Sign in to follow this  
Followers 0
Reaper45

How to beat Fotolog's 5000 character limit

6 posts in this topic

1) Write your text on the notepad.

2) Paste it on the photo comment box withouth pressing any other key.

3) Update!

Found it the other day while uploading a photo. Well... Not surprised since I heard that they use ancestral versions of Apache server xD

0

Share this post


Link to post
Share on other sites
Well... Not surprised since I heard that they use ancestral versions of Apache server xD

That's not the problem. This is a classic case of client-side checks when they should be server-side. A client-side check is good, it tells the user they've done something wrong before they make the actual request, but trusting that is no good. In this case, it's relatively harmless. At worst, they filter HTML or SQL characters out client-side and not server-side, in which case they have bigger problems than longer than expected descriptions.

Also, the version of apache is irrelevant. A lot of people still use the 1.3.x branch. It still works fine, is maintained and if they don't need any new features from the 2.x branch, there's no real reason for them to upgrade.

0

Share this post


Link to post
Share on other sites

You could also just use the web developer toolbar and remove limits or turn off javascript if it's done client side. No reason to do the copy pasta.

0

Share this post


Link to post
Share on other sites
Well... Not surprised since I heard that they use ancestral versions of Apache server xD

That's not the problem. This is a classic case of client-side checks when they should be server-side.

I knew that. It was just to point that if you manage to access the server you could easily get root by exploiting that apache version.

0

Share this post


Link to post
Share on other sites

If they really were running a vulnerable version from 4 years ago, don't you think they've be defaced by skiddies every other day? (Or are they being defaced?) It says they're running 1.3.33, but that still doesn't mean anything. It says they're running 1.3.33, this could be disinformation. It could also be a patched version of 1.3.33 they're not upgrading for some reason. Maybe the sysadmins just like all those 3's.

0

Share this post


Link to post
Share on other sites

Well... Not all bugs can be exploited remotely.

I never tried to hack fotolog anyway.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0