Jump to content


Photo
- - - - -

Profile Hacking


  • Please log in to reply
11 replies to this topic

#1 Angel

Angel

    mad 1337

  • Members
  • 137 posts
  • Gender:Male

Posted 12 November 2007 - 10:23 PM

Posted Image
Q:Is this really general hacking?
A:Of course! But feel free to move this if you think otherwise, mods.

Q:So you edited your profile to say you were 'leet'? Isn't that kind of sophomoric?
A:Yar, probably. But I couldn't think of any better number off the top of my head, and "666" seemed dumb.

Q:Ok, so I assume there's a flaw in the website?
A:Well, many; nothing is a hundred percent secure. Stank and crew do a good job of locking things down, this isn't like a dig at the staff or nothin'.

Q:Would you like to tell us?
A:Sure thing! I'll give you a hint and then put the actual code in spoiler tags so you guys can script-kiddy out your own profiles. The hint is: what user input does the forum take to calculate your age?
Spoiler


As an aside - I'm attaching the image above to this post since as it's hosted at Images Hack dot us it will, in time, wither and die, confusing future graverobbers who may then attempt to ressurect this thread with dumb questions.

Have phun,

-ArchAngel

Attached Files



#2 I_Eat_Childrenz

I_Eat_Childrenz

    elite

  • Members
  • 119 posts
  • Location:Iowa

Posted 12 November 2007 - 10:28 PM

How long before this gets changed? If ever?

#3 Spyril

Spyril

    Hakker addict

  • Members
  • 588 posts
  • Location:North Dakota

Posted 12 November 2007 - 10:32 PM

An easier way would be just to modify the headers if you have TamperData installed in Firefox. But yeah, good find.

Edited by Spyril, 12 November 2007 - 10:33 PM.


#4 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 12 November 2007 - 11:15 PM

nice find...and invision needs to be made aware of this as well so that they can issue a patch.

#5 Angel

Angel

    mad 1337

  • Members
  • 137 posts
  • Gender:Male

Posted 13 November 2007 - 12:28 AM

nice find...and invision needs to be made aware of this as well so that they can issue a patch.

*shrugz* I suppose. You seem to believe more in corporations than I do, my friend. ^_-.

I sent a message in via script-injecting their "Report Piracy" form, and e-mailed the technical contact listed in their WHOIS:

Date: Mon, 12 Nov 2007 20:25:45 -0900
From: ArchAngel <(Redacted)@gmail.com>
To: dnsadmin@invisionpower.com
Subject: Invision Board Bug
MIME-Version: 1.0
Content-Type: multipart/alternative;
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Just thought you may want to address a flaw in your software.

Incidentally, the same flaw can be used on your piracy reporting form to add
new options under "Piracy" - the thread linked below has the relevant code.

Effectively, your coders aren't appropriately validating the values sent in
by dropdownlists - which lets script-savvy users add their own values and
pass them to the server, where code evaluates them and executes
appropriately. With an age change, not so serious a problem, but you
probably want to remove single quotes, html, and the like just to be safe.

Here's the site link describing the bug in some detail:
http://www.binrev.co...showtopic=34727

Love,

-ArchAngel


We'll see if they respond.

-ArchAngel
(edit:reworded slightly before sending)

Edited by Angel, 13 November 2007 - 12:30 AM.


#6 thenotwist

thenotwist

    Mack Daddy 31337

  • Members
  • 216 posts

Posted 13 November 2007 - 04:08 PM

[...]but you
probably want to remove single quotes, html, and the like just to be safe.[..]

Interesting, depending on what is being done with the input that could pose quite a problem I guess...

#7 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 13 November 2007 - 09:42 PM

Thanks angel...I think that is the right thing to do.

We have to give invision a chance before we judge them as a big evil "corporation". Maybe they will surprise you.

#8 operat0r

operat0r

    Dangerous free thinker

  • Members
  • 793 posts
  • Location:ops

Posted 14 November 2007 - 12:34 PM

I managed to get it to popup a error saying something like invalid input but other then that..
location string is huge too

Edited by operat0r, 14 November 2007 - 12:36 PM.


#9 DanielG

DanielG

    SUP3R 31337 P1MP

  • Members
  • 294 posts
  • Location:The Netherlands

Posted 14 November 2007 - 01:09 PM

Lol, I only used this on profile sites or cam sites like stickam, never thought to change it on forums.
TamperData ftw.

#10 Angel

Angel

    mad 1337

  • Members
  • 137 posts
  • Gender:Male

Posted 14 September 2011 - 11:50 AM

Thanks angel...I think that is the right thing to do.

We have to give invision a chance before we judge them as a big evil "corporation". Maybe they will surprise you.


Not to bring this old thread back from the grave, but I thought it funny that this flaw still exists in the current IP Board software -- as hinted at four years ago, this vulnerability effects client-side controls used across the software suite, and as such it allows behaviour a little more serious than things like making your age a cool number ... not sure what that says about giving big 'evil' corporations a chance. ^_-.

-ArchAngel

#11 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 14 September 2011 - 09:39 PM

Oh jesus, I just saw the date on that... Crap.

#12 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 26 September 2011 - 04:13 PM


Thanks angel...I think that is the right thing to do.

We have to give invision a chance before we judge them as a big evil "corporation". Maybe they will surprise you.


Not to bring this old thread back from the grave, but I thought it funny that this flaw still exists in the current IP Board software -- as hinted at four years ago, this vulnerability effects client-side controls used across the software suite, and as such it allows behaviour a little more serious than things like making your age a cool number ... not sure what that says about giving big 'evil' corporations a chance. ^_-.

-ArchAngel


Did anyone ever report it to them? :o lol

And no, I don't trust big corporations either, but at the same time you have to give everyone a chance to prove themselves. If you never give them a chance, then you are just as much at fault as they are. I also don't think that invision software is a big corporation by any means.




BinRev is hosted by the great people at Lunarpages!