Curse

Anarkii · May 05, 2008, 06:05 PM // 18:05

To put it plainly, their site is not secured against cross-site scripting, which has been a pretty basic measure in web development. Look up cross site scripting in wiki for more details

pablo24 · May 05, 2008, 06:05 PM // 18:05

Quote:

Originally Posted by slowerpoke

if this is an expolit you should prolly report it to them and not advertise it here

Trust me I reported much more serious flaws than this and they never got fixed.

Alexandra-Sweet · May 05, 2008, 06:06 PM // 18:06

Quote:

Originally Posted by slowerpoke

if this is an expolit you should prolly report it to them and not advertise it here

pablo24 most likely already reported it and PlayNC probably ignored him (like usual) so the only way to force PlayNC to fix this is making the exploit public.

Destiny2097 · May 05, 2008, 06:06 PM // 18:06

reminds me of the RIAA website a while back

lyra_song · May 05, 2008, 06:07 PM // 18:07

*pats No Script*

Rift · May 05, 2008, 06:09 PM // 18:09

Quote:

Originally Posted by Kusandaa

Could that be where the possible hacker got his info from? Regarding the hacked accounts thread thingy... I say it's possible >_>.

You're welcome ^^, and yes I'd say it's possible, since this technique amongst other things, can be used to steal credentials without the user ever knowing.

PlayNC needs to fix this, but as security concious users, people should:

- Never blindly follow links from emails, webpages or forums, and
- Whenever credentials are required, get to the webpage on your own (type the url in the browser)

Antheus · May 05, 2008, 06:13 PM // 18:13

Ouchies....

Quote:

Originally Posted by Rift

PlayNC needs to fix this, but as security concious users, people should:

- Never blindly follow links from emails, webpages or forums, and
- Whenever credentials are required, get to the webpage on your own (type the url in the browser)

A well constructed spoof will fool even the most cautious users.

Chthon · May 05, 2008, 06:24 PM // 18:24

For those slow on the uptake, the long and short of this is DO NOT follow any links to the PlayNC website. If you must log in to PlayNC, get there by entering the address directly into your address bar.

For those who did get it, since this one would be so easy to move from proof-of-concept to practice, let's not spell out how it works any more than Pablo already has, OK?

Kusandaa · May 05, 2008, 06:33 PM // 18:33

Dunno if it's related, but let's see.

I checked the links, then I had to reboot due to loss of sound (static electricity discharged on my desk kills my sound card and I have to reboot for it to work). When I booted Windows, SpyBot automatically loaded ("eh look at this, I have a problem ¬¬") and took a couple minutes to search through my files for possible problems. It found 19 total. Of course I ran a check yesterday for similar problems >_>.

Since then, something is trying to modify my registery and caused several CMD applications to open. A couple of .dll files from system32 are missing, and I might have to format my HDD this afternoon if I have too many problems (TBH it wouldn't hurt at all, been running without formatting for nearly 2 years).

I just find it awkward that after I click on those sites... well I'm experiencing problems I've never had before.

pablo24 · May 05, 2008, 06:34 PM // 18:34

Quote:

Originally Posted by Kusandaa

Dunno if it's related, but let's see.

I checked the links, then I had to reboot due to loss of sound (static electricity discharged on my desk kills my sound card and I have to reboot for it to work). When I booted Windows, SpyBot automatically loaded ("eh look at this, I have a problem ¬¬") and took a couple minutes to search through my files for possible problems. It found 19 total. Of course I ran a check yesterday for similar problems >_>.

Since then, something is trying to modify my registery and caused several CMD applications to open. A couple of .dll files from system32 are missing, and I might have to format my HDD this afternoon if I have too many problems (TBH it wouldn't hurt at all, been running without formatting for nearly 2 years).

Nothing to do with this, look at the link yourself to see what it does.

Ctb · May 05, 2008, 06:35 PM // 18:35

Quote:

pablo24 most likely already reported it and PlayNC probably ignored him (like usual) so the only way to force PlayNC to fix this is making the exploit public.

http://www.tigerdirect.com/cgi-bin/S...art=y&msg=This used to accept anything

I found that four years ago. Three years ago they still weren't sanitizing the input even after multiple complaints and a full-fledged proof-of-concept attack on the form the completely replaced their shopping cart with a form that sent data offsite. They finally fixed it within the last year or so.

Unfortunately, there's rarely any way to get directly to the website developers who can fix these sorts of things, and since business majors have no actual competencies, yet are usually the people managing the individuals who DO get the reports, it's pretty much standard procedure for this sort of report to never get into the hands of anybody who knows anything.

Sadly, this sort of incompetence is standard procedure in the business world. Remember that the next time you buy anything online...

slowerpoke · May 05, 2008, 06:43 PM // 18:43

try Gailes wiki? shes heading up support and usually follows up on things brought to her attention

**cosyfiep** · May 05, 2008, 06:43 PM // 18:43

this is not helping me feel any better.....but good to know its there and that we should be even more cautious about what we do.....ugh.

pablo24 · May 05, 2008, 06:50 PM // 18:50

Alright, Gaile finally sent me an email, but keep checking all the links that go to the plaync login site!

TheRaven · May 05, 2008, 07:17 PM // 19:17

I sent a PM to Regina earlier (back when this thread was 1 page long) and asked her to read this thread since I noticed that she replied in the hacked accounts thread.

She replied quickly and said that she's forwarded the info here onto Gaile and they are looking into fixing it. Hopefully something will get fixed.

Thanks for finding it pablo. I'm glad you're on our side.

Karuro · May 05, 2008, 07:52 PM // 19:52

That.. Creeped me out o_O
Someone reassure me that there's nothing evil going on on that page?

natural_Causes · May 05, 2008, 07:56 PM // 19:56

Good find Pablo. I never would have thought to look for something like that. This is quite possibly how hackers are stealing people's accounts. It would not be to difficult to do I assume.

pablo24 · May 05, 2008, 07:57 PM // 19:57

You can check the code in the URL yourself, all it does is show the message asking why they have to put the XSS flaw exactly on the login page and show a frame with the content of http://plaync.justgotowned.com.

Karuro · May 05, 2008, 08:07 PM // 20:07

I see (triple even!).
Here's to hoping NCsoft pays attention.

Solas · May 05, 2008, 08:25 PM // 20:25

gj and nice find pablo

hopefully it'll be sorted out soon