Create a worm that will infect the official forums menu

Shout-Out

User Tag List

Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 69
  1. #46
    trancehax's Avatar Banned
    Reputation
    29
    Join Date
    Feb 2007
    Posts
    491
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not going to test it and tell you what happens.
    FAIL happens.
    I love you.

    Create a worm that will infect the official forums
  2. #47
    glo's Avatar Member
    Reputation
    6
    Join Date
    Jan 2007
    Posts
    23
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First this won't work on the wow forums.
    Second if you have the knowledge to fix his code you could have done it yourself anyway.

  3. #48
    Kyle94481's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    19
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ummm.... right.....

  4. #49
    imtel's Avatar Member
    Reputation
    1
    Join Date
    Jan 2008
    Posts
    125
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Hasbro View Post
    LOL I DID READ UR WALL'O TEXT
    SO DID I.!

  5. #50
    Ultrapowa's Avatar Active Member
    Reputation
    16
    Join Date
    May 2008
    Posts
    87
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok I looked at the code and read what Moskva said.
    Moska is wrong on one thing:

    What allows you to post are session variables (else you are considered as not logged). If you leave the forums, (by clicking on the link for example), session variables are lost.

    When you come back to wow forums, wow forums cookie is included and auto log you (session variables are regenerated).
    BUT WHEN YOU SUBMIT AN EXTERNAL FORM (like the one that would be stored on our site) SESSION COOKIE WON'T BE INCLUDED (and there's no way to include it), so your form submit will be rejected by wow forums cause you will be considered as not logged.

    SORRY if what i wrote is hard to understand, english is not my mother tongue
    Last edited by Ultrapowa; 07-04-2008 at 03:49 PM.

  6. #51
    Moskva's Avatar Member
    Reputation
    31
    Join Date
    Dec 2007
    Posts
    17
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Ultrapowa View Post
    Ok I looked at the code and read what Moskva said.
    Moska is wrong on one thing:

    What allows you to post are session variables (else you are considered as not logged). If you leave the forums, (by clicking on the link for example), session variables are lost.

    When you come back to wow forums, wow forums cookie is included and auto log you (session variables are regenerated).
    BUT WHEN YOU SUBMIT AN EXTERNAL FORM (like the one that would be stored on our site) SESSION COOKIE WON'T BE INCLUDED (and there's no way to include it), so your form submit will be rejected by wow forums cause you will be considered as not logged.

    SORRY if what i wrote is hard to understand, english is not my mother tongue
    That's only true if the form action is stored on your server. In this case, though, it's still using the wow-europe script; wow-europe server is requesting the cookies, not your own.

    Worst case scenario: modify headers to show referrer as wow-europe.

  7. #52
    ghetzu's Avatar Member
    Reputation
    1
    Join Date
    Jun 2008
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    dubt its gonna work

  8. #53
    Sylvor's Avatar Member
    Reputation
    1
    Join Date
    Dec 2007
    Posts
    42
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Epic thread is epic.


  9. #54
    shadesdude's Avatar Member
    Reputation
    7
    Join Date
    Feb 2008
    Posts
    28
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ultrapowa Said it more bluntly and clearly than me. "SESSION COOKIE WON'T BE INCLUDED" Your script would have to pass the headers and session info. Yes you can have you script pass this but as you said "That's only true if the form action is stored on your server." I highly doubt something as big as wow is gonna have unauthenticated forum posts. My reference to DDoS (Distributed denial of service so it's not just one person flooding the server) was just saying that this is a more realistic way to accomplish this. Also I'm sure loading a worm onto WoW's forums is just as illegal as DDoS. Just my thoughts on the matter.

    edit: from what I understand he is doing this
    forum browser clicks a link unwittingly which navigates them from the main wow site. (Session variables are scrapped)
    The link takes them to his script that generates a post on wow's site with the same link as above.
    It's just a MIM attack but the thing is you can pass the form info just fine but WOW's serverside script has no user name or session ID's to verify that it's a real post.
    Last edited by shadesdude; 07-04-2008 at 08:22 PM.

  10. #55
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try using the [php*][/php*] tags (without star) another time, will you?
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  11. #56
    Moskva's Avatar Member
    Reputation
    31
    Join Date
    Dec 2007
    Posts
    17
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by shadesdude View Post
    Ultrapowa Said it more bluntly and clearly than me. "SESSION COOKIE WON'T BE INCLUDED" Your script would have to pass the headers and session info. Yes you can have you script pass this but as you said "That's only true if the form action is stored on your server." I highly doubt something as big as wow is gonna have unauthenticated forum posts. My reference to DDoS (Distributed denial of service so it's not just one person flooding the server) was just saying that this is a more realistic way to accomplish this. Also I'm sure loading a worm onto WoW's forums is just as illegal as DDoS. Just my thoughts on the matter.

    edit: from what I understand he is doing this
    forum browser clicks a link unwittingly which navigates them from the main wow site. (Session variables are scrapped)
    The link takes them to his script that generates a post on wow's site with the same link as above.
    It's just a MIM attack but the thing is you can pass the form info just fine but WOW's serverside script has no user name or session ID's to verify that it's a real post.
    There's one flaw in that logic.

    When you navigate away from a page, session variables are not destroyed. Session variables go away when you close your browser, not navigate away from a page.

    And posting a worm would break some terms of use and whatnot, but it's not explicitly illegal - you aren't causing actual damage. DDoS, OTOH, if it succeeds, causes very real usage damage that is representable in a very real world form.

  12. #57
    shadesdude's Avatar Member
    Reputation
    7
    Join Date
    Feb 2008
    Posts
    28
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ahhh you got me there I set my variables to go away after I navigate from the page forgot it wasn't standard. Giving you +rep for making me think.
    Last edited by shadesdude; 07-04-2008 at 08:38 PM.

  13. #58
    lothlogan's Avatar Active Member
    Reputation
    29
    Join Date
    Nov 2006
    Posts
    137
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Im pretty sure...thats pretty damn illegal

  14. #59
    Purple Sprite's Avatar Banned
    Reputation
    139
    Join Date
    May 2008
    Posts
    346
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow, incredible worm haha

  15. #60
    thaer's Avatar Member
    Reputation
    26
    Join Date
    Dec 2007
    Posts
    82
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice one, would be cool to see.

Page 4 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 06-08-2012, 12:53 AM
  2. [Misc] I need a website that will work with the Skyfire core.
    By fredalbob in forum WoW EMU Questions & Requests
    Replies: 1
    Last Post: 08-01-2011, 09:31 AM
  3. Replies: 2
    Last Post: 05-04-2009, 04:04 PM
  4. How to create an item that will teleport!
    By Lagymoon in forum WoW EMU Guides & Tutorials
    Replies: 6
    Last Post: 06-06-2008, 08:38 AM
  5. [REQUEST]New Mall vendors that will work with the lastest NCDB
    By Corosive720 in forum World of Warcraft Emulator Servers
    Replies: 0
    Last Post: 12-22-2007, 07:05 PM
All times are GMT -5. The time now is 04:33 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search