• TF2 Raffles Website
    237 replies, posted
Fuck that, this version is better. [media]http://www.youtube.com/watch?v=NgrGRcjyzVw[/media]
[QUOTE=leonthefox;28154814]Thanks to god, I was getting paranoid[/QUOTE] Either way, jesse needs more security measures next time... Also, if this was introduced to SPUF then i will politely declare that whoever did is a fucking moron.
"^_^" no not that noooooo
Nah thank the man that introduced it to SPUF, both scam accusers and defenders are pathetic and hilarious
I don't want to enter the site because I'm a bit paranoid, but what is going on?
nice job getting hacked jesse [editline]19th February 2011[/editline] [QUOTE=leonthefox;28154998]I don't want to enter the site because I'm a bit paranoid, but what is going on?[/QUOTE] hacker is adding a bunch of stuff that mocks jesse in the announcement tabs
Dammit Jesse.
I love the hacker he's now overtaken reecematee as my favourite person on the internet
[QUOTE=devon_wargod;28155002]nice job getting hacked jesse [editline]19th February 2011[/editline] hacker is adding a bunch of stuff that mocks jesse in the announcement tabs[/QUOTE] .....i need linkage.
[QUOTE=TentuZero;28155050].....i need linkage.[/QUOTE] [url]http://tf2raffles.com/index.php[/url]
-snip-
Jesse...please tell you used a legitimate host and not yourself for this site...
"at least use htmlentities() next time. that's a start!" I'm no scripter but I guess jeese did a line wrong perhaps.
[QUOTE=Chip;28155125]"at least use htmlentities() next time. that's a start!" I'm no scripter but I guess jeese did a line wrong perhaps.[/QUOTE] This sounds like a classic backdoor hack.
[QUOTE=Chip;28155125]"at least use htmlentities() next time. that's a start!" I'm no scripter but I guess jeese did a line wrong perhaps.[/QUOTE] As far as I can tell, what's going on is that first, the hacker(s) gained access to the admin account somehow, and in there, jesse hasn't bothered with escaping any HTML characters, which enables the hackers to put whatever they want into the announcements. If htmlentities() had been used, none of that would've happened, they'd just have access to the admin account instead.
This is rather sad.
[QUOTE=Hideous_;28155169]As far as I can tell, what's going on is that first, the hacker(s) gained access to the admin account somehow, and in there, jesse hasn't bothered with escaping any HTML characters, which enables the hackers to put whatever they want into the announcements. If htmlentities() had been used, none of that would've happened, they'd just have access to the admin account instead.[/QUOTE] They still can fuck up the site though, admin controls have the ability to take down portions of the site, or the entire site itself. :colbert:
[QUOTE=Chilblain;28155173]This is rather sad.[/QUOTE] Hilarious is a better word
i do like kawaii moe anime thankyou [editline]19th February 2011[/editline] ;>_<
[QUOTE=K0ppel;28155192]Hilarious is a better word[/QUOTE] Also this.
[QUOTE=Hideous_;28155169]As far as I can tell, what's going on is that first, the hacker(s) gained access to the admin account somehow, and in there, jesse hasn't bothered with escaping any HTML characters, which enables the hackers to put whatever they want into the announcements. If htmlentities() had been used, none of that would've happened, they'd just have access to the admin account instead.[/QUOTE] Nope, wrong. Me and Athernar have been using the simple fact that Jesse is unable to protect the link from the user. Never, ever trust user input. Apparently other people found out as well, and they caused the enormous fuck up in CSS changes and other shit.
[quote]"DescriptionTag, this is all your fault. >:("[/quote] :frown:
:sweden: [editline]19th February 2011[/editline] rip swedish announcement/protip
Also, I see no use in protecting the admin area with htmlentities and strip_tags and what not. It's clearly only meant to be for admins, whom you trust, so duh. If only he could actually protect the site. Cause the adding raffles page does not allow html, php and javascript, he was on top of that. Not so much that he needs to strip actions in the admin page, just the exploit that we can login to anyone's account is enough.
[QUOTE=K0ppel;28155192]Hilarious is a better word[/QUOTE] K0ppel confirmed as the hacker for the site?
[QUOTE=Mio Akiyama;28155446]K0ppel confirmed as the hacker for the site?[/QUOTE] If so Fusilero will become a hero of mine.
CRAP I'M CAUGHT SOMEONE CALL REECEMATEE I NEED A GETAWAY CAR :byodood:
Its funny because Jeese told me Fusiello doesn't give the items in his raffles what an ass
If fulisero did this then my respect for him will shoot up 33 points. And he will recieve free keys. :colbert: [editline]19th February 2011[/editline] [QUOTE=Chip;28155509]Its funny because Jeese told me Fusiello doesn't give the items in his raffles what an ass[/QUOTE] I got my capotain from him. :buddy:
[QUOTE=Chip;28155509]Its funny because Jeese told me Fusiello doesn't give the items in his raffles what an ass[/QUOTE] Hun I give away every pixel I have that isn't pinned down and I've spent £670 on people I say I give enough [editline]19th February 2011[/editline] [QUOTE=TentuZero;28155517] And he will recieve free keys. :colbert: [/QUOTE] I totally did it
Sorry, you need to Log In to post a reply to this thread.