User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Someone wrote a TWW virus Page [1] 2 3, Next  
moron
All American
34142 Posts
user info
edit post

that's what all the random threads are about

If you find the person that posted the very first one, and then see what thread they clicked on before it was posted, you can find who made the auto posting code.

There's only a handful of people that could do it though.

[Edited on July 28, 2007 at 12:43 AM. Reason : ]

7/28/2007 12:43:04 AM

pilgrimshoes
Suspended
63151 Posts
user info
edit post

Sorostitute

7/28/2007 12:45:58 AM

fjjackso
All American
14538 Posts
user info
edit post

terminate him and everyone who uses the name

7/28/2007 12:48:20 AM

synapse
play so hard
60939 Posts
user info
edit post

turn off javascript in your browser, or just set browser security settings to high.

7/28/2007 12:51:34 AM

fjjackso
All American
14538 Posts
user info
edit post

im too drunk for this

someone eliminate that penis lover

7/28/2007 12:52:57 AM

qntmfred
retired
40726 Posts
user info
edit post

message_topic.aspx?topic=297214&page=1685#10588921

lol

he still f-ed it up though. undefined wtf? if you're gonna start shit, better come right son.

[Edited on July 28, 2007 at 1:04 AM. Reason : kna mean]

7/28/2007 1:00:58 AM

El Nachó
special helper
16370 Posts
user info
edit post

yeah, if Jere doesn't get suspended for this too, I'll be upset. What's the point of suspending the account if the actual person responsible goes unpunished?

7/28/2007 1:12:11 AM

Jere
Suspended
4838 Posts
user info
edit post

ZIP.

[Edited on July 28, 2007 at 1:27 AM. Reason : .]

7/28/2007 1:18:45 AM

drunknloaded
Suspended
147487 Posts
user info
edit post

wtf...el nacho is retarded...this is not jere doing this...

7/28/2007 1:20:56 AM

El Nachó
special helper
16370 Posts
user info
edit post

^^I'm not sure what point you're trying to make, but mine is pretty clear and it still stands.
^whatever.

7/28/2007 1:21:45 AM

drunknloaded
Suspended
147487 Posts
user info
edit post

wtf...u have no proof...how do you know its jere

7/28/2007 1:22:58 AM

Jere
Suspended
4838 Posts
user info
edit post

ZIP!

[Edited on July 28, 2007 at 1:26 AM. Reason : .]

7/28/2007 1:24:05 AM

drunknloaded
Suspended
147487 Posts
user info
edit post

^what i dont get is that i made a feedback forum thread on terminating sorostitute and only sorostitue has posted in it...i think thats fucking sad...

7/28/2007 1:27:38 AM

E_Bum
Veteran
215 Posts
user info
edit post

livingproofruckenheadncsu46n2

7/28/2007 1:35:05 AM

3
Suspended
1175 Posts
user info
edit post

.

7/28/2007 1:37:16 AM

Str8BacardiL
************
41754 Posts
user info
edit post

I jsut got pwnt.

7/28/2007 5:04:32 AM

Lowjack
All American
10491 Posts
user info
edit post

im guessing this doesnt affect safari

7/28/2007 5:11:17 AM

3
Suspended
1175 Posts
user info
edit post

only premium users i think

7/28/2007 6:14:11 AM

joe17669
All American
22728 Posts
user info
edit post

whoever is behind this is gonna get our html privileges taken away

7/28/2007 8:09:57 AM

jchill2
All American
2683 Posts
user info
edit post

this is crazy

7/28/2007 9:47:22 AM

miska
All American
22242 Posts
user info
edit post

http://noscript.net/getit and add tww as a not trusted site

7/28/2007 10:52:19 AM

terpball
All American
22489 Posts
user info
edit post

i don't see why they don't just go through and delete all those threads

7/28/2007 11:12:22 AM

jackleg
All American
170957 Posts
user info
edit post

http://home.nc.rr.com/jackleg/exploit.txt

2nd line there is decoded from base64

i know who this looks like the work of, and its about time you drop the IP ban hammer, and tag him with a tracking device to kill future IPs. i can help with that part.... i cant believe someone KEEPS beating tww with gay stuff like that, hahaha


and i dont know why i put tww back in my whitelist but it was. not anymore. i didnt realize the holes were still there

7/28/2007 12:06:17 PM

fjjackso
All American
14538 Posts
user info
edit post

damnit, the second i turn java encr. back on for another site, i get owned

7/28/2007 1:41:55 PM

jackleg
All American
170957 Posts
user info
edit post

if you use firefox you should use one of the scriptless extensions. i think even ie7 offers plugins liek that too

its like an adblocker where you can ban certain sites, or allow them. that way you dont have to de-featureize (SQUIDBILLIES WOO) your browsing cause of one lamer faggot

7/28/2007 1:48:07 PM

roddy
All American
25834 Posts
user info
edit post

jackleg, it got you in Classifieds

7/28/2007 3:04:00 PM

marko
Tom Joad
72828 Posts
user info
edit post

jeeze louise...someone's gone and done what nc state has dreamed hoped would happen to this site for 7 years

7/28/2007 3:07:36 PM

EMCE
balls deep
89771 Posts
user info
edit post

hahahahaha

7/28/2007 3:08:11 PM

The Coz
Tempus Fugitive
26098 Posts
user info
edit post

They can never take our FREEDOM.

7/28/2007 4:33:24 PM

amac884
All American
25609 Posts
user info
edit post

GIMME BACK MY SON

7/28/2007 4:36:11 PM

jwb9984
All American
14039 Posts
user info
edit post

my wiener will go on

7/28/2007 4:46:23 PM

Dammit100
All American
17605 Posts
user info
edit post

so what needs to be done if we were drunk and opened a shitload of those threads?

