Found vulnerabilities

Add a Comment

Comment by fragge on May 8, 2008 at 5:45am

ugh and yeah there is no way to edit, amongst other missing functions in this app (like custom group page, inviting members to group, searching members by country, searching members by age, searching members by group, more customization to main page, topics in forums rather than just random ordering.. god ning has nothing!). GRR! :@

Comment by fragge on May 8, 2008 at 5:43am

i'll do a proper run through of URL and form injection later tomorrow or on the weekend. been tied up with work all day, and will most likely be swamped tomorrow. god adobe takes forever to install shit, had to reinstall acrobat -_-

Comment by Wildcat on May 8, 2008 at 2:14am

Yep, the "Event not found", "Group not found" "Member not Found", ....... pages have a lot of XSS vulns ...
I am searching for SQLI vulns, but nothing found yet

lol @ fragge ^^
friends are overrated xD
Hm no edit function for blog comments yet, ..... that sux!

Comment by fragge on May 8, 2008 at 2:06am

i have no friends :(

Comment by Sam Aldis on May 8, 2008 at 2:00am

Another XSS:
PoC

Comment by Sam Aldis on May 8, 2008 at 1:52am

its a shame I'm your only friend i wanted that to go out
to everyone. ;)

Comment by fragge on May 8, 2008 at 1:50am

:P

Comment by Sam Aldis on May 8, 2008 at 1:44am

wow thanks for the message fragge..
you could have put something other than
This is a PoC in it though ;)

Comment by Wildcat on May 8, 2008 at 1:42am

Better I turn noscript on, for a while ... ;D

Comment by Sam Aldis on May 8, 2008 at 1:40am

was going to wait untill pdp looked at the darkstar group
and change the front page because i created an auto submit form
that uses CSRF but thats probably a bit harsh :/
anyways you can see the XSS in action here:
http://houseofhackers.ning.com/group/darkstar

• First
• Previous
• Next
• Last