KUSABA VULNERABILITY (72)

1 Name: serv : 2008-10-09 20:42 ID:p0Jgjy3k [Del]

A SERIOUS SECURITY VULNERBILITY HAS BEED DISCOVERED AND HAS BEEN USED TO CRIPPLE 711CHAN, 99CHAN, ASSCHAN, AMONG OTHERS.

ALLOWS REMOTE LINUX COMMAND EXECUTION

http://pastebin.com/m13fd6ab0

DELETE OR RENAME AFFECTED FILES IMMEDIATELY!!!!!!!!

2 Name: anon1451 : 2008-10-09 20:44 ID:vv8b7m1A [Del]

FFFFFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUUUUUUU-

3 Name: serv : 2008-10-09 20:52 ID:p0Jgjy3k [Del]

4 Name: Anonymous : 2008-10-09 22:14 ID:Heaven [Del]

that is too funny.

5 Name: Eleo!EhVtXXdTd6 : 2008-10-09 23:06 ID:3aJNMgFW [Del]

That's awesome.

6 Name: Anonymous : 2008-10-10 07:24 ID:Heaven [Del]

Best thing to happen to the *chan scene in years.

It's about time all the shitty *chans get wiped out.

Good luck trying to patch it up, Serv.

7 Name: Anonymous : 2008-10-10 07:25 ID:Heaven [Del]

8 Name: serv : 2008-10-10 07:54 ID:HLRGG9o+ [Del]

good luck trying to take me out.

I did what a good admin would do.

I shut the all my image boards off from the public then disabled the affected files.

9 Name: serv : 2008-10-10 08:05 ID:HLRGG9o+ [Del]

Also I agree that the shitty *chans need to be wiped out. They are overcrowding the imageboard market.

As I see it, the age of all encompassing *chans has ended.
It is now the age of niche *chans.

also new exploit: http://www.milw0rm.com/exploits/6711

10 Name: Anonymous : 2008-10-10 08:17 ID:Heaven [Del]

>>9
Serv says:

>Also I agree that the shitty *chans need to be wiped out. They are overcrowding the imageboard market.

Let me pinpoint that for you all

>the shitty *chans need to be wiped out.

11 Name: Anonymous : 2008-10-10 10:10 ID:2V4VzLqA [Del]

FINALLY!

Awesome news.

Please, no one release patches for this. I know Trevor won't.

Why am I not surprised to see januszeal's name on that log? That faggot's name is attached to every single "i am a *chan h4x0r lulz" activity.

12 Name: Anonymous : 2008-10-10 10:22 ID:PJ6QT3L/ [Del]

So, the question is why are the ones who are on the list, well, on the list?

A large number of them are ones that are never visited anyway, so I don't see why they got attacked when it effectively does nothing to them.

It's frankly nice to see img.pushthenet.com go down the shithole, but I'm not entirely sure why he bothered with some of the other ones.

So, the load_receiver.php exploit has a fix, but it's not looking like paint.php does. Anyone care to humor me?

13 Name: Anonymous : 2008-10-10 10:25 ID:Heaven [Del]

>>12
Some people have figured out a fix already (on both of them), but to protect the world from moar shitty *chans the code is super top sekrat.

14 Name: Anonymous : 2008-10-10 10:31 ID:PJ6QT3L/ [Del]

>>13

That's kinda unfair on the genuinely good chans running kusaba (lol, I'm struggling not to laugh)

Sites like paintchan are genuinely pretty nice, so I'm hoping somehow they'll at least hear about this fix.

>>11
lol, was going to say the same thing myself.

ALSO, SRSLY.

WHY DIDN'T THAT SKIDDIE TAKE DOWN THE BOARD FULL OF FURRIES.

15 Name: Anonymous : 2008-10-10 10:37 ID:Heaven [Del]

Why the fuck hasn't anyone used this to down PushTheNet?

16 Name: Anonymous : 2008-10-10 10:41 ID:PJ6QT3L/ [Del]

>>15

It's on the list, but apparently the skiddie who found the exploit has decided pushthenet isn't worth his time. Probably true tbh :P

17 Name: Anonymous : 2008-10-10 11:35 ID:Heaven [Del]

>>16
No, I mean, he hacked into them but he didn't do anything malicious.

