Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

CSRF test


ghost's Avatar
0 0

This is a test for CSRF through the img tag.

edit: I guess it doesn't work here, but it does through the private messaging system o.O

Try it. PM yourself the following code.

(img)http://www.hellboundhackers.org/forum/viewthread.php?forum_id=23&thread_id=13431#116502(/img) Replace () with []

After viewing the message, the views for this thread will increase by one. This could possibly lead to greater threats.


ghost's Avatar
0 0

[img]http://www.hellboundhackers.org/forum/csrf_test-23-13431_0.html[/img] edit: it does work. for every visit, the counter replays two.


spyware's Avatar
Banned
0 0

Edit: doesn't work..


ghost's Avatar
0 0

spyware wrote: Edit: doesn't work..

not to be rude but the pm csrf exploit does work. you have to replace the parenthesis in th code with brackets because if i used actual bracket it would just say "i dont think so" or something like that.


spyware's Avatar
Banned
0 0

H4x0r_Z wrote: not to be rude but the pm csrf exploit does work. you have to replace the parenthesis in th code with brackets because if i used actual bracket it would just say "i dont think so" or something like that.

Ah, didn't notice the PM part. Well, anyway, this is an old bug and it'll get fixed soon, hopefully.


fashizzlepop's Avatar
Member
0 0

Emphasis on "hopefully" with maybe a "soon" added to the end ;)


ghost's Avatar
0 0

If they haven't fixed the buddy list, the delete part is too.