Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

CSRF test

  1. Home
  2. Forum
  3. Testing
  4. CSRF test

ghost's Avatar

ghost

0 0

This is a test for CSRF through the img tag.

edit: I guess it doesn't work here, but it does through the private messaging system o.O

Try it. PM yourself the following code.

(img)http://www.hellboundhackers.org/forum/viewthread.php?forum_id=23&thread_id=13431#116502(/img) Replace () with []

After viewing the message, the views for this thread will increase by one. This could possibly lead to greater threats.


ghost's Avatar

ghost

0 0

[img]http://www.hellboundhackers.org/forum/csrf_test-23-13431_0.html[/img] edit: it does work. for every visit, the counter replays two.


spyware's Avatar

spyware

Banned
0 0

Edit: doesn't work..


ghost's Avatar

ghost

0 0

spyware wrote: Edit: doesn't work..

not to be rude but the pm csrf exploit does work. you have to replace the parenthesis in th code with brackets because if i used actual bracket it would just say "i dont think so" or something like that.


spyware's Avatar

spyware

Banned
0 0

H4x0r_Z wrote: not to be rude but the pm csrf exploit does work. you have to replace the parenthesis in th code with brackets because if i used actual bracket it would just say "i dont think so" or something like that.

Ah, didn't notice the PM part. Well, anyway, this is an old bug and it'll get fixed soon, hopefully.


fashizzlepop's Avatar

fashizzlepop

Member
0 0

Emphasis on "hopefully" with maybe a "soon" added to the end ;)


ghost's Avatar

ghost

0 0

If they haven't fixed the buddy list, the delete part is too.