Hey guys,
Just spend about 10 mins poking around BMR and Sheep to see what I could find.
Both of them leak info through their headers and HTML source. Sheep
is running on Apache 2.2.22, using Ubuntu (see the headers on any page,
the gallery forums and website are running off the same server and based
on the sessid are part of the same application), with an X-Powered-By
value of "Nette Framework", an open source PHP framework. Also they're
setting a server side session ID (y no encrypted client side?!?!) for
this framework. Unfortunately the framework seems to be resilient to
the basic skiddie traditional attacks that I tried, but if I were a fed
seriously looking for a vulnerability I know where I'd start. (cough Nette Framework Github).
BMR leaks less, but you can tell both the site and forums are running
PHP. I'm not sure if it's the same server, but the timestamps are
synchronized to within .5 seconds if it's not, which is possible but
hints at them being on the same or a similarly configured box. You can
also tell that at the very least the forums are running off PHP package
5.3.10-1ubuntu3.8 (attack vector!) and the forums are using the PunBB
software (attack vector!).
Something to ponder when sending in your bitcoins, eh?
[–][deleted] (3 children)
[deleted]
[–]imakechili[S] 9 points10 points11 points (2 children)
[–][deleted] (1 child)
[deleted]
[–]imakechili[S] 2 points3 points4 points (0 children)
[–]throwawaysilky 5 points6 points7 points (1 child)
[–]jahwolf 2 points3 points4 points (0 children)
[–]Fakje 1 point2 points3 points (0 children)
[–][deleted] 1 point2 points3 points (1 child)
[–]imakechili[S] 1 point2 points3 points (0 children)
[–][deleted] -3 points-2 points-1 points (6 children)
[–]AStringOfWords 11 points12 points13 points (2 children)
[–][deleted] 6 points7 points8 points (1 child)
[–]TrevorWormsley 1 point2 points3 points (0 children)
[–]Jhoppa 5 points6 points7 points (0 children)
[–]TorXic 1 point2 points3 points (1 child)
[–]smurfix 2 points3 points4 points (0 children)
reddit gold
In Summation
Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.
Please select a payment method.
Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.
Would you like to learn more about giving gold?
reddit gold
In Summation
Want to say thanks to %(recipient)s for this submission? Give them a month of reddit gold.
Please select a payment method.
Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.
Would you like to learn more about giving gold?