The Daily WTF: Curious Perversions in Information Technology
Welcome to TDWTF Forums Sign in | Join | Help
in Search
TheDailyWTF.com Forums
TDWTF Forums » The Daily WTF » Coder Challenge » Exploit Community Server

Exploit Community Server

Last post 06-19-2009 11:22 PM by immibis. 17 replies.
Page 1 of 1 (18 items)
Sort Posts: Previous Next

  • 04-28-2009 10:19 PM

    Exploit Community Server

    Reply Contact
    Simple challenge... try to exploit the community server forum using an XSS attack. javascriptalert('hello')

  • 05-05-2009 5:03 AM In reply to

    Re: Exploit Community Server

    Reply Contact
    reading this post should log you out, i don't think this counts as XSS though. [logout image removed - mod]

  • 05-07-2009 5:00 AM In reply to

    Re: Exploit Community Server

    Reply Contact
    If any mods want to delete that last post (which logs you out) then go ahead, it's very annoying even for me.

  • 05-07-2009 10:47 AM In reply to

    Re: Exploit Community Server

    Reply Contact

    immibis:
    If any mods want to delete that last post (which logs you out) then go ahead, it's very annoying even for me.
    I bet they can't delete it because they get logged off every time they try to access it.

    It's... Monkey Piston's Frying Circle!
    Filed under:

  • 05-07-2009 5:54 PM In reply to

    • stratos
    • Top 50 Contributor
    • Joined on 09-06-2006
    • Zeeland, Netherlands
    • Posts 536

    Re: Exploit Community Server

    Reply Contact

    immibis:
    reading this post should log you out, i don't think this counts as XSS though.
     

    It's called CSRF, Cross Site Request Forgery. It's the new hip thing in web security.

    I tried my hand at some common forms of code injection for XSS, but didn't find any and got bored with it. This sort of thing works much better when you have access to the code and i can't be bothered to download it, or even know if you can.

    [SECOND logout image removed - mod.]
    My web-consulting company - My web development blog - "Show me a sane man and I will cure him for you." - C. G. Jung

  • 05-22-2009 8:42 PM In reply to

    Re: Exploit Community Server

    Reply Contact

    Not really an exploit, but.

    z

  • 05-23-2009 10:19 AM In reply to

    Re: Exploit Community Server

    Reply Contact
    • That's painful.

  • 05-23-2009 10:37 AM In reply to

    Re: Exploit Community Server

    Reply Contact

    Hmm, I'd like to fix it, I really would.

  • 05-25-2009 4:19 AM In reply to

    Re: Exploit Community Server

    Reply Contact
    My post didn't log me out. Did someone edit it?

  • 06-10-2009 3:08 PM In reply to

    Re: Exploit Community Server

    Reply Contact
    Miff The Fox -- I like yours, because anybody who tries to reply gets a messed up screen. I would call that an exploit. Using that technique, it seems like you could mask real data on the page and insert your own.

  • 06-10-2009 3:15 PM In reply to

    Stylesheet

    Reply Contact

  • 06-18-2009 3:53 AM In reply to

    Re: Exploit Community Server

    Reply Contact

    • Awesome CSS Injection

  • 06-18-2009 6:55 PM In reply to

    Re: Exploit Community Server

    Reply Contact
    Well, that worked better than I expected.

  • 06-19-2009 2:34 AM In reply to

    Re: Exploit Community Server

    Reply Contact
    If this worked, then by viewing this post you are downloading a trial version of Age of Empires III. As well as being annoyed that is.

  • 06-19-2009 2:36 AM In reply to

    Re: Exploit Community Server

    Reply Contact

  • 06-19-2009 11:34 AM In reply to

    Re: Stylesheet

    Reply Contact

    The "Awesome CSS Injection" post is impossible to reply to.  It fucks up FF3 something fierce.  Good job.

    This thread is starting to actually get interesting.

    SpectateSwamp exposing aliens. Obviously the World needs SSDS


    [10:07] <fatdog> so from now on.. be sure to wear nice clean underwear
    [10:07] <mps> fatdog: That is simply not going to happen
    Filed under:

  • 06-19-2009 2:04 PM In reply to

    • PJH
    • Top 10 Contributor
    • Joined on 02-14-2007
    • Newcastle, UK
    • Posts 1,253

    Re: Stylesheet

    Reply Contact

    belgariontheking:
    The "Awesome CSS Injection" post is impossible to reply to.  It fucks up FF3 something fierce.  Good job.

    No effects are seen in threaded mode - just in flat mode.
    Abstinence makes the Church grow fondlers.

    - unknown

  • 06-19-2009 11:22 PM In reply to

    Re: Exploit Community Server

    Reply Contact
    Hello.
    • Page 1 of 1 (18 items)
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems