Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Defeating Ning Captcha
Posted by: iota
Date: April 14, 2008 01:34PM

http://networkcreators.ning.com/forum/topic/show?id=492224%3ATopic%3A204398

Options: ReplyQuote
Re: Defeating Ning Captcha
Posted by: iota
Date: April 14, 2008 01:50PM

I used only Greasemonkey:

Quote

// ==UserScript==
// @name => Defeating Ning Captcha Proof-Of-Concept
// @namespace => http://yehg.net
// @author => d0ubl3_h3lix http://yehg.net
// @description => Ning might have over-confidence or doesn't care about Security of its users. This little Greasemonkey Exploit will auto-register and join particular group for massive spamming. My suggested countermeasure is to use 1 time token and challenge-back emailing. Nobody, especially non-security geeks, can realize the ACTUAL attack scene till we, securiy guys, show them small simulation. The following script is targetting on my Country IT Professional Group http://mmitpros.ning.com. Note that you, ning owners, should respect my disclosure policy. Attackers can even make more devastating effects and create biggest Ajax worm using existing still-unfixed variable Charset-encoding XSS on ning.
// @thankz Special thanks to authors of XSS Attacks & Exploits who said "Today there are still a few who employ the Power Of JavaScript.". I take such wise advice for granted. Now,I'm one of them :)
// @include http://myanmaritpros.com/
// ==/UserScript==

Options: ReplyQuote
Re: Defeating Ning Captcha
Posted by: iota
Date: April 14, 2008 04:37PM

hee :)

Ning was so afraid
They're now taking immediate action to fix the flaws.
Nice Response.

Options: ReplyQuote
Re: Defeating Ning Captcha
Posted by: iota
Date: April 16, 2008 01:55PM

http://yehg.net/lab/pr0js/view.php/Ning.Com_CaptchaAuthentication_Bypass.pdf

Options: ReplyQuote


Sorry, only registered users may post in this forum.