Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: CSRF Full Disclosure
Posted by: maluc
Date: November 27, 2006 02:36AM

lol.. i have some plans.. but they're mostly on the backburner for now. if those holes are closed before then, that's too bad _-_


in the meantime, a random mostly pointless CSRF - but it does point out the obvious issues of allowing avatars

the site allows external linking to avatars and this embeds an <img> tag with a src= of your choice so long as it prepends http://. thus you can link to their logout, and anyone who views it will in the member rankings or profiles will be forced logged out.

Viewing my profile while logged in, will log you out: http://www.hellboundhackers.org/profile.php?lookup=8625

Possible Avatar links:
http://www.wow.com/redir?src=PTL&clickedItemURN=www.heLlboUndhackers.org/news.php?logout=yes www.wow.com/redir?src=PTL&clickedItemURN=www.heLlboUndhackers.org/news.php?logout=yes
http://www.helLboundhackers.org/news.php?logout=yes www.helLboundhackers.org/news.php?logout=yes (it censors www.hellboundhackers.org, but the censor is case sensitive)
http://tinyurl.com/ye6cqd tinyurl.com/ye6cqd


-maluc

Options: ReplyQuote
Re: CSRF Full Disclosure
Posted by: rsnake
Date: November 27, 2006 11:20AM

Case sensitive? Wow. That's terrible. I feel gross even talking about it on the cheat sheet, I'm really surprised it works anywhere, but I guess where something can go wrong it will.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.