Here's mod logs from http://tehsausage.com/paste/img-pushthenet

(read backwards)

Time User Action
08/10/08(Wed)18:01 WHY DO YOU HATE ME Logged in
08/10/08(Wed)18:00 Added staff member - Administrator: WHY DO YOU HATE ME
08/10/08(Wed)12:20 Tahko Ran cleanup
08/10/08(Wed)12:18 Tahko Logged in
08/10/08(Wed)12:04 Tahko Deleted post #11368 - /nm/
08/10/08(Wed)11:43 Tahko Modposted #11366 in /nm/ with flags: S.
08/10/08(Wed)11:38 Tahko Unstickied thread #11325 - /nm/
08/10/08(Wed)11:37 Tahko Logged in
08/10/08(Wed)09:28 Tahko Logged in
08/10/08(Wed)09:18 rommel Deleted post #11364 - /nm/
08/10/08(Wed)09:16 rommel Deleted staff member: asdf
08/10/08(Wed)09:16 rommel Added staff member - Administrator: asdf
08/10/08(Wed)09:16 Tahko Deleted staff member: Sausage
08/10/08(Wed)09:15 Tahko Logged in
08/10/08(Wed)09:08 rommel Logged in
08/10/08(Wed)08:27 Sausage Modposted #11364 in /nm/ with flags: DN.
08/10/08(Wed)08:20 Sausage Viewed disk space used
08/10/08(Wed)08:19 Sausage Logged in
08/10/08(Wed)08:18 Added staff member - Administrator: Sausage

18 Name: Anonymous : 2008-10-10 15:55 ID:vuPgLzji [Del]

Serissas site was taken down with it. lol. That's what they get for not knowing how to code.

19 Name: oh : 2008-10-10 18:20 ID:CrzzQsZy [Del]

>>18
Another ignorant moron who doesn't know what he's talking about. The vulnerability was discovered in kusaba 1.0.4 due to a bug in tee's code. It had nothing to do with Serissa. I've taken the site down to patch the security issues.

20 Name: Anonymous : 2008-10-10 18:51 ID:XKTuYgT8 [Del]

>>19
If you had any shred of decency left, you would just keep Serissa's site down.

Let Trevorchan die, please.

21 Name: Sausage : 2008-10-10 19:04 ID:ewqvODKS [Del]

Osrry. All those random sites were just me checking what % might be affected, and boredom.

(numbers are the order checked, giving the first about 50%)

22 Name: Anonymous : 2008-10-11 02:19 ID:Heaven [Del]

>>21
Why not take Img.Pushthenet.com down for good?

The internet would be a much better place.

23 Name: Anonymous : 2008-10-11 08:23 ID:PJ6QT3L/ [Del]

>>22

Looks like he made good on our wishes

http://img.pushthenet.com/

24 Name: Anonymous : 2008-10-11 08:32 ID:Heaven [Del]

>>23
Awesome

25 Name: Anonymous : 2008-10-11 08:36 ID:Heaven [Del]

>>23
Can still access the boards at
http://img.pushthenet.com/nm/

26 Name: Anonymous : 2008-10-11 12:15 ID:PJ6QT3L/ [Del]

>>25

Just had to spoil the moment, didn't you. Prick.

27 Name: Hitler!Jews.8snwU : 2008-10-11 12:27 ID:QCB5YaiK [Del]

Kusaba X just released a patch that fixes the security vulnerabilities in Kusaba, this patch will not require you to convert to Kusaba X but will just add onto the Kusaba files.

It seems that both Serissas and PushTheNets "fix" for the exploits are both the exact same, and both still seem to be vulnerable.

The files are at http://kusabax.org

28 Name: Anonymous : 2008-10-11 12:29 ID:vuPgLzji [Del]

>>25
Why would you want to though?

29 Name: Sausage : 2008-10-11 17:38 ID:XBx6F1+0 [Del]

Shame I can't force someone to not fix their websites :(

30 Name: Sausage : 2008-10-11 17:40 ID:XBx6F1+0 [Del]

Also, I'm surprised everyone has these 10,000 line fixes to paint_save.php, when all it requires is one cast.

31 Name: Anonymous : 2008-10-11 18:55 ID:vuPgLzji [Del]

>>30
The file would still be uploaded though.

32 Name: oh : 2008-10-11 19:12 ID:CrzzQsZy [Del]

>>27
You basically took the fix from Serissa 1.0.4 and added some other unnecessary crap. Nice job.

33 Name: Anonymous : 2008-10-11 19:15 ID:vuPgLzji [Del]

>>32
And you either took the fix from Tahko, or vice versa.

34 Name: Harrison!cocKS/hVJM : 2008-10-11 20:02 ID:vuPgLzji [Del]

>>30
D'oh, you're right. Just fixed the Kusaba X patch with this new way of doing it.

