ajaypal.com - Security

Authentication bypass in Cyberix Internet Management System

Mon, 19 Mar 2007 04:40:01 -0500

A mohali based company http://www.cyberix.in/ has an otherwise good Internet Management Software Product by the name Cyberix, is vulnerable to a very simple authentication bypass vulnerability (rather it is more of a software design issue).

Cyberix IMS when authenticating a user using, the web login via a popup window, sends the MD5 hash of the users password in the GET request. As all URLs, along with the GET variables and their values, are saved in the browser's history, thus any user who has access to the system, used by a previous user, can simply check the browser history and click on the login URL to login as the other user, without providing any password. Defeating the purpose of an IMS where different users may have different access levels as promised by Cyberix IMS.

Daddy Says Puttar No XSS

Sat, 03 Mar 2007 16:49:47 -0600

These days I am having too much fun with XSS. It is no good wishing happy holi by manipulating other peoples websites, even though it is harmless. You never know when you will come across some crazy hippocrat who believes that its website has been defaced and then tries to grab the poor fun loving XSSer by neck.

Note to Self
Keep out of trouble and stop XSSing even if the other guy does not fix the website. Hey did I mention it is possible to move Lambi Assembly Constituency in Punjab to Haryana, now don't ask me how. A number of other funny permutations are also possible. Guess what am I talking about, or wait till these people say something...

Why cant there be a Secure and Perfect Version of MS Windows ever?

Tue, 22 Aug 2006 13:31:03 -0500

The title for this post can be considered a misnomer. I think it should read:

Why cant any commerical software be made perfect?

Well if you do write perfect software you are kicking yourself in your er.. belly, and sitting on the branch side of the saw.

For any commercial company/ enterprise writing perfect and bug free software would mean:

Happy and smiling Customers (hmm... that is a good)
Satisfied customers (this is also good)

PTU Jalandhar Website XSS Vulnerability

Mon, 29 May 2006 00:01:51 -0500

These days Full Disclosure mailing list is being dominated by XSS vulnerabilities. It is time I should put up my contribution too, for an XSS vulnerability I have known for around 7-8 months.
The site in question ptu.ac.in is of Punjab Technical University, Jalandhar. The URL http://ptujal.org used to refers to the same site.

A Legitimate? way to SPAM using yahoogroups.com

Sat, 18 Mar 2006 08:32:38 -0600

SPAM, I sort of dislike it and prefer my mail box to be free of SPAM. Spam filters like spamassin are very much effective against it. But for around past three-four months I have been receiving a new form of SPAM, in the form of yahoo groups invitations. All sort of marriage alliance invitations, hey I am happily married, please stay away. If I block one another one pops out, even I am helpless.

Script Kidding for the Blind

Tue, 07 Mar 2006 02:39:39 -0600

This is the error log of httpd (apache) on one of the server machines that is about to be replaced very soon, interesting thing is to see how the script kiddy goes about locating vulnerable web applications:

FTP across a Firewall

Sun, 05 Mar 2006 14:06:58 -0600

My home computer has GNU/ Linux (FC4 to be precise) behind the IPTables firewall. The way it has been configured allows very limited incoming connections (port 80 only) and more or less no limit on outgoing connections.

Here is Another Crack Attempt

Sun, 06 Nov 2005 14:32:14 -0600

Now this is something annoying (not interesting) some script kiddy, who may have either compromised 207.157.58.25 or maybe is some silly script kiddie student of http://www.wallace.edu attempted a PHP injection attack on this server.

The kid came from 207.157.58.25 and the kiddo has the scripts stored here. The store house of kiddo seems to be some server of ipower web inc a web hosting company. He has a load of cracking tools stored on the server. I will try to report this to ipower people. Hope they will listen.

One more thing, this service is an almost a regular, you will see this in your logs just before the attack is about to begin. Almost all kiddos use this before they start their dirty work.

Confusing the Script Kiddie

Mon, 10 Oct 2005 15:38:01 -0500

Ok I am running ssh on this server, and there are plenty of script kiddies out there who are just too eager to run scripts, trying maybe a brute force attack, and after such an attempt I dont like the look of my system log.
What should I do?
The old trick of obfuscation still works, I know not a very good idea, someone suggested blocking the kiddo IP, but hey how many IP addresses should i block.
I have moved the service to some other **well known port**. Most of the kiddies would get confused, except for the dedicated ones.

Cracking Attempts

Fri, 05 Aug 2005 00:52:23 -0500

Well here is some script kidddo acting funny on ajaypal.com:

Kiddo Orignating IP: 200.164.108.163 (maybe, if not a launching pad)
                              201.9.105.163 (maybe, if not a launching pad)
Attack Type: PHPBB CMD Vulnerability
From Where The Kiddo tried To Download the Crack: http://mi.verizon.net.do/carlos18/tool25.dot
Try downloading this file and renaming it to .txt and read

Some other exploits that were tried:

Kiddo Orignating IP: 200.164.108.163 (maybe)
Attack Type: xGallery Update Exploit
Script for the Kiddo: http://newton.100free.com/newcmd.gif?&cmd=id
Seems to have been removed from the server.

Kiddo Orignating IP: 200.164.108.163 (maybe)
                     201.9.105.163 (maybe)
Attack Type: My eGallery Display Catagory Exploit
Script for the Kiddo: http://pharoeste.net/x/out.gif?&cmd=id
Seems to have been removed from the server.

Get over it kid ;-(, do something usefull like patching the exploitable software.

Stargateinc.com: Strange authentication method

Tue, 25 May 2004 03:14:16 -0500

For those of you who do not know what is stargateinc.com, they are an ICANN accredited domain registrar and web hosting service provider. I have been using the services of stargateinc.com for over two years (thanks to Chirag Dhawan for that). But this time it was slightly different from the usual.
Recently I booked another domain name (thanks to CD again for that). But somehow I lost both the username and password (that is a different story altogether). What do I do now! Well I went to their (stargateinc.com) password recovery form submitted my domain name and lo and behold I was sent the new username and password by email.