Register for your free account! | Forgot your password?

You last visited: Today at 09:15

  • Please register to post and access all features, it's quick, easy and FREE!


[FIX] XSS Issue

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Feb 2015
Posts: 464
Received Thanks: 916
[FIX] XSS Issue

Hello...
One of my customer and a friend (We already talked about weed and a lot of nice adult discussion) was forced to call me at 00:41 am GM+1 because of an xss issue from an other server, do you think that it is normal ?

I mean, the problem is not that I am supposed to sleep during the night, or supposed beeing retired from shaiya server for personal reasons, the problem is that, why the hell guys are you using these kind of scripts ? (from Sarest I think, but I would not say things like that as I am a little respectfull)

So.. where is the point of my post?



If you see something like that in your website, and if you are using sarest-based webscript, here is the fix:

1) Open your htdocs/inc/pdoConnect.php
add these lines at the end of the file:
PHP Code:
require_once '../lib/HTMLPurifier.auto.php';

$config HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config); 
2) Extract the htdocs.rar in your htdocs

3) thats it

If you want to check an XSS issue in an SQL Table type this is SSMS:
PHP Code:
SELECT FROM Website.dbo.Chat WHERE message like '%<%%%>%' ORDER BY Time DESC 
and have fun... You'll also be able to get the ip of the man who did that... But please ignore it.

Feel free to use the HTMLPurifier lib for other scripts.. In fact you should use it at each sql to html output.

PS: Guys, this community should be a minimum mature.... Maybe that I will force the next servers that use these kind of attack to close in the future. Don't start hacking if you don't know how to do it...
Attached Files
File Type: rar htdocs.rar (346.3 KB, 92 views)



Trayne01 is offline  
Thanks
18 Users
Old 09/07/2017, 13:37   #2
 
elite*gold: 0
Join Date: Aug 2017
Posts: 9
Received Thanks: 2
Very good thank you


IlusionXtreme is offline  
Old 09/11/2017, 19:34   #3
 
elite*gold: 0
Join Date: Jan 2013
Posts: 379
Received Thanks: 363
I'm a bit confused about this thread.. does it say that you sold my scripts to a costumer of you and he founded a javascript injection on it, or that this friend of you is using my files that he got from a doubt source so he could not contact me?!??

I already fixed this problem time ago and i give this kind of support to any of my costumers, so about this, i support this thread.. If you didn't bought my web-scripts directly from ME, don't use them!
beetols is offline  
Old 09/11/2017, 22:41   #4
 
elite*gold: 0
Join Date: Jul 2016
Posts: 138
Received Thanks: 81
Quote:
Originally Posted by beetols View Post
I'm a bit confused about this thread.. does it say that you sold my scripts to a costumer of you and he founded a javascript injection on it, or that this friend of you is using my files that he got from a doubt source so he could not contact me?!??

I already fixed this problem time ago and i give this kind of support to any of my costumers, so about this, i support this thread.. If you didn't bought my web-scripts directly from ME, don't use them!
please tell me, where does it say that he sold the script to him?

Quote:
Originally Posted by Trayne01 View Post
why the hell guys are you using these kind of scripts ? (from Sarest I think/)
it says that one of his customers was having a xss issue and that he thinks it was you're script. just clearing things up.


Velocity. is offline  
Thanks
1 User
Old 09/12/2017, 23:53   #5
 
elite*gold: 0
Join Date: Jan 2013
Posts: 379
Received Thanks: 363
Quote:
Originally Posted by Velocity. View Post
please tell me, where does it say that he sold the script to him?



it says that one of his customers was having a xss issue and that he thinks it was you're script. just clearing things up.
He sold this website to shaiya arcania with my scripts on it (you can see it on the screenshot).. it's the minimum that this guy go to him for a fix.

Funny thing is: why the hell you guys are using this kind of scripts.... And he is the one who solded it.. my comment up here was ilarius velocity.
beetols is offline  
Old 09/13/2017, 07:03   #6
 
elite*gold: 0
Join Date: Feb 2015
Posts: 464
Received Thanks: 916
Quote:
Originally Posted by beetols View Post
He sold this website to shaiya arcania with my scripts on it (you can see it on the screenshot).. it's the minimum that this guy go to him for a fix.

