Author | find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
The event may now contine, the site is now on backslash'es server (http://www.webwhak.com/).
You can look in the news section of the page to view more.
http://root.cd (the site that this entire thread is about )
[+] c4p_sl0ck - found out that member list will stretch if your name will be too long
[+] c4p_sl0ck - check that the shoutbox message isn't empty
[+] c4p_slock - shout message should not be posted when its empty
[+] backslash - shoutbox is floodable
[+] backslash - put recaptcha on register/contact forms and delay on login boxes
[+] backslash - make an archive system on the shoutbox
[+] backslash - forgotten in the my_profile section
[+] backslash - found out that the input in the shoutbox may be wayyy too long
[+] backslash - if you make 2 profiles with the same name they will come on the same personal page
[+] backslash - backslash was able to change my account
[+] system_meltdown - found a way to set his avatar to the logout page
[+] Raptor - found a xss vuln in the avatar section for IE and Opera browsers
[+] paranoiahax - found out that the forum is floodable (same way as the shoutbox posts)
[+] backslash - backslash social engineered me and thus managed to get full control over the site
[+] tms - found a CSRF in the forum, he was able to set a thread to the logout page
(from the news section of http://root.cd)
honor = CSRF/XSS
LFI/RFI = 3 euro
5 euro = (blind) sql injection
10 euro = full control over site
Please dont try to root it
once there is an update it will come on twitter, root.cd and here so your name will be mentioned on 3 places .
Greetz,
Jelmer
Edited by on 22-04-09 14:01 |
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I'll help you with design if you like 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I want to help you with this.. i'll add you on msn.
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
allright, that would be great guys 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I'll add you too. 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
quite a few (potentially fatal) flaws! Need fixing...
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
So people have already tried pen testing it  |
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
yeah.. there are quite a few flaws that I've been able to find, not sure what others have found
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I tried a lot of XSS Injections but it didn'T work with a normal account.
So I think you have to gain admin rights with SQL Injection or some other exploit.
I will search a little bit xD
But it hard xD |
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
You're very well protected against XSS, that's for sure...  |
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
haha thanks 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
The crop circles are talking to me!!!:whoa: |
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
[+] c4p_sl0ck - found out that memberlist will stretch if your name will be too long
[+] c4p_sl0ck - check that the shoutbox message isnt empty
[+] c4p_slock - shout message should not be posted when its empty
[+] Austin - shoutbox is floodable
[+] Austin - put recaptcha on register/contact forms and delay on login boxes
[+] Austin - make an archive system on the shoutbox
[+] Austin - </form> forgotten in the my_profile section
[+] Austin - found out that the input in the shoutbox may be wayyy too long
[+] backslash - if you make 2 profiles with the same name they will come on the same personal page
[+] backslash - backslash is able to change my account but he didnt noticed i think 
[+] system_meltdown - found a way to set his avatar to the logout page
Austin = backslash
backslash = Austin
Yeah, I did realise I was able to change your profile hence this picture:

haha
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
lol yea i also realized that later =D anyhow, good job 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
well done to system for CSRFing it 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
can flood the forum by repeatedly pressing f5, it asks to resend the data, you want a spam filter on there.
also found that you can edit several accounts with the same name and create accounts which have already been created under the same name, however this might have already been found because austin was able to edit your account as it says
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Yeah, it's good fun xD looks like Paranoiahax has mention something new... forum floods! Same method as shoutbox floods.
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
thanks paranoiahax, i just fixed system's csrf 
|
 |
Author | RE: find security holes in my site and i will give you money! |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Nice one buddy :-)
I think I've just found another exploit:
if you go to the members lists, and click on my profile it should log you out, system seemed to have done the same thing however you said you fixed it, i'm not sure how system did it but you definitely haven't fixed it fully.
|
 |
Author | RE: find security holes in my site and i will give you money! |
KvK Member

Posts: 94 Location: .dtors
Joined: 17.01.09 Rank: Elite | |
URI Exploit
http://root.cd/in. . .mber=Admin
Must be Logged In
I am able to force any member to connect to any computer on the net via Telnet through the viewing of my avatar. :happy:
(Similar vulnerability to System's)
------------------------------------------------------
EDIT:
Telnet Vulnerability Fixed (I Think...)
But URI Is Still Exploitable :happy:
http://root.cd/in. . .mber=Admin
Must be Logged In
Edited by KvK on 19-04-09 17:35 |
 |