Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 Compsci.ca Vulnerability
Index -> Off Topic
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
QuantumPhysics




PostPosted: Mon May 06, 2013 9:47 am   Post subject: Compsci.ca Vulnerability

I was just randomly looking around the forum again, and I found a spot here that has a possible Cross site scripting vulnerability, and Local File Intrusion (CSS & LFI). I am going to keep looking into it, but if I see that it can be used as an exploit, I will update this thread. I have found that querying the subtext headers on the double null of '//./ and /;//' actually gets the server to respond back to me. Possibly a blind SQL injection can be found here, I don't know. But I will keep looking into it, if anything comes up with it. I will update this thread.
Sponsor
Sponsor
Sponsor
sponsor
Tony




PostPosted: Mon May 06, 2013 11:19 am   Post subject: RE:Compsci.ca Vulnerability

The responsible thing would be to notify Dan and myself, before posting vulnerabilities publicly.

http://en.wikipedia.org/wiki/Responsible_disclosure

Edit: btw, Cross Site Scripting's acronym is XSS; not to be confused with CSS -- Cascading Style Sheets
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Dan




PostPosted: Mon May 06, 2013 10:17 pm   Post subject: RE:Compsci.ca Vulnerability

Well I am grateful to any one that finds an exploit in the site and reports it responsibly, I would have to ask that you (QuantumPhysics) and any one just starting to learn this subject stop penetration testing the site until you have better education in the topic. Sending us false or misleading vulnerability reports wastes our time and probing the wrong parts of the site could get you automatically banned and/or added to a global black list. Also running software that scans a large number of pages on the site needlessly uses up our bandwidth and in some extreme cases could slow the site down for other users.

I will also add that I have warned you several times QuantumPhysics about making up things relating to security topics and your post here sounds very much like the others, random words that can be found googleing about exploits throw together to make a paragraph. I will give you the benefit of the doubt this time as the logs for the site at least show you tried to exploit the site, tho I see no evidence of it being successful. If I am incorrect please e-mail or PM me the details.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
Display posts from previous:   
   Index -> Off Topic
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 3 Posts ]
Jump to:   


Style:  
Search: