WebCrappx



  • Some of you might have heard of a CMS called WebBrix. If you haven't, then you should know that it's absolute f'kin crap.

    Live examples: prontanet.lt, itsolution.lt, ausra.nets.lt, etc.

    1. Pure JavaScript. No JavaScript = no viewing our uberkewl site.

    2. It's insecure in sooo many ways.

    Open Live HTTP Headers and you'll see a request to "file_lister.php". It shows you all the files and dirs there.

    In the file list, you can find "_xmlWriter.php" and "_xmlWriter.asp". And since it's a rare thing for both PHP and ASP to run on one server, one of the scripts works, and the other is just sent as text/plain, so you can figure out what it exactly does.

    (The /pictures/ folder is world-writable. Should I need to say more?)

    After some snooping here and there, you can find an XMLHttpRequest sent to this page:

    http://www.webbrix.net/admin/readData.asp?returnvar=functionalityPermits&dbName=./../../private/register.mdb&sqlString=SELECT * FROM clients WHERE blah = blahblah

    One more thing: noticed the _private.key and readEncrypted.php? Well, this _private.key contains^Hed the login and password for prontanet.lt (the CMS developers' site) and is included with almost every installation of WebBrix. Mmmmm, FTP.



  • @grawity said:

    Some of you might have heard of a CMS called WebBrix. If you haven't, then you should know that it's absolute f'kin crap.

    Live examples: prontanet.lt, itsolution.lt, ausra.nets.lt, etc.

    1. Pure JavaScript. No JavaScript = no viewing our uberkewl site.
    2. It's insecure in sooo many ways.

    Open Live HTTP Headers and you'll see a request to "file_lister.php". It shows you all the files and dirs there.

    In the file list, you can find "_xmlWriter.php" and "_xmlWriter.asp". And since it's a rare thing for both PHP and ASP to run on one server, one of the scripts works, and the other is just sent as text/plain, so you can figure out what it exactly does.

    (The /pictures/ folder is world-writable. Should I need to say more?)

    After some snooping here and there, you can find an XMLHttpRequest sent to this page: http://www.webbrix.net/admin/readData.asp?returnvar=functionalityPermits&dbName=./../../private/register.mdb&sqlString=SELECT * FROM clients WHERE blah = blahblah

    One more thing: noticed the _private.key and readEncrypted.php? Well, this _private.key contains^Hed the login and password for prontanet.lt (the CMS developers' site) and is included with almost every installation of WebBrix. Mmmmm, FTP.

    FTFY


  • Hey now, that's not so bad, just about 310KB for the main page. Of which 300KB is JavaScript.



  •  

    http://www.webbrix.net/admin/readData.asp?returnvar=functionalityPermits&dbName=./../../private/register.mdb&sqlString=SELECT%20*%20FROM%20clients

     

    They don't have many clients. Just do the query :)

    Shit i think i just dropped the table.



  •  Is it bad that www.webbrix.net shows me a blank page, and yet looking at the source shows me thousands of lines of javascript?

     Pwned.



  • @JamesKilton said:

     Is it bad that www.webbrix.net shows me a blank page,

    It does load a page eventually (in FF2), but only after spitting out a few hundred javascript warnings in the JS console. All of 'em warnings to not use "document.all".



  • I also like

    @prontanet.lt said:

    //document.write("<bgsound src=sounds/doorbell1.wav>");



  • Webbrix is a Content Management System ( CMS ) which allows users to create and modify website content without any programming skills or knowledge of internet technology.

    Webbrix is a users to create and modify website content without any programming skills or Content Management System ( CMS ) which allows users to create and modify website content without any programming skills or knowledge of internet technology users to create and modify website content without any programming skills or .



  • I personally get annoyed by this 'clickety-clickety' sound from the flash animation



  • @dlikhten said:

    They don't have many clients. Just do the query :)

    Shit i think i just dropped the table.

     

    But...can you restore it?  That's the real challenge! 

     

    <font face="Courier New" size="2">Microsoft JET Database Engine</font> <font face="Courier New" size="2">error '80004005'</font>

    <font face="Courier New" size="2">Query must have at least one destination field.</font>

    <font face="Courier New" size="2">/admin/readData.asp</font><font face="Courier New" size="2">, line 15</font>

     



  • @AccessGuru said:

    @dlikhten said:

    They don't have many clients. Just do the query :)

    Shit i think i just dropped the table.

     

    But...can you restore it?  That's the real challenge! 

     

    So it has been said, so it shal be done!



  • @dlikhten said:

     

    http://www.webbrix.net/admin/readData.asp?returnvar=functionalityPermits&dbName=./../../private/register.mdb&sqlString=SELECT%20*%20FROM%20clients

    They don't have many clients. Just do the query :)

    Shit i think i just dropped the table.

    It wasn't you. I think Bobby Tables just registered on their site...


Log in to reply