Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is your GetSimple installation hackable?
#1
This is a big question these days. Version 1.71 fixed parts of the problem, but disabled uploading. So many of us have been setting out to edit different core files and try to fix the problems ourselves.

Today I was a little bored and search out some different vulnerabilities. I made a file able to run everything automatically by just giving it the address to a GetSimple based website.

Check out this video to see me run the hack on a 1.71 and a 1.7 installation.

This script uses 2 different vulnerabilities, of which only 1 has been fixed by version 1.71. Therefore I’m not going to share the source (yet). Please be patient while we try to get everything sorted in version 2.

If you want to be sure about your installation, just give me the link to your website and I’ll hit the button. All results will be shared through the forums private messages function so others won’t know whether you are vulnerable. I might be turning this script into a small website so you can do the check yourself, but no promises.

Edit:
Someone noted the text I was writing wasn’t too readable;

“This is my website.
Zegnåt.
Running on an editted [sic] version of GetSimple 1.71”

“This is Hacking GetSimple.
A clean installation of GetSimple version 1.7.”
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply


Messages In This Thread
Is your GetSimple installation hackable? - by Zegnåt - 2009-12-31, 00:21:41



Users browsing this thread: 1 Guest(s)