Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

javascript:who(userid) - I think you should fix that huh?

Hmm, when I click on it nothing happens - so I assume it must pop something up and my browser is blocking that.
I'm too lazy to figure out what Safari/PithHelmet want me to do to see pop-ups since it is something beyond ctrl, shift, or alt equivalents.
 
What is the problem?

When I was on windows, I was far more annoyed with the errors that would occur on the code that would tell the karma what to say if clicked on and if the username had an apostrophe in it (it would die because it saw it as closing quotes and then a script failure).... which actually now that I think of it is a security hole...

interesting - your username can be a security hole :)

I can go into more detail of how to exploit that if you want - or I can go into more detail on how to fix it.

Either way.
 
mr smarty-pants....

how bout you just exploit it and show us what you can do with it or STFU?
 
Becoming said:
mr smarty-pants....

how bout you just exploit it and show us what you can do with it or STFU?
Click to expand...

It would involve a long username and registering new users here is a pain in the ass.

Theoretically you would be able to get a user's cookie and then redirect that data to an outside site, store the data, and then either let them see they are on the outside site, or redirect them back to the main page of Elite.

Once you have their cookie, then you have their username and password.

Once you have those, you can enter the site as them, change the password, and you have their account to do with as you please.

That said - I think the username would have to be quite long and I suspect that they limit the username length to something well under that limit.

The username would need to look something like:
';a=getCookieCode();redirectCode(a);break;

But the getCookieCode and redirectCode stuff would be much longer than that - were it just the above, I think it would be feasible.

I also don't recall if "break" is the syntax in javascript or if there is something else, but the theory is the same.
 
Alright hoe, I'm taking this site off my alerts portal beeyoch!


OMGWTFBBQ said:


It would involve a long username and registering new users here is a pain in the ass.

Theoretically you would be able to get a user's cookie and then redirect that data to an outside site, store the data, and then either let them see they are on the outside site, or redirect them back to the main page of Elite.

Once you have their cookie, then you have their username and password.

Once you have those, you can enter the site as them, change the password, and you have their account to do with as you please.

That said - I think the username would have to be quite long and I suspect that they limit the username length to something well under that limit.

The username would need to look something like:
';a=getCookieCode();redirectCode(a);break;

But the getCookieCode and redirectCode stuff would be much longer than that - were it just the above, I think it would be feasible.

I also don't recall if "break" is the syntax in javascript or if there is something else, but the theory is the same.
Click to expand...
 
well if I can't get some free karma out of it, it really is of no use to me...
 
You must log in or register to reply here.

Similar threads

D
female: help with losing weight
Replies
7
Views
349
Arabian
Arabian
U
not able to sleep more then 4 hours
Replies
7
Views
483
SteveMobsterG
SteveMobsterG
P
tb500 isn’t working for me yet
Replies
10
Views
765
wootoom
wootoom
A
How much growth hormone should I add to my steroid stack?
Replies
10
Views
918
Quadsweep
Quadsweep
F
max hgh dosage for 55 year old anti aging
Replies
9
Views
744
s.gentz
s.gentz
Top Bottom