| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
I'll help you with design if you like 
|
|
| Author |
RE: find security holes in my site and i will give you money! |
Cyph3rHell
Member
Posts: 301
Location: Hackers Paradise
Joined: 25.06.08
Rank: God |
|
I want to help you with this.. i'll add you on msn.
What you see is not the hell... is the HACKERS PARADISE
A little boy asks his father, "Daddy, how much does it cost to get married?" His father replies, "I don't know, son. I'M STILL PAYING FOR IT!"
"It's just too hot to wear clothes today," said Bill as he stepped out of the shower. "Honey, what do you think the neighbors would think if I mowed the lawn like this?" "Probably that I married you for your money," she replied. |
|
| Author |
RE: find security holes in my site and i will give you money! |
c4p_sl0ck
Member
Posts: 380
Location: Sweden
Joined: 17.09.06
Rank: God |
|
I'll add you too. 
 |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
quite a few (potentially fatal) flaws! Need fixing...
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
inferior
Member
Posts: 57
Location:
Joined: 07.09.05
Rank: God |
|
|
So people have already tried pen testing it |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
yeah.. there are quite a few flaws that I've been able to find, not sure what others have found
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
I tried a lot of XSS Injections but it didn'T work with a normal account.
So I think you have to gain admin rights with SQL Injection or some other exploit.
I will search a little bit xD
But it hard xD |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
133ch11f3
Member
Posts: 28
Location:
Joined: 07.04.09
Rank: Hacker Level 1 |
|
|
You're very well protected against XSS, that's for sure... |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
game_killer13
Member
Posts: 11
Location:
Joined: 20.03.09
Rank: Apprentice |
|
The crop circles are talking to me!!! |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
[+] c4p_sl0ck - found out that memberlist will stretch if your name will be too long
[+] c4p_sl0ck - check that the shoutbox message isnt empty
[+] c4p_slock - shout message should not be posted when its empty
[+] Austin - shoutbox is floodable
[+] Austin - put recaptcha on register/contact forms and delay on login boxes
[+] Austin - make an archive system on the shoutbox
[+] Austin - </form> forgotten in the my_profile section
[+] Austin - found out that the input in the shoutbox may be wayyy too long
[+] backslash - if you make 2 profiles with the same name they will come on the same personal page
[+] backslash - backslash is able to change my account but he didnt noticed i think
[+] system_meltdown - found a way to set his avatar to the logout page
Austin = backslash
backslash = Austin
Yeah, I did realise I was able to change your profile hence this picture:
haha
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
well done to system for CSRFing it 
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
paranoiahax
Member
Posts: 10
Location: England, U.K.
Joined: 17.11.06
Rank: God |
|
can flood the forum by repeatedly pressing f5, it asks to resend the data, you want a spam filter on there.
also found that you can edit several accounts with the same name and create accounts which have already been created under the same name, however this might have already been found because austin was able to edit your account as it says
--ParanoiaHax-- |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
Yeah, it's good fun xD looks like Paranoiahax has mention something new... forum floods! Same method as shoutbox floods.
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
paranoiahax
Member
Posts: 10
Location: England, U.K.
Joined: 17.11.06
Rank: God |
|
Nice one buddy :-)
I think I've just found another exploit:
if you go to the members lists, and click on my profile it should log you out, system seemed to have done the same thing however you said you fixed it, i'm not sure how system did it but you definitely haven't fixed it fully.
--ParanoiaHax-- |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
KvK
Member
Posts: 93
Location: EAX
Joined: 17.01.09
Rank: God |
|
URI Exploit
http://root.cd/index.php?page=memberlist&member=Admin
Must be Logged In
I am able to force any member to connect to any computer on the net via Telnet through the viewing of my avatar. 
(Similar vulnerability to System's)
------------------------------------------------------
EDIT:
Telnet Vulnerability Fixed (I Think...)
But URI Is Still Exploitable
http://root.cd/index.php?page=memberlist&member=Admin
Must be Logged In
Edited by KvK on 19-04-09 17:35 |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
Rapt0r
Member
Posts: 28
Location:
Joined: 28.12.08
Rank: Hacker Level 2 |
|
|
What happened to it now? Theres nothing on the site at all. |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
133ch11f3
Member
Posts: 28
Location:
Joined: 07.04.09
Rank: Hacker Level 1 |
|
|
every time i post something in the shoutbox or forum and press refresh, the message is posted again... If i program a Visual Basic Application to refresh the page infinite times, i can fill your server with loads of new topics! try to fix that... |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
Jelmer's let me help out and give him a hand. The shoutbox is fixed now
|
|
|
| Author |
RE: find security holes in my site and i will give you money! |
133ch11f3
Member
Posts: 28
Location:
Joined: 07.04.09
Rank: Hacker Level 1 |
|
backslash wrote:
Jelmer's let me help out and give him a hand. The shoutbox is fixed now
YEP! Great! 
now the forum needs to be fixed too... the same error occurs when we reply threads, or when we start new threads |
|
|
| Author |
RE: find security holes in my site and i will give you money! |
backslash
Member
Posts: 60
Location: United States
Joined: 18.03.09
Rank: God |
|
evil flooders! 
|
|
|
Main:
