|
GFY Code Exploitable
Heres the code they need to patch
<center><font color="lime">Faulty Code<br><textarea name="fudge" rows=6 cols=60></textarea> I have already emailed the code to lensman previously , but the programmers must be on holiday :) |
LENSMAN READ THIS THREAD NOW !!!
|
:helpme
|
Sometimes I think you are too smart. :-x
|
and what is exactly wrong with that code.
|
Quote:
Basically in a nutshell it allows anyone to do anything they want with the server. |
what WAS the code?
|
Quote:
|
Quote:
|
Quote:
|
bump not fixed
|
Quote:
jav-as-cript on a visitors browser being able to do anything to any server. Have the script silently email you my password and I'll be impressed. -Ben |
|
wow that is a pure spam...
|
Quote:
|
So you can access MS Outlook from Jav-as-cript in the internet zone?
Gotta remember this is client code and not server code. -Ben |
Cool looking sig :glugglug
|
:thumbsup
|
http://www2.essex.ac.uk/ussc/images/smokey.jpg
Hey Smokey, you didn't have anything to do with the blue screen of death exploit posted in the MasterBlogger's thread last night did you? |
Quote:
Also, that code doesn't allow anyone to do anything to the server. Quit spewing out crap for the guliable. Do what mryellow said and then I'll be both impressed and think there is a big problem. |
whats wrong smokey, not enough attention lately....
so long..... why do you persist in being such a fuckhead? |
Its much easier than that. With that code you change the account information ( email ) by simply using the option form , then you reset the password, and your in :)
You people always try to overthink things. :) Try using that noggin next time before you flap gums. |
You want attention... PERIOD.
Your using a marquee onstart (again) wich is the actual exploit and not this little show your putting on. Woo I can look at my OWN COOKIE!!! WHAT AN EXPLOIT! the exploit is the use of java. keep dancing fruitcake... |
Quote:
The code was placed so it wouldnt be quoted by every fucking moron who walks by dipshit. The cookie was placed there to show ONE PARTICULAR piece of code that was vulnerable. The mods would take one look at it and know what it is moron. Just because most morons cant figure it out doesnt mean everyone is a moron ( what a concept ) Did you want me to shutdown GFY to show code ? Grow up grab a life and start using your brain. |
Your little show has nothing to do with the exploit.
Grab a brain... AND KEEP DANCING. Quote:
|
Smokey you are the one that needs to grow up, and start using your brain....
how long do you think lensmans patience is gonna last with you and this bullshit? he will eventually grow tired of you, and or of everyone complaining about you then what are you gonna do? do you really think you can hold this company hostage like that forever? use a different method to get your attention man.... you could actually have respect from people .... what is the point of all your madness? wise up man while you still have a chance! |
Quote:
|
Grow up Jokegrow , you dont even know html yet , i dont think your in any position to speak
|
Incase you forgot to read the first post , the code was sent to lensman days ago, this thread was just a reminder to get a move on :)
|
If your going to make some dumb ass moronic post , dont bother , i dont care - This is for the mods to take care of
funny dickweed, but my joke grow gets far more positive attention, than your exploits on the exploits..... I sure can't wait til lensman has given you enough rope to hang yourself with the authorities... I had hoped you would turn around for the good.... but it appears not.... :321GFY |
When you have learned how to post a picture or grow even half decent pot, then maybe i might listen to something you say, until then you can sit and pout in the corner with jc
|
Quote:
There is nothing to fix. |
If your going to make some dumb ass moronic post , dont bother , i dont care - This is for the mods to take care of
-------------------------------------------------------------------------- nice code :-) |
You can *not* email my password.
You can *not* chage my email in options. You *are* wrong. We are *not* that stupid. You *are* that stupid. I bet you were fooled by the I-F-R-A-M-E "The world can see your harddrive pages". -Ben |
Quote:
ITS AN EXAMPLE YOU FUCKING DIPSHIT !!!! |
Quote:
You must be from the same breeding stock of icemoron.. Got html ? know how to read it ? |
I have a real strong feeling that you didn't even figure this out
but instead were shown it by someone else. If you created this yourself then you'd actually understand the code and know it's real limitations. You stated you can do anything to the server. That's not true. You stated you can email passwords. That's not true. You stated you can post to the options form on another page. That's not true. You stated you could shutdown GFY. That's not true. You said "You people always try to overthink things. " I think you should stop under-thinking. You said "The mods would take one look at it and know what it is moron." Yes they will.... nothing but a troll joke. -Ben |
The fact that you guys are on a "webmaster" board and cant understand simple html yet is PATHETIC.
