Follow us on Twitter!
Don't judge the unknown - Grindordie
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 15
Guests Online: 14
Members Online: 1

Registered Members: 82852
Newest Member: sockpuppets
Latest Articles
Hall of Fame

XSS Vulnerability
Userrex_mundi
Reward50 points
Descriptionrex_mundi found a XSS Vulnerability in the lost password system.


Blind SQL Injection
Userrex_mundi
Reward300 points
Descriptionrex_mundi found several Blind SQL Injections


BBcode Exploit & Patch
UserEuforia33
Reward250 points
DescriptionEuforia33 found and patched a hole in the [IMG] tag


Multiple XSS vulnerabilitys
Userrex_mundi
Reward150 points
DescriptionMany XSS vulnerabilitys from the IMG tag to the PM system and the admin panel.


[IMG] Tag RFI vulnerability
UserEuforia33
Reward150 points
DescriptionEuforia33 was able to include any PHP using the img tag


XSS Vulnerability
Userrex_mundi
Reward75 points
Descriptionrex_mundi found a XSS vulnerability that let him steal user's cookies.


XSS
Usernopcron
Reward30 points
Descriptionnopcron found a Cross Site Scripting exploit in realistic 8.


CSRF in Profile
Userrex_mundi
Reward100 points
DescriptionRex injected csrf code into his profile which gave anyone who visited it free challenge points.


CSRF
Userkorg
Reward100 points
Descriptionkorg found and patched several csrf holes in the site.


CSRF in Buddy List
UserInfam0us
Reward35 points
DescriptionInfam0us discovered a CSRF vulnerability that allowed him to remove people from a user's buddy list.


Avatar Vuln
UserInfam0us
Reward60 points
DescriptionInfam0us was able to bypass the image-only filter for avatars to use any type of url he wanted by tacking on ?a=a.jpg or #a=a.jpg to the end of a URL.


XSS with img tags
UserInfam0us
Reward100 points
DescriptionInfam0us discovered that he could insert javascript into img tags by using decimal encoding.


CSRF in Codebank
Usercyber-guard
Reward35 points
Descriptioncyber-guard was able to create codes by getting users to visit an external site. He was able to use this in combination with his </textarea> vuln to do some interesting things.


Vulnerability in PM System and Code Bank
Usercyber-guard
Reward100 points
Descriptioncyber-guard discovered that he could use </textarea> to insert html into a PM, and this html would be executed if you clicked "preview". He was able to insert whatever html/javascript code he wanted into codes using this method upon editing them.


Basic 26 XSS
UserADIGA
Reward25 points
DescriptionADIGA found an XSS vulnerability in Basic Web Hacking 26 using the onmouseover attribute.


CSRF in Admin Blacklist Function
Userynori7
Reward35 points
DescriptionYnori found a CSRF vulnerability in the blacklist function allowing any user to remove any (or all) blacklists by getting an admin with the proper prviliges to view a webpage.


CSRF in Articles Section
Userynori7
Reward35 points
DescriptionYnori found a CSRF vulnerability in the Articles section allowing any user to delete any article by getting an admin to view a page.


CSRF in the shoutbox
Userstealth-
Reward15 points
Descriptionstealth- found a CSRF vulnerability in the shoutbox system that allowed him to make posts as other users.


Multiple CSRF vulnerabilities in the EM system
Userstealth-
Reward45 points
Descriptionstealth- found mulitple unchecked inputs in the EM system that allowed him to use CSRF to change exclusive member's settings.


Exploited Timed 6
Userb4ckd0or
Reward100 points
Descriptionb4ckd0or found a CSRF vulnerability in timed6 that bypassed output filtering, allowing for JavaScript to be injected directly. This combination of CSRF and XSS would have allowed logged-in users to be directed to this page, where their session would be stolen.


DoS
Userpimpim
Reward20 points
Descriptionpimpim was able to make HBH's server DoS itself. He reported this and is therefor rewarded with 20 points.


Code Bank Hack
Userclone4
Reward100 points
Descriptionclone4 was able to edit or delete code written by any user, but instead of exploiting this in a malicious manor, and reporting it, has been awarded 100 points.


UTF-7 XSS On Error Pages
UserSySTeM
Reward50 points
DescriptionSySTeM found an XSS vulnerability using the UTF-7 charset, http://www.hellboundhackers.org/\\\+ADw-script+AD4-alert(/xss/)+ADw-/script+AD4---//--, which when run with firefox, or internet explorer with character set auto detection turned on, caused an alert to appear.


XSS in print.php
UserSySTeM
Reward30 points
DescriptionSySTeM was able to post an article containing html, and then when a user goes to the print view of the article, the code would run.


CSRF Via Variable Injection
UserSySTeM
Reward35 points
DescriptionSySTeM was able to use a variable injection string (http://www.hellboundhackers.org/?_POST=lol=rofl.png) inside an image tag which would log someone out.


XSS
UserUber0n
Reward40 points
DescriptionUber0n found multiple XSS vulnerabilities in the site.


Server Security
Userrichohealey
Reward100 points
Descriptionrichohealey found and removed several malicious files that were uploaded onto the server and could have been used to cause damage.


DNS Injection
Userrichohealey
Reward200 points
Descriptionrichohealey found and fixed a DNS exploit on the server which would of enabled him to redirect the website to any location he wanted.


Messages XSS
UserUber0n
Reward30 points
DescriptionUber0n found a XSS hole in the messages pages that allowed him to inject code and send it to members.


XSS in [mail] tag
Userthk-geo
Reward15 points
Descriptionthk-geo was able to make an alert box pop up if a user clicked on a link in his sig.


XSS
Userspyware
Reward50 points
DescriptionSpyware was able to inject XSS into the forums, which was executed for people using the following browsers: IE6, Opera, and Netscape, he has been awarded 50 points for this.


Blind MySQL Injection
UserSySTeM
Reward100 points
DescriptionSySTeM found a blind mysql injection vulnerablity in the PM system


cURL Script
UserSySTeM
Reward40 points
DescriptionSySTeM used a cURL script in PHP to view the admin shoutbox entries.


XSS in Realistic 8
UserSySTeM
Reward30 points
DescriptionSySTeM was able to include html tags in his refer. This refer was then logged in real 8 and anyone attempting the challenge would execute his code.


[IMG] Tag XSS vulnerability
UserSySTeM
Reward75 points
DescriptionSySTeM was able to escape our filters and insert a line segment that would allow him to make an alert box on any page that allowed BB code.


XSS
UserSySTeM
Reward100 points
DescriptionSySTeM was able to inject XSS into a function on the PM system. This could lead to stealing admin cookies.


XSS in members.php
UserSySTeM
Reward50 points
DescriptionSySTeM was able to find xss exploits in the members.php page by using the unfiltered variables.