35 Post deleted by user.

36 Name: Sausage : 2008-10-11 20:13 ID:XBx6F1+0 [Del]

>>31
Yes, but the entire point of that script is to upload files.

The real correct way would be to store the filenames outside of the reach of users, I think you can overwrite other people's animations still with all of the current fixes, and have some temporary image hosting through "image.jpg"

Not that anyone cares but I'm writing my own PHP based imageboard now. :3

37 Name: Harrison!cocKS/hVJM : 2008-10-11 20:17 ID:Ma0bN2U9 [Del]

>>36
The thing about it is that folder shouldn't have anything in it for a long period of time anyways. Unless the person is typing out an essay, that folder shouldn't have crap in it for really more than 5 minutes at the most, and that's giving them leeway.

38 Name: Harrison!cocKS/hVJM : 2008-10-11 20:18 ID:8sGKvZT4 [Del]

>>36
Also, inb4 PHP BAWWWWWWWWWW shitstorm.

39 Name: Sausage : 2008-10-11 20:22 ID:cRDNTDqB [Del]

Well I've combed through Kusaba enough times now to say it's probably safe if you remove the entire oekaki and load balancing system.

>>38
Heh, no matter what anyone says, PHP is too popular among things like free hosts to not use. (which is probably another reason people would cry)

40 Name: Harrison!cocKS/hVJM : 2008-10-11 20:27 ID:8sGKvZT4 [Del]

>>39
While that would be a good idea on the security side, it would be a bit of a drawback to everyone who actually uses Oekaki.

Load balancer seems like it was a bit of a joke though.

41 Name: Makoto!!QPpGvuVX : 2008-10-11 20:59 ID:Heaven [Del]

>>39

PHP is also insecure from it's core functions because its dev team shuns proper security practices.

Anyways, anybody running a serious imageboard off a free host has yet to learn the horrors of bandwidth and CPU load restrictions. Even so, there are a lot of free hosts with perl installed on the machines in their datacenter, even some running python, making the whole "well some people have to use PHP" argument void.

I really implore you not to continue this project, but if you decide you're going to, just don't add stickies. We don't need another kusaba clone on the net.

42 Name: Harrison!cocKS/hVJM : 2008-10-11 21:40 ID:5NAsiEEi [Del]

>>41
Not to be an ass, but really, you all say 'the dev team shuns proper security practices.' Where is your source of that? Kusaba had been out for over 2 years, and Sausage's exploit has been the first (that was publicly released).

43 Name: Anonymous : 2008-10-12 01:02 ID:Heaven [Del]

44 Name: Makoto!!QPpGvuVX : 2008-10-12 02:22 ID:Heaven [Del]

>>42

Sausage's wasn't the first to be publicly released, though. There were a few exploits that were found and released before the 1.00 release, but they didn't really have that big an impact and were all patched by Trevor.

Don't get me wrong, I don't completely hate PHP. It was, in fact, the first programming language that I learned, but it is certainly not my most preferred language to work with.

Let me get one thing straight though. I'm sick and tired of every single person on the planet who's made any sort of modification to the kusaba source at all releasing it as a "continuation of" or as completely new software "based off kusaba." Yeah, we get it. Instead of plain text, your stylesheet switcher is a dropdown menu! Holy crap how did you learn such mad skills?

To serv, the primary coder(s) of serissa, Tahko, whoever's coding Kusaba X, and anybody else working on shitty forks (it's kind of sad how long that list extends), shut up. You're doing a disservice to the entire community by continuing a failed project that played in the creation of >9000 imageboards nobody will ever use, ever, and your bitching about who stole what patch for Sausage's load balancer and oekaki module exploits is funny, yet annoying as all hell at the same time.

tl;dr: do the impossible see the invisible row row fight the powah

45 Name: Anonymous : 2008-10-12 02:35 ID:OU45w4EV [Del]

hay guys, here is some juicy gossip - i found the load receiver thing a few months ago - i informed a few admins about it and then reported it to trevor, whereby many lulz where had:

>Very nice work. Also, plus points for using Python. I'm planning on replacing kusaba with my own Python project I'm working on, you can take a look at http://code.google.com/p/pyib-standalone/
>I'm thinking about writing a PHP version of your Python code, and then sending the PHP version in Python's 64'd code. Sort of a "proxy' if you will. Then the remote site will be exploiting other remote sites, and if you set it up properly you could make it a star network of the chans executing malicious code on each other. As soon as they look up the logs they would start calling each other out on operating it. This would cause epic confusion.
>Something which comes to mind for being malicious would be to have it try and download a large file as many times as it can under new file names, causing tons of bandwidth usage and filling up the hard drive at the same time. Do you have any ideas?

sorry tj9991 D:

46 Name: Makoto!!QPpGvuVX : 2008-10-12 02:39 ID:Heaven [Del]

Did he tell you to DELETE OR RENAME AFFECTED FILES IMMEDIATELY!!!!!!!!?

