Server Help

[Quan Chi2]

Can you guys tell me what a VERY good vulnerability scanner is besides core impact and nessus? I already use nmap to find some openings, but I want specific vulnerabilities pertaining to sql abd php. I know there are many out there and I can just search google, but there are a lot and I want to know what is usually used, and what is really worth downloading..

[anon]

the best vunrability scanner is looking at you in the mirror.

[Quan Chi2]

That didn't make sense.

[Mine GO BOOM]

It means, almost any vulnerability dealing with PHP/SQL is usually injection type code. An example would be, with PHP, taking user input and sending it directly into a SQL statement.

Code: Show/Hide $limit = $HTTP_GET_VARS['limit']; $sql = "GET * FROM table LIMIT " . $limit;

Oops. Someone sends the string 0; DROP table; as your limit variable, and you just lost your table. Even worse is if the output of the statement is somehow directly visible by the user, because then they can use GET statements to find out information from your SQL database, such as passwords or table names, to do even more damage.

The same idea with php. If you don't sanitize user input, and you open a filename based upon their input, you could accidently open /etc/passwd and give the user ever login name on your system. Even worse would be to somehow allow the script to include/execute another script based upon user input, because if they could upload a gif file that is actually a script, and they get your program to include/execute that file, they just gained full access to your system.

How to fix this? Don't trust register_globals, as it is much better to parse all input from $HTTP_POST/GEt yourself. This would also force you to look at when you are accepting user input, so you can recognize that input needs to be in a certain form, and can halt the script early to print out errors.

Hell, read this article for php security checks.

[Cyan~Fire]

Huh? Register_globals is setting every get/post/cookie variable as a global variable, which is an unrelated security concern.
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.

[Mine GO BOOM]

[Cyan~Fire]

But turning register globals off will not fix the problem you are talking about, opening a file based on user's input. What it will fix is opening a file using a variable that's not supposed to be user input.

[Quan Chi2]

Anon, I understand what you said now. I had to think about it for a little while. I still can't beat the standard vulnerability scanner when it comes to speed, so I don't agree. lol

Anyway, good points, but can someone point out a good vulnerability scanner? lol

[Doc Flabby]

Learn how to find secuity problems first, then you will understand the value of a scanner.

Secuitry scanners are just one in a range of tool to secure a system. They are not to be used on there own, or to be relyed on. I have rarely found any use for them, A simple port-scan tends to tell me more about what i need to know to secure a system.

nessus is the best btw

[Quan Chi2]

Argh. I beg to differ! I want to find vulnerabilities in databases mainly. And Im don't think its necessary to try a million ways manually, when I have something to do it for me - and quickly!

So Nessus is the best hm?
---

BTW, port scans can only get you but so far.

[SpecShip]

You do realise quan is a dumb scriptkiddie wannabe who's just looking for ez ways to "haxor" forums, right?



REGISTER GLOBALS IS BAD!
cyan, stop being stupid and get educated: http://il2.php.net/register_globals
_________________
Replacing yazour untill the whore returns.

"I could run a ss server on my car stereo!" -Xalimar
"Liberta tuit ma ex infernis" -Event Horizon
"I know too much about nothing." - Mine GO BOOM
"Hmm anyway, back to my kingdom hearts." - Chambahs

[Quan Chi2]

Spec, wtf are you talking about? Im never said I would hack anything. Im not a script kiddie. And if I am, then so be it. All im looking for is a good vulnerability scanner.

[Smong]

You do have a reputation for asking how to hack and threatening to hack.

[BDwinsAlt]

Let me test the database for you :p
Check out http://hackthissite.org. You can complete realistic missions and ask them on their forums. It teaches you about sql vunerabilities and stuff like that.

[Cerium]

HAH!
BDwinsAlt teaching quanchi how to hack. You cant write this stuff, folks.
_________________
There are 7 user(s) ignoring me right now.

[Quan Chi2]

:/

Its like you're not even reading what I'm saying. Nvm.

If someone could delete this topic, please do. I'd appreciate it.

[Cerium]

Out of curiosity, why do you need a scanner? What possible use could you have for it?

Everyone here -- myself included -- knows you plan on using it to try to hack someone elses site, because somehow thats cool to you. But just for the hell of it, feel free to attempt to prove us all wrong.

[Quan Chi2]

Fine, I'll find vulnerabilities manually.

Vulnerability scanners aren't always used to hack systems. I could be patching up a database and need to know if I missed something..

I don't plan on hacking anyone. I plan on helping out a friend with his website, and if you know just as much as I do, then you know that its easy for someone to perform an sql injection on your website. Thats what my friend wants to prevent.

Other information on this is none of your business.

[Mine GO BOOM]

[Quan Chi2]

K, thanks

[SpecShip]

Now, if he actually had a clue he would've known how to take such vulnerabilities and turn them into exploits...thank goodness he's just a stupid kid.

Cerium, heh, good one.
Yep, can't write life, life it's is too damn funny.

[Quan Chi2]

Spec, hop off my dick, please. You're sucking me hard and I don't like it.

[newb]

Sucking what? Your non-existant dick?
_________________
Haha SpecShip

[doc flabby (at work)]

hmm

I wouldnt recommend running any kind of scanner against a server that does not belong to you. There lies the way to a court case.

People have been sucessfully procecuted for less.

[CypherJF]