Not lame, the lamest. I won't describe this with every detail, it was just too lame. I was trying some other URL SQL Injections on Lamer (without any great success) when found something weird.
When submitting a post on forum I was looking in Fiddler for the post data. And I found my username and user ID within. I thought it's a bad joke, a remnant from an old version... I mean my username was in the cookie with my coded password (long term cookies for "remember me" for a year or so logins), why require it on form... in hidden inputs. It wasn't hidden at all.
I copied the site to a local HTML file, replaced every relative path (./) to absolute ones (http://lamer_domain.top_level_domain/) with Notepad++, removed the type="hidden" attributes of the inputs, and opened it.
There was a form, where I couldn't just post a text, but I could specify the one posting it. Guess what, I picked the administrator (user ID 2). Well, I'm a l33t, at least I've done this on the test-page, so no real user was reading it.
I think that's all about Lamer. When I was first asked to hack Lamer, I was thinking that 5 successful attempts will be more than enough to be acknowledged as somebody important, so this is the point where I'll stop hunting, this was the fifth chance to do something a normal user shouldn't do. Lamer isn't lame any more, moreover, never really was. I still think it's the best site ever, and hope one day I'll be one of it's programmers. But don't worry, the world is full of hackable things, and this blog will be alive until the whole world won't become smarter than I am.
The more I hack the more ideas I get to hack. So please stand by, very soon you'll hear about me.
2 comments:
how soon it is?
Still waiting bro..
Post a Comment