Probable bug found
Moderator: moderators
-
Guest
Nice......
But now what???
Either you discribed the thing you found to the admins and this thread is kinda useless.
Or you didn't write the admins and with the current info in this thread they won't find out what you found which makes this thread just as useless...
Maybe it wasn't even a bug, but now nobody can tell you cuz we don't know what you found out....
Funny isn't it
But now what???
Either you discribed the thing you found to the admins and this thread is kinda useless.
Or you didn't write the admins and with the current info in this thread they won't find out what you found which makes this thread just as useless...
Maybe it wasn't even a bug, but now nobody can tell you cuz we don't know what you found out....
Funny isn't it
-
Guest
i dont want fame or glory, although i do believe you should give credit where credit is due.
I wont put the specifics up here because of security reasons. if the admins wants to know what i've found they can contact me. Either via pm or email.
The bug includes giving myself access to their web server, and most likely full access to their database too...
I wont put the specifics up here because of security reasons. if the admins wants to know what i've found they can contact me. Either via pm or email.
The bug includes giving myself access to their web server, and most likely full access to their database too...
-
Guest
Found one of the pages on your site to contain a XSS. Although I'm very limited. I'm having fun trying to break out of the substr as we speak 
Of course i'll share what's vuln if you want to.
I haven't checked if this technique works with messages yet though, will do so later.
I'm not doing this to hurt anyone (hope you understood that by my previous post).
Hoping to hear from you soon!
- peace.
Of course i'll share what's vuln if you want to.I haven't checked if this technique works with messages yet though, will do so later.
I'm not doing this to hurt anyone (hope you understood that by my previous post).
Hoping to hear from you soon!
- peace.
Last edited by Guest on 12.03.2009, 21:15, edited 1 time in total.
-
Guest
Great, another wannabe hackerVinZee wrote:Found one of the pages on your site to contain a XSS (kapinews). Although I'm very limited. I'm having fun trying to break out of the substr as we speak
I haven't checked if this technique works with messages yet though, will do so later.
I'm not doing this to hurt anyone (hope you understood that by my previous post).
Hoping to hear from you soon!
- peace.
-
Guest
-
Guest
-
Guest
I'm not screwing with the database - nor would i. I'm just saying that somebody could, and i only want to point out where and how the could do it.felixbluindustries wrote:Pff well if you get into the database then its cracked wde open-just e-mail Goldeneye, Peralbay or directly talk to upjers, you screwing around in the database aint gonna be good for anyone... Plus how the hell did you find it :S
im merely offering help. if my help isnt wanted then im happy to just go away.
So far ive only been questioned and flamed, so i suppose ill just go away...
-
Guest
Going to the bug forum about a possible major leakage that could lead to someone gaining access to the database and then deleting/editing all the information is not a smart idea, spreading it round for all to know-the best thing to do is to mail an admin stragith away-the way you posted seemed like you were trying to make a mockery of upjers etc.
That is all im saying-personally i appreaciate people like you finding these holes allowing for upjers to fix them, its just isnt nice in the few hours between the info going public and the time its fixed, basically letting any tom [censored] and harry know that they can hack into the database :S
That is all im saying-personally i appreaciate people like you finding these holes allowing for upjers to fix them, its just isnt nice in the few hours between the info going public and the time its fixed, basically letting any tom [censored] and harry know that they can hack into the database :S
-
Guest
i didn't say how, only that there is a vulnerability. Perfect code is hard to make. At least when it has reached the complexity it has on this site.
I don't mock anyone! I'm just trying to point out that there is a vulnerability. I was wrong about the one i found getting into the webserver. At least i can't at this point. And I'd rather not try anything until if and when i get a go from the admins. I have found a XSS though. Which again is quite common in complex code...
It's like saying there is a needle in the haystack... If tom and harry wants to find the needle, im sure they're already looking.
I don't mock anyone! I'm just trying to point out that there is a vulnerability. I was wrong about the one i found getting into the webserver. At least i can't at this point. And I'd rather not try anything until if and when i get a go from the admins. I have found a XSS though. Which again is quite common in complex code...
It's like saying there is a needle in the haystack... If tom and harry wants to find the needle, im sure they're already looking.
-
Guest
-
Guest
Hi guys,
Vinzee, could you send me a PM please on what you think you have found, so we can check it? Thanks a lot for your help!
Cheers,
pearlbay
PS: @ Felix: That's what happens when you insert a word-censor! Imagine there was actually a player called D ick... he would have to go by [censored] on the Forum!
Unfortunately there are always people who enjoy throwing swear-words around, otherwise we wouldn't need a word-censor (I am just recalling the time I tried to censor the word "ass"... lol)
Vinzee, could you send me a PM please on what you think you have found, so we can check it? Thanks a lot for your help!
Cheers,
pearlbay
PS: @ Felix: That's what happens when you insert a word-censor! Imagine there was actually a player called D ick... he would have to go by [censored] on the Forum!
Unfortunately there are always people who enjoy throwing swear-words around, otherwise we wouldn't need a word-censor (I am just recalling the time I tried to censor the word "ass"... lol)In case of urgent problems or questions, please use our support form!