 09:43:32 am »
And then.....https://www.exploit-db.com/exploits/24445/

$^* ? Lucky I'm a white hat yo . Goodnight .
Pages: [1] 2 3 4 5 6 ... 10