7/28/2007 7:08:43 PM

jackleg
All American
170957 Posts
user info
edit post

Quote :
"jackleg, it got you in Classifieds"


no shit, read my post.

and now i remember why i whitelisted the site back, i thought jake closed the hole up and i wanted to use the quoteclickys!!!1

[Edited on July 28, 2007 at 8:15 PM. Reason : ^nothing, the mods will erase them. youre not like infected or anything]

7/28/2007 8:14:31 PM

XSMP
All American
16674 Posts
user info
edit post

the first posting of that code was in EMCE's thread, "I still wear my hat askew", posted by Sorostitute.

7/29/2007 12:16:16 AM

moron
All American
34142 Posts
user info
edit post

This particular attack can be thwarted if TWW just stripped the post_topic.aspx text from all input forms.

7/29/2007 2:52:12 AM

qntmfred
retired
40726 Posts
user info
edit post

yeah but then nobody would be able to make new threads

that's worse than taking away html

7/29/2007 11:02:58 AM

evan
All American
27701 Posts
user info
edit post

oh man, this is the funniest thing thats ever happened to tww.

7/29/2007 11:52:37 AM

Tyr
Suspended
103 Posts
user info
edit post

it hasn't gotten me yet!



[Edited on July 29, 2007 at 12:33 PM. Reason : me ]

7/29/2007 12:33:28 PM

sarijoul
All American
14208 Posts
user info
edit post

so do non-premies need worry about this?

7/29/2007 12:39:07 PM

Prospero
All American
11662 Posts
user info
edit post

where the heck is the admins, why isn't this taken care of? it's been days already

7/29/2007 1:57:21 PM

taylor
All American
2210 Posts
user info
edit post

bahahaha, ridiculously funny

7/29/2007 5:54:46 PM

legatic
All American
7481 Posts
user info
edit post

ok, so if I'm not mistaken, a large part of what sets it off is

Quote :
"< img src = " images/logo.gif" style="position: relative; left: -1500px;" onload="


couldn't J just rename "logo.gif" to "logo1.gif" for the time being?

7/29/2007 6:37:03 PM

jackleg
All American
170957 Posts
user info
edit post

Quote :
"oh man, this is the funniest thing thats ever happened to tww."


says the guy thats been here a year

7/29/2007 8:21:14 PM

5
All American
1229 Posts
user info
edit post

haha

7/29/2007 8:28:46 PM

XSMP
All American
16674 Posts
user info
edit post

"luckily, the guy was hot as fuck!"

7/29/2007 9:21:00 PM

moron
All American
34142 Posts
user info
edit post

Quote :
"yeah but then nobody would be able to make new threads

that's worse than taking away html

"


Not if it only stripped it from user input forms. It would only defeat this one exploit though.

But, if premies can embed HTML in their status names (how does nerdchick make her timestamp blue?), all the premies could easily add another <div> which should register before the first post, and if they did this, it would mostly break the exploit, allowing people to use javascript and not worry about it. If this would work ( I can't test it not being premie), you could also maybe find a way to force this out if you can embed html in the chatterbox (forcibly change any premie's status text that is viewing chatterbox at that instant).

It would also be possible to write an anti-exploit exploit to delete the offending threads, but it would require admins/mods falling victim (since they only have delete privs).

7/29/2007 11:58:33 PM

theDuke866
All American
52839 Posts
user info
edit post

Quote :
"its about time you drop the IP ban hammer, and tag him with a tracking device to kill future IPs. i can help with that part.... i cant believe someone KEEPS beating tww with gay stuff like that, hahaha"


yeah, i think the powers that be should enlist your help and do just that


and the mods are trying to keep it under control, but it propagates faster than we can kill it sometimes

plus my computer is fuckered up right now, so i have to use my roommates' most of the time

7/30/2007 1:09:06 AM

qntmfred
retired
40726 Posts
user info
edit post

487632
487637
487638
487643
487645
487649
487652
487654
487655
487657
487660
487661
487668
487669
487673
487674
487677
487678
487679
487681
487685
487692
487696
487704
487706
487707
487710
487712
487713
487722
487730
487732
487744
487745
487746
487753
487754
487755
487756
487757
487758
487761
487762
487773
487774
487777
487782
487785
487791
487797
487801
487817
487824
487827
487837
487840
487848
487855
487861
487870
487872
487874
487880
487882
487889
487892
487895
487906
487907
487912
487917
487923
487926
487932
487959
487970
487980
488004
488013
488015
488018
488019
488032
488049
488050
488053
488055
488068
488079
488112
488115
488123
488126
488129
488137
488144
488146
488152
488180
488183
488184
488194
488210

FYI

7/30/2007 1:36:34 AM

drunknloaded
Suspended
147487 Posts
user info
edit post

^not trying to pick on you, just curious how long it took you to make that list

7/30/2007 1:45:03 AM

qntmfred
retired
40726 Posts
user info
edit post

hold on a second, i'll tell ya.

[Edited on July 30, 2007 at 1:50 AM. Reason : 156 seconds]

although i guess i should be fair and include premium palace too right

487237
487241
487633
487641
487650
487651
487656
487691
487705
487743
487750
487763
487776
487779
487799
487811
487814
487820
487939
487950
487965
488020
488048
488051
488136
488141
488156
488170
488198


[Edited on July 30, 2007 at 2:00 AM. Reason : <3 premies]

7/30/2007 1:46:55 AM

 Message Boards » Feedback Forum » Someone wrote a TWW virus Page [1] 2 3, Next  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.