LinkBack URL
About LinkBackshttp://sentient.us.to/images/owned.jpg
Pretty humiliating if you ask me :naughty:
Retired
http://sentient.us.to/images/owned.jpg
Pretty humiliating if you ask me :naughty:
Last edited by Spartan Erik; 02-24-2007 at 11:33 PM.
Former Senior Account Rep
LMFAO...WTF how did they get owned:thefinger
j/k nice find
Thanks,
Brandon Long
Abuse Compliance Officer
Huh. Guess they need to learn security.
And unless I'm mistaken doesn't howstuffworks have guides on security (http://computer.howstuffworks.com/security-channel.htm )? Insult to injury ^_^
Edit: Actually I think I can see how they basically faked it out - it's using radio buttons to identify what the selected answer is, and it's using post to retrieve it. But unless I'm wrong, POST can still be faked if someone knows what they're doing - what they need to do is actually check to make sure the answer submitted is a valid response XD
At least it wasn't anything vulgar/explicit that they submitted, right?
Last edited by Livewire; 02-25-2007 at 01:13 AM.
TOS breakers will be suspended regardless of race, creed, national origin, hair color, or favorite food. Thanks for your understanding!
Community Support Force
x10 Lieutenant
Hmm. It appears to be some sort of SQL injection attack. Maybe the folks at Howstuffworks.com should post an article on it.
And right now, the ownage is still there. Go answer the survey on http://howstuffworks.com and see!
Last edited by Cubeform; 02-25-2007 at 01:18 PM.
CUBEFORM
XHTML | CSS | PHP | JavaScript
THIS WEEK
Community Support Force
x10 Lieutenant
Anyone want to advertise x10? :P
I hope the programmer learns how to properly make surveys. It shouldn't be as easy to hack as modifying HTML.
Retired
Originally Posted by Spartan Erik
Wow, since that screenshot, many more people have hacked it.. some people even managed to put a vote for their own choice!
The people at HSW ought to get that fixed.. 10 bucks says it's going to happen to every new poll they make unless otherwise
Last edited by Spartan Erik; 02-25-2007 at 03:31 PM.
x10 Lieutenant
Once you set up the modified page, voting is pretty simple. You just keep submitting. This is like basic HackThisSite levels :P
x10 Lieutenant
Oh my god. That is really insecure. You just have to modify ONE value and... it's really easy to hack. WOW. Suits them for having text as a value. None of that fancy injection stuff, you just have to use FireBug/Web Developer/Opera's Source editor! I put a value on there: "Is it this easy?" Yes. Yes it is.
Yeah, they need a better polling system.
Last edited by Cubeform; 02-25-2007 at 04:38 PM.
CUBEFORM
XHTML | CSS | PHP | JavaScript
THIS WEEK
Posting Permissions
Reply With Quote
