|
New site? Maybe some day. 
|
|
Hell-0 all, i was hacked... I just wanted to make sure the_reverend checks his email out and fixes the holes in his site. Well, later all and stay metal! |
|
|
yeah, I'm trying to fix that... I can't believe the hole that was found.. holy shit. site's going down. |
|
|
I can't believe the holes that this person found... wow.. really.. like wow.. |
|
|
idk who it is, but they emailed me what they did. people are probably going to have to log in again later on |
|
|
I checked out his (the hacker's) site and it seems like he's a turn uber leet haxxor in the truest sense of the word. I hope to converse with him more later.
he obviously loves metal... and wasn't malicious. I really can't believe the stupid username hack he found. it was the same one used to hack winXp update validation like 4 years ago. |
|
|
the_reverend said: | it was the same one used to hack winXp update validation like 4 years ago. |
Is he the same guy? |
|
|
i really wish i understood what's going on here |
|
|
it's ok just banghead here X |
|
|
post the hack after u fix it. |
|
|
whoa that looked like it hurt.......alot |
|
|
hiiiiiyah! that's called the poker pig choke! haha |
|
|
sxealex said: | post the hack after u fix it. |
yeah, let's e-beat his/her ass |
|
|
it's 1/2 fixed. will post laterz. |
|
|
at least the dude who did it respects you and did not destroy the site and wants you fix it.
but still it was wrong. |
|
|
i dont consider this type of hacking as wrong. it just makes things more secure. it would have been a little better if the dude just contact the rev and didnt make a public post about it but whatever. he didnt intend to fuck shit up. he just wanted to point out a vulnerability. most bugs would never be found if people didnt look for them and try to exploit them. |
|
|
i'm of course referring to the internet as a whole....not just this site. |
|
|
its not wrong its just illegal |
|
|
unless he has ur permission |
|
|
I agree. he didn't do anything malicious that I know of. I can't believe the truck size hole. |
|
|
did it happen when you moved to the faster server. |
|
|
he probably posted a worm and where all gonna get it |
|
|
not, these bugs have been here forever. I will paste what he said. I think it's scary, but cool of him. |
|
|
first hack,
open a browser to http://www.returntothepit.com
put this in the addressbar.
javascript:void(document.cookie="site_user=the_reverend");
refesh the page and you are logged in as the_reverend. that doesn't happen anymore. this was a old hack for the winxp authentication. |
|
|
that is a big hole. or was. |
|
|
the other is a hell of a lot geeky. I need to try some more things before I post it. |
|
|
God bless the white hats. |
|
|
i like all the new dont hack the site warnings when you try that |
|
|
Did you fix them yet? E-mail me back and i'll tell you about a possible DoS using your own script. :p |
|
|
i could only imagine who it could be? |
|
|
Did you want me to send you an email with the new attack?
)
|
|
|
Did you mean the DoS one or the one i just did like 3 seconds ago? |
|
|
or you could just not do that... |
|
|
i'll email it to you because i don't want it to open public |
|
|
that's a pretty funny actually. |
|
|
How do you like the CSRF one i just sent you? |
|
|
I emailed back asking for an example.. |
|
|
i'm sorry, gmail must be slow, just look at my profile and click another link if you want to view an example now. YOu'll notice that after you navigate away from the profile you'll be logged out. |
|
|
Got it, sent you one back with the info on how to do it. |
|
|
ok, that's exactly what I thought when you sent the email.
you have 2 images so it only works with one of them, but that one is random so... it's a crap shoot which comes up. |
|
|
oh, I fixed it before I got your email. I saw what you were talking about. |
|
|
only you can see them when you click on "show all" to delete it. |
|
|
Yeah, there were 2, i couldn't delete one of them because evertime i would try to remove it, the other image would load and log me off, lol. |
|
|
yeah, did you click on the injection link with the cdid=99999 again? try it. |
|
|
no one seems to remember that one... too good for win 95's ip stack I guess.
my friend freaked out when I sent him that last night.
now he's trying injection on a bunch of conservative sites. |
|
|
years and years ago (like 2002/3) I made my own pear/mysqli/pdo set of classes, but I didn't account for mysql injection. I recently made a bug tracking system and I'm working some of the perl db safe guards back now that I see the vulnerability. |
|
|
Btw man, the CSRF still works. |
|
|
I'll make another thread entitled "Don't Click or you will log out" and put the CSRF example in there. Anyone logged in that reads the forum shall theoretically get logged out and you won't realise it until you navigate away from the page/refresh/etc.. Also, i can send you an email on how to defend against such a thing, if you want. |
|
|
don't do that. I know about that already. I realized it on the way to a show last night. |
|
|
yea but why is the password in the current cookie then? |
|
|
hey reverend, if you want, put the sessid as a variable after logout, so logout=1&sess=x, then if the session doesn't match it won't log you out. This is how most people are defending against this. |
 
| [default homepage]
|
[print][ | 5:47:42am Apr 20,2024
load time 0.05120 secs/12 queries] | [search] | [refresh page] |
|