Its quite amusing that with the proof right before your eyes, you still choose to hug each others nuts and flap gums.. The code was sent to lensman over a week ago with detailed instruction on what could be done with it.. Better try another approach son , you aint even hit the nail yet :1orglaugh |
Try reading the thread you might learn something mryellow. :1orglaugh
Limitations to document write ?? are there any hahaha Cant send a form ?? hahahha Cant reset a password ? hahahha Ok since obviously you dont know html very well i will explain for you in detail ( babysitting oh well ) Recreate the options html form in a post mark all the fields as hidden, (insert your own info here ) make the form button attach to the reply button, then whenever someone tries to reply to the post it resets the email options , then all you have to do is reset the password, or as a backup, add a document write string with the gfy cookie attached to an off site url that records the string . Need any clarification ?? as i said before if lensman wants a demo i can make one :) i have tried it out on the same version of vbulletin . |
Yes you can get around the jav-as-cript blocker.
However. This doesn't mean you can do what you are saying. Client code running in a browser does not affect the server in any way shape or form. You can not take down GFY using some jav- as-script. I'm not aware of any way to silently send email from VB-Script let alone jav-as-cript as you have claimed. It's maybe possible that you could create a browser object in VB- Script and use this to post to the options form. However I doubt you have the knowledge to make that happen. I also doubt it would be effective. -Ben |
Blah blah blah , in other words your wrong and can't admit it, either that or you dont know html very well.
Go look up how many threads are named I Love Smokey |
Ok now you're actually starting to communicate rather than make
ridiculous statements relating to completely different methods of doing something like this. Now it actually sounds like you understand the code. Before you sounded silly because you were saying the code could do things, which it certainly can not. What you are describing doesn't allow you to do "anything they want with the server". It does not give you a way to shutdown the server. Sure you could make a mess but it wouldn't hurt much and wouldn't take down anything. Quote:
above to do a form submit. If you decided to include a form button you'd have little hope of "attaching" it to the reply button. Instead you'd want to use one of the events that would be fired as a user navigates. From the example given I'm guessing everything has to be contained in the Poll section, as I'm sure the post section would strip any form tags. The poll section would also need to not have limits on length. Lets sets see..... http://www.gofuckyourself.com/showth...hreadid=249969 gee what do u know...... form is a banned word even in the polls and there is a character limit. -Ben |
There is another way to do it....
However once again it's nothing like what you've described. -Ben |
Again this shows your complete lack of understaning how html works.. I can get around ANY BANNED WORD..
Dont believe me, Want proof ? tell me any html command and i will show you :) Think that injecting code into your posts cant affect the gfy server ?? smoking crack again ?? |
If your going to make some dumb ass moronic post , dont bother , i dont care - This is for the mods to take care of
If this was so important GFY would already be down |
[QUOTE]You sir are a complete moron who doesnt know html yet. go back to sleep.
ITS AN EXAMPLE YOU FUCKING DIPSHIT !!!!QUOTE] So show the code that you would use to do this big thing of being able to change other peoples passwords and such. I gotta see this code that you have. I'm pretty sure Lensman and others would believe what you have to say if you showed the code that would do all this damage your talking about. You haven't shown shit, so nobody believes what you say is true. All you can do is spew out crap and nonsense. Prove to me what can be done and stop being a drama queen. |
You would think so , but i suppose there isnt that many people who dont like gfy .
Why would anyone want to shut down gfy ?? other than maybe a few board owners. The code is very important.. Anyone with half a brain and even a halfway decent understanding of html can think about it for about 10 seconds and understand what it could do.. There are already a few people using the code to hit pages ( slowing down gfy ) If i was an asshole i would just use the flaw for profit instead of letting gfy know about it. |
If lensman gives me permission i will show it, other than that you can wait.
Would it be a good idea to show every moron how to take down boards left and right . NO !!! I will give you hints so anyone who KNOWS HTML can figure it out without actually showing how.. Hint #1 "SPACES" Hint #2 " DOCUMENT WRITE " Hint #3 "+" |
First of all it sounds like your talking about j a v a s c r i p t and not html. Do you even know what the difference is between html and j a v a s c r i p t? Second, if you post what the code is, Lensman would have to fix the problem and he would have to take you serious.
Email me this code to roadrash AT axx DOT net If it looks like something to be concerned about, I'll take you seriously. I won't post the code on the board either. |
email sent .
You can post your reply in the room :) when i posted the flaws before everyone freaked out.. gfy used to allow flash sigs until i pointed out the flaws in allowing them. ever since then i have become the gfy flaw scapegoat.. |
| All times are GMT -7. The time now is 04:28 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123