Zeke Posted May 18, 2016 Share Posted May 18, 2016 inb4 Yak goes apeshit over source code.. 1 Link to comment Share on other sites More sharing options...
root Posted May 18, 2016 Author Share Posted May 18, 2016 2 hours ago, Sutekh_the_Steak said: Ahaaaaaah I love how this thread about what we'd do if we found an FA exploit appeared literally days before someone actually found a way to use an FA exploit. Irony (it is irony right?) at it's best. Nah, it'd be pretty stupid to leave a trail this obvious two days before executing your plan. Funny thing is, I did consider this happening, but I thought "meh what are the chances FA is going to get hacked right after I make this thread." 1 hour ago, Terminal7 said: Aye. I truly don't understand what someone would do with the code - I don't know, maybe that's why they didn't bother trying to patch up security holes. They should really get into the process of having an overhaul of the site, but maybe too many users are relying on it for income (or something like that) A lot of people (including me) want it out of mere curiosity. It's been reported by ex-developers for years that the code is an utter trainwreck and I'd love to feast my eyes upon its insides to see for myself. I'm too lazy to scour over all of it, but there would be certain points I would look for to see what's going on under the hood. I'm still trying to figure out how the little thing I found gives the results that it does. I'd expect PHP to prematurely exit the script after hitting too many nested functions, but I'm not sure that's what's happening... Honestly I hope FA stays around for a long time because I love the simplistic, homemade, slapped together in a week feel to it. I also like finding random novelty names and registering my own. Link to comment Share on other sites More sharing options...
Sutekh_the_Steak Posted May 18, 2016 Share Posted May 18, 2016 Just now, root said: Nah, it'd be pretty stupid to leave a trail this obvious two days before executing your plan. Funny thing is, I did consider this happening, but I thought "meh what are the chances FA is going to get hacked right after I make this thread." Oh nah I was just laughing at the coincidence, not inferring some sort of trail. lol 1 Link to comment Share on other sites More sharing options...
Ricky Posted May 18, 2016 Share Posted May 18, 2016 I doubt it would be very hard to do using professional tools. Who knows what relics of ancient code exist buried in some corner. All you need to do is send one unchecked value to the DB through an un-parameterized query. Link to comment Share on other sites More sharing options...
root Posted May 18, 2016 Author Share Posted May 18, 2016 10 minutes ago, Ricky said: All you need to do is send one unchecked value to the DB through an un-parameterized query. Are they even using parameterized queries? I assumed they were probably using something like mysqli_real_escape_strring and preg_replace :-p Link to comment Share on other sites More sharing options...
Ricky Posted May 18, 2016 Share Posted May 18, 2016 1 minute ago, root said: Are they even using parameterized queries? I assumed they were probably using something like mysqli_real_escape_strring and preg_replace :-p No clue either, and yeah, probably not given the trends so far. I'm not sure what someone found but if it's the User-Agent string and un-escaped quotes I'll laugh my ass off. Link to comment Share on other sites More sharing options...
PastryOfApathy Posted May 19, 2016 Share Posted May 19, 2016 Guys I have a confession.... I took down FA. I was thirsty and spilled some mountain dew on the servers. I warned Neer to help me grab some towels but him and Chase were having their hourly "diddle time" so I wasn't allowed to disturb their slumber. I apologize to artists everywhere. 3 Link to comment Share on other sites More sharing options...
Sutekh_the_Steak Posted May 19, 2016 Share Posted May 19, 2016 4 minutes ago, PastryOfApathy said: Guys I have a confession.... I took down FA. I was thirsty and spilled some mountain dew on the servers. I warned Neer to help me grab some towels but him and Chase were having their hourly "diddle time" so I wasn't allowed to disturb their slumber. I apologize to artists everywhere. goddamit Link to comment Share on other sites More sharing options...
Deskai Posted May 19, 2016 Share Posted May 19, 2016 1 hour ago, PastryOfApathy said: Guys I have a confession.... I took down FA. I was thirsty and spilled some mountain dew on the servers. I warned Neer to help me grab some towels but him and Chase were having their hourly "diddle time" so I wasn't allowed to disturb their slumber. I apologize to artists everywhere. thats fine, the last person tripped over a cable and FA was down for several months cause the person hid the cable to not get in trouble Link to comment Share on other sites More sharing options...
nrr Posted May 19, 2016 Share Posted May 19, 2016 1 hour ago, root said: Are they even using parameterized queries? I assumed they were probably using something like mysqli_real_escape_strring and preg_replace :-p They aren't even using mysqli. Link to comment Share on other sites More sharing options...
