View Full Version : OpenBSD website hacked
Luke has no name
July 8th, 2008, 02:27 PM
http://tinyurl.com/57n7ny
Pretty insane, isn't it? :)
Luffield
July 8th, 2008, 02:30 PM
Yeah, pretty insane. The person who did it didn't choose the most subtle way to make their point, did they? :-\
jonabyte
July 8th, 2008, 02:42 PM
http://www.openbsd.org/cgi-bin/cvsweb/src/?sortby=%22%3E%3Ch1%20style=%22position:absolute;t op:10px;font-size:72pt%22%3E%3Cblink%3ENetBSD%20is%20more%20sec ure%3C/blink%3E%3C/h1%3E
That's not a hack, well at least not on the web server.
PmDematagoda
July 8th, 2008, 03:01 PM
Remove the:-
?sortby=%22%3E%3Ch1%20style=%22position:absolute;t op:10px;font-size:72pt%22%3E%3Cblink%3ENetBSD%20is%20more%20sec ure%3C/blink%3E%3C/h1%3E
after /src and it all becomes normal, I think that link was just specially made to fool people.
x0as
July 8th, 2008, 03:21 PM
http://www.microsoft.com/en/us/default.aspx?pf=true&navGroupName=Ubuntu%20is%20more%20secure
So did microsoft :lolflag:
keiichidono
July 8th, 2008, 03:23 PM
I saw an obvious use of HTML in the URL to make it display on page, it's tom foolery. @Above post, i think you mean to link here (http://www.microsoft.com/en/us/default.aspx?pf=true&navGroupName=Ubuntu%20is%20a%20better%20operating% 20system%20than%20Windows%20in%20every%20way).
eragon100
July 8th, 2008, 03:51 PM
Well it's certainly nice of them to admit it, but eh... I am a bit :confused:, anyway :lolflag:
Luke has no name
July 15th, 2008, 04:53 PM
I saw an obvious use of HTML in the URL to make it display on page, it's tom foolery. @Above post, i think you mean to link here (http://www.microsoft.com/en/us/default.aspx?pf=true&navGroupName=Ubuntu%20is%20a%20better%20operating% 20system%20than%20Windows%20in%20every%20way).
Looks like the hole was closed here.
fatality_uk
July 15th, 2008, 05:02 PM
Hacked :lol:
That's not even a script baby, never mind a script kiddie!!!
method="post" solves numpties messing about like that.
fluteflute
July 15th, 2008, 06:49 PM
method="post" solves numpties messing about like that.
Oh course you can achieve a similar effect, but just not by a simple link. :)
Le-Froid
July 15th, 2008, 06:52 PM
Looks like the hole was closed here.
Nice bump :p
cardinals_fan
July 15th, 2008, 07:49 PM
Looks like the hole was closed here.
What hole?
aaaantoine
July 15th, 2008, 07:52 PM
Hacked :lol:
method=post solves numpties messing about like that.
Validating the query string would be more useful in this case.
This isn't exactly a useful hack, other than a proving that some dangerous things can potentially be done via querystring.
Now, if you used that URL to store text in a database, you'd have a real dangerous vulnerability.
_DD_
July 15th, 2008, 08:31 PM
Its simple XSS/injection/whatever.
Rule #1 of scripting... never trust any variable.
D-EJ915
July 15th, 2008, 09:37 PM
Looks like the hole was closed here.
there never was a hole :P
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.