47 Name: Anonymous : 2008-10-12 02:53 ID:OU45w4EV [Del]

do you EVER STOP WHINING!!!!?

48 Name: Makoto!!QPpGvuVX : 2008-10-12 03:04 ID:Heaven [Del]

>>47

I'm just keeping it real.

49 Name: Anonymous : 2008-10-14 13:20 ID:PJ6QT3L/ [Del]

Lol, Tahko thinks that it was /soc/ that hacked his shitty board.

http://img.pushthenet.com/nm/res/11419.html#i11447

50 Post deleted by user.

51 Name: saged : 2008-10-14 18:36 ID:Heaven [Del]

>>49
He probably wasn't even hacked, he's probably just attention whoring, and you're buying right into it.

52 Name: Anonymous : 2008-10-14 21:43 ID:d+CHv7H9 [Del]

I got in thru vulns and just fucked stuff up for about an hour.

53 Name: Tahko : 2008-10-15 15:24 ID:bthlZjl+ [Del]

62.141.52.224 is the IP of the person that was using the exploit on IMG and Konatachan.

IMG has patched but Konatachan didn't and they are working on it.

Please ban this IP and don't let him see the board. At least it shows that you guys were not partially involved.

Thank You.

54 Name: Anonymous : 2008-10-15 15:39 ID:Heaven [Del]

>>53
What are you talking about?

55 Name: Anonymous : 2008-10-15 15:39 ID:Heaven [Del]

>>53
What are you talking about?

56 Name: Anonymous : 2008-10-15 18:17 ID:Heaven [Del]

>>53
Why ban them, they have a worthy cause.

57 Name: Anonymous : 2008-10-15 19:58 ID:Heaven [Del]

>>55
he thinks we're some sort of secret cabal and that we hacked his shitty site. the fact that just about everyone who has anything to do with imageboards, including trevor, knows that kusaba is shit couldn't have anything to do with it. i say we should encourage him in his crazy conspiracy theories, it might be somewhat amusing.

58 Post deleted by user.

59 Post deleted by moderator.

60 Name: Anonymous : 2008-10-16 08:15 ID:Heaven [Del]

>>59
no u.

61 Name: !WAHa.06x36 : 2008-10-19 13:38 ID:Heaven [Del]

That IP has never posted on this board.

Of course, we would say that, wouldn't we?

62 Name: ekvin : 2008-10-21 13:12 ID:GgzRmVg8 [Del]

>>57 There is no cabal, right?

63 Name: Anonymous : 2008-10-21 14:17 ID:iaCmM02y [Del]

Kusaba is shit anyway, hope all KusaTravor sites bite the big weeny.

64 Name: Anonymous : 2008-10-22 06:46 ID:Heaven [Del]

>>53 Very very very likely not their real IP, probaly 7th one in the chain. My Poirot-genes tell me so. Also why make a confusing name like IMG when it's standard on imageboards. Please don't tell me you just took it from that without really thinking anything at the time.

65 Name: Piyoko!Hy2U2pAndA : 2008-10-22 23:40 ID:Heaven [Del]

They did it for bandwagoning weenysuckery.

66 Name: heh man!fi.Jek4HW6!!CLcXMLmO : 2008-11-12 19:53 ID:yPiTEn9M [Del]

>>63

THOSE WORDS ARE BLASPHEMY

67 Name: Anonymous : 2008-11-12 19:58 ID:Heaven [Del]

>>66
did you really need to bump the thread for that?

68 Name: Anonymous : 2008-11-12 20:06 ID:Heaven [Del]

>>66
Too bad it's true.

69 Name: heh man!fi.Jek4HW6!!CLcXMLmO : 2008-12-31 18:47 ID:Heaven [Del]

>>68
no u

70 Name: Anonymous : 2009-01-02 11:08 ID:Heaven [Del]

http://kusabax.org/dev/ SECURITY EXPERTS!

71 Name: Louis Vuitton Outlet : 2012-08-03 05:49 ID:yTfWgGGX [Del]

72 Name: Bottega Veneta Clutch : 2012-08-20 01:42 ID:EBT8vPJw [Del]

Name: Link:
Leave these fields empty (spam trap):
More options...
Verification: