tayyar.org hack

Padre · 2007-01-25T23:40:21+00:00

around 8pm tayyar.org got defaced for some time and then it was all chaos, between defaced and not so normal site. now it's back up and running here are some...

samer

Sure Padre :)

Notice the ad for sleep comfort? i'd say the attacker injected the new page using an sql injection vulnerability..

or, another scenario, a little bit more complicated:

attacker knowns the webmaster is using a known cms, he discovered a cross site scripting vuln, sent him a poisoned URI that automagically replaces the homepage's content with his. But as I said, it's a bit more complex and requires knowledge of the underlying system tayyar is using. So I doubt someone took the time to do it for something IMHO, a bit stupid (since a defacement brings nothing of value).

samer

here's the server config:

Apache/1.3.37 (Unix)
mod_auth_passthrough/1.8
mod_log_bytes/1.2
mod_bwlimited/1.4
PHP/4.4.4
FrontPage/5.0.2.2635.SR1.2
mod_ssl/2.8.28
OpenSSL/0.9.7a

openSSL seems outdated, but it seems most of the vulns are for DoS/Crashing purposes.
I didn't check the other stuff, maybe later..

btw, the guy that is hosting their web site is on my MSN contact list, i'll try to contact him for further investigation :)

Padre

yeah please do :)
as for their CMS, they built it. i dont think they are using any premaid cms as i can't see any know CMS signature in the code, but maybe im wrong.
as for the injection, it is possible. well i guess the most plausible. but from what i checked, it's kinda hard to inject smth into their code. duno, but maybe it's just me.

mezin

you can also tell from the picture that he had a headache and that he was abused as a child

but one thing puzzles me though... where did he hide his pointer ? i'm tempted to consider top right ... what do you guys think ?

Padre

pointer ? what pointer ?

Padre

btw, i just noticed the admin edit u've added samer. lol, and thanks :)

samer

He means the mouse pointer :P

btw, i just noticed the admin edit u've added samer. lol, and thanks :)

just wanted the community to be on the safe side :)

mir

Due to massive attacks starting this morning on tayyar.org, we were unable to keep the website updated. We apologize for the inconvenience.
Please check this link if you cannot reach tayyar.org anymore: http://us.tayyar.org/

Tayyar.org under attack again and continusly
anyone has idea about who..or more details

rolf

mir wroteTayyar.org under attack again and continusly
anyone has idea about who..

The 14th of march coalition :D

battikh

it is said that joumblat and ja3ja3 have been l33t h@x0rs since a long time. and now that they merged their zombinets they can DoS any site they want.
it is also said that saad wants to join them and play with them, but they don't want to give him access to the zombinet as they consider him as a script kiddie.

mir

the hizbullah Guerillaz will strike back :D
Hizbullah, as i heard.. have ppl specialising in this field to carry attack

Padre

yup :)
HA have pretty decent hackers. i dont know about the others tho, but im sure they got pretty decent one too

rofl @ battikh ....

mir

well. now the question is on what side is Padre :P
and u fellow geeks
if a deface war would happen between political parties.. (that would be so s****) would u take sides and participate ?

samer

defacement wars are lame :)

Padre

defacing war is lame ... but id deface anyway, if it's to make my message heard ;)

samer

note the nuance, I didn't say defacements are lame :) I said defacements wars are lame.

if it's to make my message heard

Well, good point. But your message would be less annoying/more appealing if you would own one highly-targeted web site with big exposure rather than mass-root phpBB forums and feel good about it...

Padre

Well, good point. But your message would be less annoying/more appealing if you would own one highly-targeted web site with big exposure rather than mass-root phpBB forums and feel good about it...

that's exactly what i've been doing ;)

samer

I can only see one on Zone-h (surete generale)

Padre

zone-h only mirrors those that someone submits.
and it dosent meen i sign them all with "Padre" ;)

« Previous Page