Figured I’d talk about something that recently happened or what happened tonight anyway.
So I was doing my thing being a dumb ape when all of a sudden I get two new friends requests on Jabber.
Knowing me I instantly add them because I’m a faggot with no friends, and then what follows is a guy by the name of Respire starts messaging me hostile as could be for no apparent reason.
He then goes onto explain that he’s doxing me, and he’s going to fuck me up if I don’t let him take over Vv3.
Anyway, this is all irrelevant as he later went onto explain about how he was going to root my server from which case I laughed hard because I’ve heard this at least 20 times.
From which case I ask, how?
He responds an LFI.
(Side note: I do think he was just joking around, and I didn’t take him seriously.)
Which actually got me to thinking is there the possibility an LFI even exists on my server?
I thought it was unlikely that an LFI did exist, but as I thought about it I realized the WelfareIM my original site had previously been text document to convert it I integrated SQL but didn’t want to import all of the files so decided to keep it text based where it just reads text documents.
So obviously that opens up the capability that somebody could actually LFI my server.
So I quickly open up FTP access my WelfareIM files and go straight into the /dox folder continue to edit my index.php file.
Obviously what comes next? I find that I have very few security checks in place to prevent an LFI.
Then, I quickly remove the $_GET in PHP and save.
Next, I notice how stupid I made it, it would have literally read any .txt document as long as they would be able to get the correct path in the name field.
They also would not have been able to leave the directory of that specific account I make every single website I host an individual account that is stuck inside of its own allocated space.
So I quickly implemented a solution to just verify the input of the name field to check the validity of it in the database obviously preventing SQL injection through a basic real_escapse_string as well as no error logs, just in case.
My next thought was to dig through the raw access_logs of my welfare.im server and see just how much had been accessed if any data was compromised from the attack.
Surely enough there were many attempts over the past month to exploit this certain file, not quite sure what made them think this file is vulnerable since it gives no signs that it is, but they were.
I double checked and made sure that no data was accessed whatsoever, and fortunately there were no successful attempts made.
Also, for some odd reason some ape was trying to RFI it not quite sure how they think that’ll work, but more luck to them.
So to finish up what I was saying fellow primates, all apes are vulnerable because we eat bananas.
Obviously I changed all my passwords on the server even ones with disabled logins aka root.
Moral of the story is really cut down the amount of bananas you eat, it could leave you hacked.
tl;dr: I’m a dumb primate and I probably could have been expozed like an access log or some shit; I don’t know what they’d get their paws on as .txt with very limited access.