Toshabi Posted May 19, 2016 Share Posted May 19, 2016 I logged in and it changed my theme to the new theme. Holy shit how is this even passable!?! Link to comment Share on other sites More sharing options...
SirRob Posted May 19, 2016 Share Posted May 19, 2016 Dayum Toshabi, you're popufur as heck Link to comment Share on other sites More sharing options...
root Posted May 19, 2016 Author Share Posted May 19, 2016 29 minutes ago, nrr said: They aren't even using mysqli. Wow... Also it's back already? Not much of a security audit. 1 Link to comment Share on other sites More sharing options...
Aouzy Posted May 19, 2016 Share Posted May 19, 2016 It says I have 3 new submissions but nothing shows up. Link to comment Share on other sites More sharing options...
root Posted May 19, 2016 Author Share Posted May 19, 2016 Just now, Aouzy said: It says I have 3 new submissions but nothing shows up. Same. Link to comment Share on other sites More sharing options...
willow Posted May 19, 2016 Share Posted May 19, 2016 the amount of brown nosing and dick sucking in this journal is honestly making me uncomfortable Link to comment Share on other sites More sharing options...
root Posted May 19, 2016 Author Share Posted May 19, 2016 Welp, my exploit still works. Just now, willow said: the amount of brown nosing and dick sucking in this journal is honestly making me uncomfortable rofl Link to comment Share on other sites More sharing options...
Falaffel Posted May 19, 2016 Share Posted May 19, 2016 3 minutes ago, willow said: the amount of brown nosing and dick sucking in this journal is honestly making me uncomfortable This is the worst possible response. Ick. 1 Link to comment Share on other sites More sharing options...
Onnes Posted May 19, 2016 Share Posted May 19, 2016 One the weirder side effects of this whole thing has been of bunch of furries coming to the conclusion that applications must hide their source code in order to prevent exploits. 3 Link to comment Share on other sites More sharing options...
RTDragon Posted May 19, 2016 Share Posted May 19, 2016 Does'nt really matter much since the source code is out in the open. Link to comment Share on other sites More sharing options...
root Posted May 19, 2016 Author Share Posted May 19, 2016 22 minutes ago, RTDragon said: Does'nt really matter much since the source code is out in the open. The people who have it don't seem to be spreading it around very well. Link to comment Share on other sites More sharing options...
PheagleAdler Posted May 19, 2016 Share Posted May 19, 2016 7 hours ago, PastryOfApathy said: Guys I have a confession.... I took down FA. I was thirsty and spilled some mountain dew on the servers. I warned Neer to help me grab some towels but him and Chase were having their hourly "diddle time" so I wasn't allowed to disturb their slumber. I apologize to artists everywhere. Sue Mountain Dew Link to comment Share on other sites More sharing options...
Toshabi Posted May 19, 2016 Share Posted May 19, 2016 5 hours ago, willow said: the amount of brown nosing and dick sucking in this journal is honestly making me uncomfortable I just literally had someone say FA did a good job and did the responsible thing. Despite them getting hacked because they patched late. This community is just retarded as fuck. Link to comment Share on other sites More sharing options...
Deskai Posted May 19, 2016 Share Posted May 19, 2016 4 hours ago, root said: The people who have it don't seem to be spreading it around very well. and thats the scary and also weird thing The average person would think: They gonna spread this around via internet instead we only know of it being spread around via usb. The thing is "they still have an ID card into the site TECHNICALLY" meaning they could still come back unless they redo EVERYTHING Even when SoFurry updated its site, there was still old code, we have to HOPE FA has their suppose new code stored ELSEWHERE or else they gonna end up learning "yea they have a copy of that code too..." Link to comment Share on other sites More sharing options...
Guest Posted May 19, 2016 Share Posted May 19, 2016 9 hours ago, Crazy Lee said: Why is this thread still going when there's the other megathread.... You're right. We shoulda locked it a long time ago, since there is a thread for this sorta thing. Link to comment Share on other sites More sharing options...
Recommended Posts