1 2 Previous Next 28 Replies Latest reply: Jun 13, 2007 12:11 AM by 807597 Go to original post RSS
      • 15. Re: Alright, who hacked my account?
        807597
        Someone also posted something using my ID in the deleted thread that I created yesterday entitled Out Of Control. What is happening?
        • 16. Re: Alright, who hacked my account?
          807597
          Someone also posted something using my ID
          No your browser posted it.

          It's been explained a million times to be honest. This is the last time. There is a bug in the forum where the referring url is not checked while at the same time forms that use POSTs can be processed as GETs.\

          What all this means is that you can create links that when clicked will cause the person who clicks

          - create new threads
          - create new posts
          - do duke related things (only works in special cases)
          - modify your profile

          The second bug is that Sun allows one to embed links (rendered by the browser) as part of the url style. This means you can embed the links from above and they no longer need to be clicked. As soon as your browser renders the page it is like they are being clicked because your browser is following the links thinking they are image urls.

          Both of these bugs have been known for some while.
          • 17. Re: Alright, who hacked my account?
            807597
            As I understand it, all of these hacks rely on the ability to create links with "style" attributes, correct? Adding the following rule to my user stylesheet for this site seems to have stopped this particular cyber-fart joke; does anyone know of any other measures we can/should take?
            a[style] { display: none !important; }
            Of course, this also means I won't be able to see the images we're not supposed to be able to post, but I guess I can live with that. ^_^

            BTW, thanks for the heads-up, cotton.
            • 18. Re: Alright, who hacked my account?
              807597
              As I understand it, all of these hacks rely on the
              ability to create links with "style" attributes,
              correct? Adding the following rule to my user
              stylesheet for this site seems to have stopped this
              particular cyber-fart joke; does anyone know of any
              other measures we can/should take?
              If that works then no. Because the current flood of exploits flow from that.
              • 19. Re: Alright, who hacked my account?
                794069
                What a horse load of crap. This is supposed to be a professional forum, not some 2 bit operation running out of someones bedroom.
                • 20. Re: Alright, who hacked my account?
                  807597
                  What a horse load of crap. This is supposed to be a
                  professional forum, not some 2 bit operation running
                  out of someones bedroom.
                  Hey!

                  As elected chairman for 2007 of the international brotherhood of 2 bit operations running out bedrooms I must tell you we resent that remark.
                  • 21. Re: Alright, who hacked my account?
                    807597
                    This is actually a worse bug then I thought originally. Because it can be exploited to override your privacy settings.
                    • 22. Re: Alright, who hacked my account?
                      jwenting
                      What a horse load of crap. This is supposed to be a
                      professional forum, not some 2 bit operation running
                      out of someones bedroom.
                      the forum software however IS created by some 2 bit operation out of someone's bedroom :)
                      Sun buys it and the services to maintain it from a 3rd party...
                      • 23. Re: Alright, who hacked my account?
                        807597
                        Never overlook Cool Ranch Doritos� as a breakfast food.

                        P.S. 47+ fu cking pages in that thread?! Hey D�na, et al, STOP THE MADNESS!
                        • 24. Re: Alright, who hacked my account?
                          807597
                          I think the forum admins would take prompt action if someone were to exploit the bug so that it posts "less than palatable" pictures to the offending thread. Not that I am recommending such a thing.

                          Now the 4 column sort is > 65 pages!! STOP IT JONATHAN SCHWARTZ!!!
                          • 25. Re: Alright, who hacked my account?
                            807597
                            Also stay out of yawmark's "So now I have to check my profile after every thread?" thread, pooperscooper posted a hack there too.
                            • 26. Re: Alright, who hacked my account?
                              807597
                              Now it is really f�cked up for me! All items under Views and Last Post are shown as question marks.

                              Okay, now I fixed it.

                              Message was edited by:
                              filestream
                              • 27. Re: Alright, who hacked my account?
                                807597
                                Usually, forums I've seen have something called 'Moderators'.

                                These 'Moderators' would take care of things like abusive posts & certainly posts that did things like hack accounts.

                                Also, many sites I visit have something called an 'Administrator'.

                                These 'Adminstrators' would handle things like taking care of known bugs that let hacks like this happen.

                                Wait a minute maybe its not....no it is....I see that the url for this forum ends in ....sun.com. I seem to have incorrectly assumed that Sun was one of the larger computer companies, and as such, would have understood concepts like 'Web Site Administrator' and 'Forum Moderator'.
                                • 28. Re: Alright, who hacked my account?
                                  r035198x
                                  I think the duke shenanigans are ridiculous
                                  too,
                                  although I hope you enjoyed the 4 dukes I
                                  stole
                                  for
                                  you earlier flounder.
                                  Yep, the more the merrier. Only 21 to go.
                                  Would you like to donate some to me? I am very
                                  poor.
                                  :(
                                  How many would you like?
                                  Perhaps we'll get a spamer who'll post a script that increases all our dukes.
                                  1 2 Previous Next