HomepageVulnerable Codebright-shadows.net Click me :)| Author | Post | |||
noother   |
 Quote from rhican:The fact that it isn't fixed is because it isn't considered to big of a deal to log people out, you will see that this works on nearly all challenge sites. Looks to me like you say it's generally only possible to log people out, nothing else. And no, i can't write anything that gives me admin rights without knowing the form-fields for everything. But that's not the point, it's the idea itself - If I can make you write forum topics by clicking on a link, i can do other (and worse) stuff as well. Btw: I really don't care where you throw your bones at, I didn't ask you to reply to this topic, did I? |
|||
Edited by noother on 23.01.2008 19:08:02 | ||||
 22.01.2008 05:51:01 |
|
|||
| unknown user |
. |
|||
| 22.01.2008 08:21:56 |
|
|||
Towley         |
Some probably wonder why the csrf logouts dont work for them. It is because some of them use the url  http://bright-shadows.netwhere others use http://www.bright-shadows.net(notice the www) It seems like at least some browsers distinguish between these domains, and wont send the phpsessid's if the domain wont match. So rhican, if you want to delete some thread, be sure to use your victims choices  |
|||
|
22.01.2008 12:30:20 |
|
|||
| unknown user |
. |
|||
| 22.01.2008 12:46:20 |
|
|||
| unknown user |
cba either. |
|||
| 22.01.2008 13:49:21 |
|
|||
|
noother |
||||
|
22.01.2008 16:09:12 |
|
|||
| unknown user |
. |
|||
| 22.01.2008 16:41:17 |
|
|||
|
noother |
Oh well, I see you don't get it. Your last post is just ridiculous. And to be honest, I don't wanna waste my time with you anymore. |
|||
|
22.01.2008 16:54:41 |
|
|||
| unknown user |
cba. ps: you are for the loose. |
|||
| 22.01.2008 16:58:26 |
|
|||
|
noother |
It's funny how you edit all your posts, so people don't see that everything you put in question had been already answered in my previous posts. Over & out. |
|||
|
30.01.2008 17:59:44 |
|
|||
private message
EMail
Website;){kind=small}
Website