I come in Peace

Submitted by GregHoush on Wed, 04/11/2012 - 18:51

Hi Ladies and Gentlemen from Space Ghetto, this is my first post here so I hope you will appreciate it.

Well, first of all I've got to say that I really love your community : I really enjoy to get my eyes and brain fuck each time I spend time on the Ghetto.

I would like the Sg admins not to be butthurted by the following plox : I come in peace

As I work in Netsec, I've got something that some of you will call bad habits : pressing compulsively Ctrl+U just to see what web fuck or shitz,......I also like to test some urls, you know admins sometimes forget things.... so shit can happen...

And the shit has happenned : not because none of the SG dirs are secured, and are accessible, that's not dangerous if the system is kept up to date, as it seems for SG, and because Drupal is a robust system....But a simple nice .htaccess dropped on the site root will avoid flaws and vertigo. That's the first point.

The second point is that there is a directory accessible to all, this directory is not in the Drupal structure and it's called ????? (don't expect me to give you that url).... In that directory there were two files : a php script to upload in the database and another file.

A fucking big .sql file called Spaceghetto_final.sql.... Apparently this file was stored on the server since June 2011. As you all know sql files contains all the site or server life and more than any all the users data, like email and passwords....

I'm a nice guy (think what you want), but I was nice enough to delete that file using the upload script stored on the server and how : just with adding .php?delete=spaceghetto_final.sql at the end of that script.

I'm so nice that I've even deleted it from my computer because owning data that are not mine is like keeping a smelly shit in my house.

But just to prove that I'm not bullshitting you here is a screencap with all the sensible data blurred.:

So, I just strongly encourage all the SG users to change their passwords because even if they are MD5 hashed they are reversible, and just think about the shitload of guys not as nice as I'm who poke your datas since June 2011 i will also encourage the SG admins to put .htaccess to lock their dirs.

Then that's all. No you can go get some oil if you want to burn me.

I came in peace and will let SG in peace.

Have a nice time and keep on being awesome.

GregHoush's blog
Login or register to post comments

Comments

Submitted by noseriously on Wed, 04/11/2012 - 19:05.

work in a nutsac? cool.

Submitted by koshka on Wed, 04/11/2012 - 19:09.

uh, thanks?

Submitted by bigTrue on Wed, 04/11/2012 - 19:22.

So, basically, you walked into somebodies house because the door was open and found some milk that was bad and poured it out and now you are standing on the front porch telling us how we shouldn't let our milk go bad?

Submitted by me on Wed, 04/11/2012 - 19:26.

while i agree with this statement, im also glad he found the directory. now skeez can lock the door and keep the riffraff out ;)

Submitted by bigTrue on Wed, 04/11/2012 - 19:32.

Oh, I'm not saying it's a bad thing....but a simple msg to you mods would have done the same thing. 90% of us don't care about this and don't need to know it.

Submitted by me on Wed, 04/11/2012 - 19:38.

i concur. whats done is done, oh well

Submitted by Ben Iarwain on Wed, 04/11/2012 - 20:08.

Dude, lay off. I think this is pretty good to know about and he was damn cool about it to boot.

Thanks, OP.

Submitted by xan on Wed, 04/11/2012 - 19:36.

YAY I was in the top 5

TYPES .php?UNDELETE=spaceghetto_final.sql

Submitted by me on Wed, 04/11/2012 - 19:39.

there he is

Submitted by cooter on Wed, 04/11/2012 - 20:11.

awww yeah numer 3. also: wtf does this even mean, I dont actually speak computer. I'm just here to delete child porn and beastiality.

Submitted by some asshole on Wed, 04/11/2012 - 20:30.

At first I was like "oh here we go a long introduction from a noob about nothing" but I was pleasantly surprised. thx bro

Submitted by skeezoyd on Wed, 04/11/2012 - 20:33.

Dick move, bro.

Submitted by Feckless on Wed, 04/11/2012 - 20:34.

Well, it's not actually your first post. I saw that one right before you deleted it. :P

Submitted by cooter on Wed, 04/11/2012 - 21:57.

get bent Roy

Submitted by heritage on Wed, 04/11/2012 - 22:43.

it would only be by him charging into the brick wall that he thinks is conspiring against him.

Submitted by cooter on Thu, 04/12/2012 - 06:21.

I'm pretty sure this is the signup list from the spaceghetto in like 2008 anyway. I remember the last time we had to rebuild I was bummed I was no longer like the second person to register.

Submitted by Rapewhistle on Thu, 04/12/2012 - 13:58.

so is this bullshit and we really don't have netsec counterhackers examining our code for exploits in their free time

because I can get behind that

Submitted by me on Thu, 04/12/2012 - 15:49.

ikr. i am disappoint :\

Submitted by Rapewhistle on Fri, 04/13/2012 - 01:05.

idk what ikr means

I have a jitterbug so I don't do the texting

Submitted by vulture capitalist on Fri, 04/13/2012 - 10:53.

Can you get space ghetto or the google on that thing?

Submitted by Rapewhistle on Fri, 04/13/2012 - 13:25.

oh heavens no it doesn't sport those confusing bells and whistles just extra big keypad numbers and call waiting so I can keep in touch with the kids in case of an emergency

Submitted by vulture capitalist on Fri, 04/13/2012 - 15:09.

"Ji-Ji-Ji-jitterbug oops I broke my hip"

Submitted by dw on Thu, 04/12/2012 - 00:14.

Thanks,,,,,I guess.

Submitted by vulture capitalist on Thu, 04/12/2012 - 00:51.

The tubes leaked?

Submitted by TwistedT on Thu, 04/12/2012 - 01:38.

i thought the rule was to berate anyone who starts out with 'well, uh.. this is my first post and i think this and that'

letting me down SG
letting me down