HomepageOpinions about this siteError| Author | Post | ||
pvcuong           |
 http://www.bright-shadows.net/forum/forum_showtopic.php?topicid=3002gives me an error page with debug information. I can even see my password hash there  |
||
 04.05.2008 02:46:27 |
|
||
| unknown user |
yeah i know, so does: http://bright-shadows.net/userstats.php?username=lll i neglected to mention that before. |
||
| 04.05.2008 03:17:17 |
|
||
Mulraney  |
You've not touched upon the 'interesting' side of this, although you may already know. |
||
 04.05.2008 11:56:19 |
|
||
| unknown user |
publicly nothing was done, all pvcuong did was say: heh look this ain't right. Debug mode has been on for a while now, plenty of info to be gathered throuhgout the site. i'm not going to write this up, or exploit publicly. So I would say, go for it. |
||
| 04.05.2008 18:46:01 |
|
||
|
Mulraney |
Yeah, gathering information wasn't what I was talking about. |
||
|
05.05.2008 14:55:51 |
|
||
aceldama  |
hmmm, yes, i found it a while ago but it seems to be fixed now. |
||
 07.05.2008 22:54:36 |
|
||
logos       |
There's a much more interesting feature at tbs which discloses a hell of a lot of information about the site, the challenges and the users. I've mentioned it to Inferno in one of my pm's awhile go, but it's probably not fixable, because it's a server thing and has nothing to do with the site. |
||
Edited by logos on 08.05.2008 13:31:04 | |||
 08.05.2008 13:29:46 |
|
||
| unknown user |
this coolness to secrecy is pathetic. |
||
| 08.05.2008 14:13:20 |
|
||
| unknown user |
we all know it's tbs is on a shared hoster with a bunch of crappy sites  Quote:01703872538.com andreas-dorna.de bepax.com bergrettung-zell.com bright-shadows.net club-lilac.com clublilac.com cpbintranet.com czernatzke.com deebel.com deutsche-al.net deutsche-al.com deutsche-al.org deutsche-al.us dielegion.com environment-waste.com gjallarhorn-klangschmiede.com hs-engineering.com ikaron-theater.com kinderbuchshop.com kurtmayerfilm.com lichtung.org menne.info norwegen-live.de ocean-of-impressions.com peter-menne.com prater-derfilm.com rainerroeder.com reisearchiv.net salespoint.org schablonensammler.net schwimmerinderwueste.com shf-gmbh.com shm-gmbh.com ssg-82.de suchimweb.de swimmersinthedesert.com the-weigels.com trend-games.com tubeaudiopro.com vathor.com wallner-haas.net wodportal.de wsuess.com among others. these are the weak link in this security chain because the hoster most likely is stupid. when there are websites in that list that spit out errors like "Fatal error: Call to a member function on a non-object in /www/htdocs/w007e05a/de/redaxo/include/classes/class.article.inc.php(375) : eval()'d code on line 45" It's no surprise your security is flawed. I however elect not to attack websites through these means. However it should be clear to every kid reading my posts that you no longer rent shared hosting. VPS is the same price these days, and soo much better... Shared hosting is a thing of the past. coolness through secrecy = fail. |
||
| 08.05.2008 14:23:47 |
|
||
|
Mulraney |
coolness through secrecy? |
||
|
13.05.2008 20:14:38 |
|
||
private message
EMail
Website