logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1090312 Challenges: 342
Users: 12689 Online: 10

Settings
Search
0 new posts

lost-chall – 8 Posts

  • lost-chall

    04/15/2008 02:31
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    a new site at that wechall.net thingie<br><br>xss at<br>http://www.lost-chall.org/activation.php?user=x'<br>(sql injetion too)<br><br>if you don't want to create an account you can login using<br>username: Inferno' or '1'='1<br>password: anything<br><br>full path disclosure<br>/home/www/web453/html/index.php<br><br>sql injection in the register.php<br>enter username:<br>x' and '1'='1<br>x' and '2'='1<br><br>thank you for registering: Inferno, Kender, ...<br>The website uses unsalted md5hashes of your passwords.<br>Which i'm confident you don't use anywhere else in the world. Not that i would admit it if i knew otherwise.<br><br>one final vulnerability is that this website is open to a lot of flac from anybody who owns Lost Intellectual property. <br><br>just some minor vulnerabilities...
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    heh solving a challenge, after logging in as <br>Inferno' or '1'='1<br><br>reset every bodies challenge count. I guess that's going to upset thehivemind
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    Kender's Avatar Kender 200
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Gee, thanks Rhican, for \"helping\" another community member.<br><br>But why tell us? We can't fix it. Tell the admin of the site in stead, so he can fix it.<br>Perhaps you might even go so far as to suggest some resources about preventing this kind of issues to him.<br>
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    quangntenemy's Avatar quangntenemy 7120
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Hmm I alerted Varg a few days ago, but he only managed to fix the ones I found...<br>Btw rhican u should try this site: <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://www.darkmindz.com</a><br>Romeo would be excited to hear from u.
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    kender I don't report vulns anymore, partly because of your conduct in the past. That ship has sailed. It is not my responsibility to keep the internet safe. I am not mister protect-it, I have no cape. I just have my lulz.<br><br>quang I don't do requests, requests cost money, i'll be glad to get you my paypall details, though my going rates might surprise you.<br><br>quang how could you have missed these vulns when reporting? logging in with x' or '1'='1 ... if it were any more cliché. we were in a a 1980's movie.<br><br>so in short, pay me or shut up.
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    quangntenemy's Avatar quangntenemy 7120
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    <img alt="\&quot;:P\&quot;" src="%5C"> It was because I was logged in and too lazy to log out to try that <img alt="\&quot;:P\&quot;" src="%5C"><br>Btw Romeo said u only pwned noobs site and can't touch his site. Maybe u can find the original text in a blog somewhere.
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    <div class="\&quot;tbscode_standard_quote_headline\&quot;"><img alt="\&quot;Quote\&quot;" src="%5C">Quote from <a href="%5C">quangntenemy</a>:</div><div class="\&quot;tbscode_standard_quote\&quot;"><img alt="\&quot;:P\&quot;" src="%5C"> It was because I was logged in and too lazy to log out to try that <img alt="\&quot;:P\&quot;" src="%5C"><br>Btw Romeo said u only pwned noobs site and can't touch his site. Maybe u can find the original text in a blog somewhere.</div><br><br>what am I twelve?<br><br>
    Edit
    Reply
    Quote
    0 Likes
  • 04/15/2008 02:31
    pvcuong's Avatar pvcuong 2280
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    That series is boring as hell.
    Edit
    Reply
    Quote
    0 Likes