Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
bug on informe.com
Posted by: SpoofGhost
Date: June 15, 2008 06:02PM

i was trying to attack a forum hosted on informe.com. as it is phpbb, there arn't to many bug's later on i started to try some xss inputs on informe.com
then i came acros a search engine on there page and there was an xss hole

URL: informe.com/category/0/All?field=title&searchString= SPLOID &x=19&y=6

Just some simple "><Script>alert('xss')</script><" in the url and bang. it worked. afther that i registered at the forum i tryed to hack earlyer that day.
and afther that i went back to the informe site checking my cookie and when i did that it did look like that the cookie that was made for the forum i tryed to hack was shown in it so i changed the link to log my cookie and i logged myself and tryed to login on the forum i was tyring to hack with the cookie info
and within a sec in was logged in as myself...

well to make things clear it seems that every hosted forum on there can be hacked that way.

Options: ReplyQuote
Re: bug on informe.com
Posted by: PaPPy
Date: June 16, 2008 11:23AM

it seems they havent patched any of the forums they install... unless they leave that up to the client, some date back to 2002....
so im sure there could be a field day with bugs

Options: ReplyQuote


Sorry, only registered users may post in this forum.