Funny thing is: why the hell you guys are using this kind of scripts.... And he is the one who solded it.. my comment up here was ilarius velocity.
Why the hell would I sell your *outdated* files while I was already developing my own CMS since 2015?
Presented here.

First release ? here.

Probably when you was still selling your *outdated* files without a single update.

Maybe an update of my CMS will explain my intentions? As I was not selling *outdated* files, I was also often updating mine. And the only *bonus* that my paid version got, was an game icon parser and a home-made web mall.

But anyway, I even released this paid version for free here. As I don't care about money.

Your *outdated* website files was stollen dozen of times and a lot of ADM was using it as website base.
This is also why I had to release my ShCMS, to stop this fucking sharing of *outdated* files.

Please try to stop giving argument without decent proof, it is not that nice.


Have a good day.
Trayne01 is offline  
Thanks
1 User
Old 09/13/2017, 20:25   #7
 
elite*gold: 0
Join Date: Jan 2013
Posts: 379
Received Thanks: 363
yes, I made this chat 4 years ago, is very outdated.
Sorry, my mistake probably, there is another Trayne somewhere that sold out my outdated files to AuronCrow the owner of shaiya arcania..


TRANSLATE:
[20:06:37] Sarest: But did you contact Trayne for a bug in the chat right? in the website he sold you?
[20:08:28] AuronCrow: yes

I'm not falling in your trick again like on chrismast (where you moved the conversation from "sell scripts from another" into "a single script possible get injection"), epvp members can think what ever they like, but this doesn't change what's happened and doesn't make you more adult.

PS: I'm tired of this discussion with you, I'm happy for you that you have your new job and "new life" and i really hope you are enjoing it, and is stupid stay here and waste our time about this.. if you want to be the good guy, continue to discredit me.. anyway I'll stop here.
beetols is offline  
Old 09/14/2017, 07:29   #8
 
elite*gold: 0
Join Date: Feb 2015
Posts: 464
Received Thanks: 916
Quote:
Originally Posted by beetols View Post
yes, I made this chat 4 years ago, is very outdated.
Sorry, my mistake probably, there is another Trayne somewhere that sold out my outdated files to AuronCrow the owner of shaiya arcania..


TRANSLATE:
[20:06:37] Sarest: But did you contact Trayne for a bug in the chat right? in the website he sold you?
[20:08:28] AuronCrow: yes

I'm not falling in your trick again like on chrismast (where you moved the conversation from "sell scripts from another" into "a single script possible get injection"), epvp members can think what ever they like, but this doesn't change what's happened and doesn't make you more adult.

PS: I'm tired of this discussion with you, I'm happy for you that you have your new job and "new life" and i really hope you are enjoing it, and is stupid stay here and waste our time about this.. if you want to be the good guy, continue to discredit me.. anyway I'll stop here.

As far as I remember, AuronCrow was in need to keep your outdated files, Idk why he didn't liked my own CMS. So I only sent him a design and few upgrades for your for cheap. (It is also why I said "One of my customer and a friend " in my thread)
A lot of ADM that was contacting me already got your outdated website (I think it was stollen too many times), or sometimes they already contacted you before they call me. Like the shaiya divine . org owner few times ago.

I just think that is time for making peace, as you said, this chat script is more than 4 year old, I know that you would not leave an XSS injecion on your "modern" scripts.

And there is not that much WEB dev around in shaiya. I Know about Lube, you, and maybe me, and is thats all ? This is why we should be our best to collaborate instead, and in fact, I'll be glad to talk about shaiya WEB development on skype with you.


Trayne01 is offline  
Thanks
1 User
Reply



« [RELEASE] 30 Days Costume Rune[WORKING] | [RELEASE]PHP Drop Finder, who diplay Map Name ect »

Similar Threads
[04.09.13] GigaByte v2.6 [FIX, FIX, FIX, FIX AND FIX]
09/11/2013 - WarRock Hacks, Bots, Cheats & Exploits - 79 Replies
http://www.elitepvpers.com/forum/warrock-hacks-bots-cheats-exploits/2843300-11-09-gigabyte-public-v2-7-a.html



All times are GMT +2. The time now is 09:15.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.