Test

ghost

0 0

17 years ago

What a lovely 900th post!

bl4ckc4t

Banned

0 0

17 years ago

Nicely done, mozzer.

-Bl4ckC4t

ghost

0 0

17 years ago

No problem

Thought I'd do something with the admin panel but then I realised that more members would see it like this

ghost

0 0

17 years ago

just another 100 to go eh mozzer?

Test of regex: http://www.hellboundhackers.org/news.php?logout=true w00t! Test of new regex: [img]http://www.hellboundhackers.org/news.php?logout=true[/img] Test of newer regex:[img]http://hellboundsecurity.org/fusion_admin/index.php[/img]

ghost

0 0

17 years ago

CSRF is getting SO boring.

It used to be cool. Now it's just lame.

ghost

0 0

17 years ago

Yes. When I discovered it, it was fun (I didn't get HoF. Almost everybody knew it).

Well, I guess I should look for new exploits here :|

ghost

0 0

17 years ago

How does that work? :S google…:angry:

ghost

0 0

17 years ago

Basically, the logout page has a CSRF vulnerability.

This means that whenever anyone loads the page the get logged out, simple

They get logged out because browsers interpret images as html pages and request them using the standard HTTP GET

This means that cookies and headers can be pass with them

The problem is not people posting images but the vulnerability in the logout page - I think that the admins haven't had time to address this or didn't know how it worked