Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: [JS] Guild CGer

  1. #11

    Joined
    Jan 2012
    Posts
    1,286
    Thanks
    1,292
    Thanked
    302/209
    DL/UL
    1096/0
    Mentioned
    213 times
    Time Online
    59d 13h 45m
    Avg. Time Online
    20m
    Quote Originally Posted by Josh View Post
    It was half-assed patched. To the point where it took me 5 minutes to modify it to work again. And it didnt take 2 weeks, it took 3 years of them knowing about it. I just made it a major problem for them recently
    ha ha well damn if more people new how to use it it would get patched even quicker
    i think i think it's odd that they can freeze peoples accounts for cheating
    with in 3 seconds but can't even patch a cookie grabber & it takes them over 3 year's =/

  2. #12

    Joined
    Aug 2014
    Posts
    40
    Thanks
    0
    Thanked
    3/3
    DL/UL
    2/0
    Mentioned
    10 times
    Time Online
    4d 2h 57m
    Avg. Time Online
    1m
    How many input fields did you try to exploit before finding this vulnerable one?
    Where do you get the time?

  3. #13
    Josh's Avatar
    Joined
    Dec 2011
    Posts
    415
    Userbars
    2
    Thanks
    25
    Thanked
    378/143
    DL/UL
    82/6
    Mentioned
    120 times
    Time Online
    17d 9h 48m
    Avg. Time Online
    5m
    Quote Originally Posted by Sarah :i View Post
    How many input fields did you try to exploit before finding this vulnerable one?
    Where do you get the time?
    Took me about 2 minutes to exploit it, once I started looking at guilds. I originally made this 5ish years ago, and just kept it to myself since we had better CGers (Shop/userlook/petpage/neoboards etc). Back then, we would spend all day looking for exploits.

    Every part of the guild color inputs are exploitable. Was just a matter of finding 2 colors that were close enough together that I could fix the HTML. That was just annoying as hell...lol.

  4. #14

    Joined
    Aug 2014
    Posts
    40
    Thanks
    0
    Thanked
    3/3
    DL/UL
    2/0
    Mentioned
    10 times
    Time Online
    4d 2h 57m
    Avg. Time Online
    1m
    Quote Originally Posted by Josh View Post
    Took me about 2 minutes to exploit it, once I started looking at guilds. I originally made this 5ish years ago, and just kept it to myself since we had better CGers (Shop/userlook/petpage/neoboards etc). Back then, we would spend all day looking for exploits.

    Every part of the guild color inputs are exploitable. Was just a matter of finding 2 colors that were close enough together that I could fix the HTML. That was just annoying as hell...lol.
    Love it. I don't have the patience to reverse engineer like that.
    I enjoy programming both web and software, but yea.. I just lack patience. Which is why, it's nice that there are some, who doesn't mind spending the extra hours into exploiting our beloved neopets

    Do you currently know of any other vulnerable input fields?

  5. #15
    Josh's Avatar
    Joined
    Dec 2011
    Posts
    415
    Userbars
    2
    Thanks
    25
    Thanked
    378/143
    DL/UL
    82/6
    Mentioned
    120 times
    Time Online
    17d 9h 48m
    Avg. Time Online
    5m
    Quote Originally Posted by Sarah :i View Post
    Do you currently know of any other vulnerable input fields?
    I can not disclose that information.


    Edit: And this one has been patched.
    Last edited by Josh; 08-26-2014 at 11:29 AM.

  6. #16

    Joined
    Aug 2014
    Posts
    40
    Thanks
    0
    Thanked
    3/3
    DL/UL
    2/0
    Mentioned
    10 times
    Time Online
    4d 2h 57m
    Avg. Time Online
    1m
    Quote Originally Posted by Josh View Post
    I can not disclose that information.
    That's mean

  7. #17
    Master Shake's Avatar
    Joined
    Jan 2012
    Posts
    983
    Userbars
    1
    Thanks
    378
    Thanked
    347/202
    DL/UL
    388/3
    Mentioned
    202 times
    Time Online
    55d 20h 18m
    Avg. Time Online
    19m
    Quote Originally Posted by Josh View Post
    I can not disclose that information.

    In other words yes.

  8. #18
    Josh's Avatar
    Joined
    Dec 2011
    Posts
    415
    Userbars
    2
    Thanks
    25
    Thanked
    378/143
    DL/UL
    82/6
    Mentioned
    120 times
    Time Online
    17d 9h 48m
    Avg. Time Online
    5m
    Quote Originally Posted by Master Shake View Post
    In other words yes.
    Possibly.

    I will make it clear that there are no current onsite CGer exploits that I know of. Though that does not mean its impossible.

    CGing is kinda obsolete because the user is online when you are stealing the crap, which makes it impossible to keep quiet.
    Last edited by Josh; 08-27-2014 at 12:34 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •