May 05, 2008, 05:38 PM // 17:38
|
#2
|
Jungle Guide
|
What? What? What?
|
|
|
May 05, 2008, 05:39 PM // 17:39
|
#3
|
Frost Gate Guardian
|
Quote:
Originally Posted by Kashrlyyk
What? What? What?
|
Click the linky
|
|
|
May 05, 2008, 05:42 PM // 17:42
|
#4
|
Jungle Guide
|
Quote:
Originally Posted by pablo24
Click the linky
|
Did that, one leads me to this thread and the other to the PlayNC login. So what should I see there?
|
|
|
May 05, 2008, 05:45 PM // 17:45
|
#5
|
Wilds Pathfinder
Join Date: Dec 2006
Location: Vancouver,Canada
|
point??? dont know whats goin on.....
|
|
|
May 05, 2008, 05:46 PM // 17:46
|
#6
|
Frost Gate Guardian
|
Quote:
Originally Posted by Kashrlyyk
Did that, one leads me to this thread and the other to the PlayNC login. So what should I see there?
|
I only tested it on firefox, you are probably using IE? Sec lemme fix the link to work for IE too.
|
|
|
May 05, 2008, 05:48 PM // 17:48
|
#7
|
Jungle Guide
|
Quote:
Originally Posted by pablo24
I only tested it on firefox, you are probably using IE? Sec lemme fix the link to work for IE too.
|
Opera 9.26
Probably using IE? Should I feel insulted?
12 chars
Last edited by Kashrlyyk; May 05, 2008 at 05:51 PM // 17:51..
|
|
|
May 05, 2008, 05:49 PM // 17:49
|
#8
|
Frost Gate Guardian
|
Ok, edited the first link to work for most browsers.
Last edited by pablo24; May 05, 2008 at 05:59 PM // 17:59..
|
|
|
May 05, 2008, 05:49 PM // 17:49
|
#9
|
Forge Runner
Join Date: Jul 2006
Profession: N/Mo
|
The only thing I see that's weird on the first is the series is %20 (spaces) and some other %## I don't remember ATM...
The other link goes right back at this thread.
Can you explain the whole problem though? Is it a security flaw or something?
EDIT: clicked on the link above... wtf... O_o;;...
EDIT2: Using FireFox ATM.
Last edited by Kusandaa; May 05, 2008 at 05:52 PM // 17:52..
|
|
|
May 05, 2008, 05:50 PM // 17:50
|
#10
|
Polar Bear Attendant
|
<-- Noob,
What's going on ? ^^
|
|
|
May 05, 2008, 05:52 PM // 17:52
|
#11
|
Wilds Pathfinder
Join Date: Dec 2006
Location: Vancouver,Canada
|
Im still wondering myself.
used firefox,still clueless.....
Is this what your pointing too????
Quote:
Existing Customer
WHY?! Why does PlayNC have an XSS flaw right on their login page?
|
|
|
|
May 05, 2008, 05:52 PM // 17:52
|
#12
|
Wilds Pathfinder
Join Date: Dec 2006
Location: That one place with the trees, mountains and snow
Guild: Ember Power Mercenaries [EMP]
Profession: Me/
|
In short, pablo24 found yet another exploit in PlayNC/Guild Wars that PlayNC/Arena Net can't be arsed to fix.
|
|
|
May 05, 2008, 05:54 PM // 17:54
|
#13
|
Frost Gate Guardian
Join Date: Jul 2007
Location: Canada
Guild: Virtual Love [kiSu]
|
The security flaw is that their script will echo the html/javascript directly into your browser.
With this, a malicious user could steal a session from a user, or, as in the first example, redirect the unsuspecting user to another webpage in the context of the plaync website (phishing)
Why? Because sadly even web developers these days fail to understand the severity of such an attack.
|
|
|
May 05, 2008, 05:57 PM // 17:57
|
#14
|
Forge Runner
Join Date: Jul 2006
Profession: N/Mo
|
Quote:
Originally Posted by Rift
The security flaw is that their script will echo the html/javascript directly into your browser.
With this, a malicious user could steal a session from a user, or, as in the first example, redirect the unsuspecting user to another webpage in the context of the plaync website (phishing)
Why? Because sadly even web developers these days fail to understand the severity of such an attack.
|
Thanks for giving me an explanation I can actually understand
Could that be where the possible hacker got his info from? Regarding the hacked accounts thread thingy... I say it's possible >_>.
|
|
|
May 05, 2008, 05:57 PM // 17:57
|
#15
|
Jungle Guide
|
Quote:
Originally Posted by pablo24
|
Thanks that worked!
|
|
|
May 05, 2008, 05:59 PM // 17:59
|
#16
|
Jungle Guide
Join Date: Dec 2005
Guild: CULT
|
the normal site is secured and the fake not.
but yeah someone could use that to steal login and pass....ironic no?
|
|
|
May 05, 2008, 06:00 PM // 18:00
|
#17
|
Site Legend
|
Less geek, more street?
__________________
Old Skool '05
|
|
|
May 05, 2008, 06:01 PM // 18:01
|
#18
|
Frost Gate Guardian
|
Quote:
Originally Posted by Sleeper Service
the normal site is secured and the fake not.
but yeah someone could use that to steal login and pass....ironic no?
|
With some tweaking the modified site would be secure too.
|
|
|
May 05, 2008, 06:01 PM // 18:01
|
#19
|
Forge Runner
Join Date: Jul 2006
Profession: N/Mo
|
Quote:
Originally Posted by Sleeper Service
the normal site is secured and the fake not.
but yeah someone could use that to steal login and pass....ironic no?
|
Actually if I understood correctly, the REAL site (the https: / / ) one IS flawed... flawed so much someone can redirect to that object that totally creeped me out (wasn't expecting it at all and my speakers were loud x];;; )
But I could be wrong. I'm no expert.
|
|
|
May 05, 2008, 06:03 PM // 18:03
|
#20
|
Desert Nomad
Join Date: Jul 2007
Location: Cuba
|
if this is an expolit you should prolly report it to them and not advertise it here
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 09:31 PM // 21:31.
|