Lock Picking 101 Forum
A community dedicated to the fun and ethical hobby of lock picking.
Forum Home   Forum Rules   SEARCH   Social Media   Contact Us

Lock Picking 101 Home
Login
Profile
Members
Forum Rules
Frequent Forum Questions
SEARCH
View New Posts
View Active Topics


Live Chat on Discord
LP101 Forum Chat
Keypicking Forum Chat
Reddit r/lockpicking Chat



Learn How to Pick Locks
FAQs & General Questions
Got Beginner Questions?
Pick-Fu [Intermediate Level]


Ask a Locksmith
This Old Lock
This Old Safe
What Lock Should I Buy?



Hardware
Locks
Lock Patents
Lock Picks
Lock Bumping
Lock Impressioning
Lock Pick Guns, Snappers
European Locks & Picks
The Machine Shop
The Open Source Lock
Handcuffs


Member Spotlight
Member Introductions
Member Lock Collections
Member Social Media


Off Topic
General Chatter
Other Puzzles


Locksmith Business Info
Training & Licensing
Running a Business
Keyways & Key Blanks
Key Machines
Master Keyed Systems
Closers and Crash Bars
Life Safety Compliance
Electronic Locks & Access
Locksmith Supplies
Locksmith Lounge


Buy Sell Trade
Buy - Sell - Trade
It came from Ebay!


Advanced Topics
Membership Information
Special Access Required:
High Security Locks
Vending Locks
Advanced Lock Pick Tools
Bypass Techniques
Safes & Safe Locks
Automotive Entry & Tools
Advanced Buy/Sell/Trade


Locksport Groups
Locksport Local
Chapter President's Office
Locksport Board Room
 

How safe are we?

Having read the FAQ's you are still unfulfilled and seek more enlightenment, so post your general lock picking questions here.
Forum rules
Do not post safe related questions in this sub forum! Post them in This Old Safe

The sub forum you are currently in is for asking Beginner Hobby Lock Picking questions only.
Post a reply

How safe are we?

Postby jamesphilhulk2 » 12 Oct 2005 9:37

i was just wondering how safe is this site from hackers, i'm only asking this question because this site has mass amounts of knowledge and if some PUNK kid wants to get onto the advanced section of the site would he/she be able to get on it easily and he may give this site a really bad rep. [/code]
jamesphilhulk2
 
Posts: 528
Joined: 5 Jul 2005 4:37
Location: S.Wales, uk
Top

Postby TOWCH » 12 Oct 2005 10:07

I can see it happening one of two ways. They steal an account, or they hack the server and manually add themselves. The first one can only be prevented by people with access not doing anything stupid. The second one relies on the server having good security. Even if everything is as it should be, there's always the posibility of an unknown exploit. If it happened I would wager it would be the first method.
TOWCH
 
Posts: 1587
Joined: 20 Jul 2004 0:19
Location: Oregon
Top

Postby illusion » 12 Oct 2005 11:41

I would imagine that such attempts have happened before...

I'll wager the first
illusion
 
Posts: 4567
Joined: 2 Sep 2005 13:47
Top

Postby hzatorsk » 12 Oct 2005 13:53

phpBB is open source and subject to peer review.

...but... if you remember not too long ago... an exploit was discovered that allowed Perl code to be executed on the box. A worm was written that defaced many phpBB sites.

It had to do with input validation problems related to a form field in one of the config screens.

These types of vulnerabilities and exploits are discovered in many products frequently. It is even possible for the problem to be 'reintroduced' in a future release of the code.

z
hzatorsk
 
Posts: 696
Joined: 20 Jul 2004 11:15
Top

Postby Minion » 12 Oct 2005 16:29

This website is probably vulnerable to an SQL injection.
As long as they disallow the uploading of ANY files publicly, it's doubtful that anyone could upload a php or perl shell.
Minion
 
Posts: 469
Joined: 3 Sep 2004 14:55
Location: Boise, Idaho
Top

Postby hzatorsk » 12 Oct 2005 16:52

Well... actually... What you state as 'doubtful' is exactly what happened.

Also, the uploading of files and the methodology in which the phpBB/Perl worm propogated were not related. The phpBB worm 'Santy' worked by injecting the Perl code directly in the URL of the viewtopic.php script. The other 'issue' was related to the failure to sanitize all the form variables on the an input form allowing script to be pushed into the PHP context.

http://www.securityfocus.com/archive/1/385063

This (like all SQL Injection and buffer overflow vulnerabilities) is an input sanitizing and validation issue and a direct reflection on secure coding practices of the developer.

Today, phpBB is quite well hardened against SQL injections. At least the current version. But... EVERY new version need to be carefully scrutinized as these things tend to creep back into production code.
hzatorsk
 
Posts: 696
Joined: 20 Jul 2004 11:15
Top
Post a reply

Return to Got Questions? - Ask Beginner Hobby Lockpicking Questions Here

Who is online

Users browsing this forum: Google Adsense [Bot] and 17 guests

Powered by php BB © 2000, 2002, 2005, 2007, 2016, 2021, 2022 php BB Group