Fansite Hacks

Suicune · 29-04-2014, 01:03 AM

Originally Posted by XxZammyXx

Really?!?! My cousin goes on Habbohut and she never heard it was hacked....hmm

People must be sad that they enjoy ruining other fansites...bunch of low lifes! But in the other hand the general managers at the other fansites needs to be more secure then this..come on!

Habbohut have posted a thread about it though at 9:25 am AEST yesterday.

TannerJP · 29-04-2014, 01:18 AM

Interesting how quickly the hackers hopped from one site to another! Glad Habbox was safe!

Honestly the locking rooms comment made me LOL. I remember when I was a newb and thought that would keep my precious furni safe -eye roll-.

HabboSwat · 29-04-2014, 01:40 AM

having hard time finding the hidden code that is redirecting our site.

RyRy · 29-04-2014, 02:05 AM

Ctrl+F in Notepad or whatever you use

Type redirect.

Find redirect code in files. Likely done.

If you're using Linux just use grep to search inside files

HabboSwat · 29-04-2014, 02:55 AM

Originally Posted by RyRy

Ctrl+F in Notepad or whatever you use

Type redirect.

Find redirect code in files. Likely done.

If you're using Linux just use grep to search inside files

Thanks, but this would not have helped as they used a Base69 Encryption, that made the line of code look like:

HTML Code:

header(base64_decode('TG9jYXRpb246IGh0dHA6Ly9yb2ZsLmxhbmQv'));

Had to do a lot of digging. First I found out using a site, that Swat's site was being redirected via "Header Coder" Secondly I had to accept the fact that the code could be encrypted, thus causing me to use a website to search for base69 encryptions. The first file that came up, I searched and found that code, I used a decoder to find out what it means, and find out that the line is actually "Double Encrypted" so I take a leap of faith and delete the line. Test my site, and find that it is no longer being redirected! Wott! Wott!

Chippiewill · 29-04-2014, 03:05 AM

Originally Posted by HabboSwat

Base69 Encryption

I just burst into hysterical laughter at the bastardisation of Base64 encoding.

Landon · 29-04-2014, 05:52 AM

Hacking and finding vulnerabilities definitely isn't a good thing. Shows how selfish and self-centered you are. Can't think about anyone else.

Chippiewill · 29-04-2014, 06:08 AM

Originally Posted by !Landon

Hacking and finding vulnerabilities definitely isn't a good thing.

Not true. Maliciously exploiting the vulnerabilities isn't a good thing. Finding them so they can be fixed is good.

lRhyss · 29-04-2014, 08:09 AM

Originally Posted by yeshello

yeshellothere

Mysterious hackur here: (proof - http://rofl.land/lol.txt)

You're all way off. And the majority of you suck ass.

that's all
thanks

<=3

Shot in the dark here but...

$temp = unserialize($check);
add:
$temp = json_decode($check,true);

then running:

serialize($_POST) changed to json_encode($_POST)

PHP object injection?

Pretty sure that was a problem recently, if I remember correctly @xxMATTGxx

yeshello · 29-04-2014, 08:45 AM

Originally Posted by lRhyss

Shot in the dark here but...

$temp = unserialize($check);
add:
$temp = json_decode($check,true);

then running:

serialize($_POST) changed to json_encode($_POST)

PHP object injection?

Pretty sure that was a problem recently, if I remember correctly @xxMATTGxx

PHP object injection is literally useless in vanilla vBulletin. There's no exploitable magic methods. It only becomes a danger when you couple it with poorly made plugins.

Note how one forum was IPB and one was MyBB, too.

Thread: Fansite Hacks

Thread Tools

Posting Permissions