HowStuffWorks.com Gets Owned

Brandon

Former Senior Account Rep
Community Support
Messages
19,181
Reaction score
28
Points
48
LMFAO...WTF how did they get owned:thefinger

j/k nice find
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Huh. Guess they need to learn security.

And unless I'm mistaken doesn't howstuffworks have guides on security (http://computer.howstuffworks.com/security-channel.htm )? Insult to injury ^_^


Edit: Actually I think I can see how they basically faked it out - it's using radio buttons to identify what the selected answer is, and it's using post to retrieve it. But unless I'm wrong, POST can still be faked if someone knows what they're doing - what they need to do is actually check to make sure the answer submitted is a valid response XD

At least it wasn't anything vulgar/explicit that they submitted, right? :)
 
Last edited:

Cubeform

New Member
Messages
339
Reaction score
0
Points
0
Hmm. It appears to be some sort of SQL injection attack. Maybe the folks at Howstuffworks.com should post an article on it.

And right now, the ownage is still there. Go answer the survey on http://howstuffworks.com and see!
 
Last edited:

Derek

Community Support Force
Community Support
Messages
12,882
Reaction score
186
Points
63
Lol its stil there...
 

dest581

New Member
Messages
348
Reaction score
0
Points
0
Anyone want to advertise x10? :p

I hope the programmer learns how to properly make surveys. It shouldn't be as easy to hack as modifying HTML.
 

dest581

New Member
Messages
348
Reaction score
0
Points
0
Once you set up the modified page, voting is pretty simple. You just keep submitting. This is like basic HackThisSite levels :p
 

Cubeform

New Member
Messages
339
Reaction score
0
Points
0
Oh my god. That is really insecure. You just have to modify ONE value and... it's really easy to hack. WOW. Suits them for having text as a value. None of that fancy injection stuff, you just have to use FireBug/Web Developer/Opera's Source editor! I put a value on there: "Is it this easy?" Yes. Yes it is.

Yeah, they need a better polling system.
 
Last edited:

clareto

New Member
Messages
250
Reaction score
0
Points
0
But wait, It doesnt makes sense to me... does their code appends a new option to the survey when no match for the current vote is found? thats a pretty weird approach to adding options to a survey!!!. Can you imagine what a few of simple javascript can make to that site?? OMG!! they have SERIOUS design mistakes!
 

dest581

New Member
Messages
348
Reaction score
0
Points
0
HTML is filtered out. There's a javascript attempt on there that failed.

I love the current winner. Some geek is loved.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
"The force is strong within you, I see. Stripping tags and protecting against the more advanced things. Too bad you guys go straight from a value field into displaying it. Havent you guys ever heard of"

Priceless and true. What good is blocking malicious things if you can't even make sure they're answering the survey properly XD
 

dest581

New Member
Messages
348
Reaction score
0
Points
0
Couldn't it just be part of POST protection with mod_security, though?

Edit, looks like the first entry is DOSing the site now.
 
Last edited:

Christopher

Retired
Messages
14,659
Reaction score
8
Points
0
I wonder how long it will take until they fix it. That should have noticed it by now.
 

t2t2t

New Member
Messages
690
Reaction score
0
Points
0
I tried to "hack" todays poll, and i did it ;)

mytryog6.png
 

Cubeform

New Member
Messages
339
Reaction score
0
Points
0
We're very sorry, but we have experienced a critical error and cannot show you the page you requested. Our engineers have been notified and are working hard to correct this issue as soon as possible.
Please check back soon.

But they're still doing raw text values for the poll. They've probably implemented some sort of switch statement to keep any bad values out.
 

dest581

New Member
Messages
348
Reaction score
0
Points
0
Well, a person I know called them up to tell them. I'll say that's why it's down.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Well, a person I know called them up to tell them. I'll say that's why it's down.

My bet is more than one person emailed/contacted them about it, or they'dve just shrugged it off as one users problem :S
 
Top