undefined | Better HN

0 pointsuxcn10y ago0 comments

It used to be a salted MD5 hash, but it may have changed.

0 comments

I would have assumed of course that the size limits were because the passwords were being stored in plaintext in fixed-length fields, but I guess they wanted to make sure they were 'complicated' enough? I guess salted md5 is literally better than nothing.

The character limits for usernames, though... smells like a SQL injection issue. Which is an obvious and completely naive thing to assert but they're using PHP so my immediate thought is that they're passing raw userdata into the database as strings.

uxcnOP10y ago

my immediate thought is that they're passing raw userdata into the database as strings

That was my first thought too. I'd guess that it's a vulnerability somewhere in the code for handling the forums.

I would be willing to bet that they could get rid of a lot of the attack surface just by using standard services for certain things.

krapp10y ago

Probably. If they're not using PDO then that needs to be their first priority, dead stop. After that, maybe looking at their captcha script, because those sometimes have issues if they're not well designed. I don't know where theirs comes from but it doesn't seem to use much obfuscation so it's probably old. After that, Twig.

Although judging by a screenshot of the recent hack[0] posted here[1] escaping (and XSS) may not be an issue.

[0]https://i.imgur.com/pl22srz.png

[1]https://news.ycombinator.com/item?id=9990221

1 more reply

j / k navigate · click thread line to collapse

0 comments

krapp10y ago

uxcnOP10y ago

my immediate thought is that they're passing raw userdata into the database as strings

That was my first thought too. I'd guess that it's a vulnerability somewhere in the code for handling the forums.

I would be willing to bet that they could get rid of a lot of the attack surface just by using standard services for certain things.

krapp10y ago

Although judging by a screenshot of the recent hack[0] posted here[1] escaping (and XSS) may not be an issue.

[0]https://i.imgur.com/pl22srz.png

[1]https://news.ycombinator.com/item?id=9990221

1 more reply

j / k navigate · click thread line to collapse