Posts: 0
Threads: 0
Joined: Jan 2020
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-14-2013, 07:48 AM)jewpack Wrote: [To see links please register here] Yes, because an IP with legit headers to the fucking install dir is so much more legit..
Please elaborate on Tor's anti-van mechanism you speak of.
No, but some forums( read: smart ones ) disallow odd user agents from viewing shit. Of course, no l337 haxor would be slowed by this, as curl is magical and gets around these kinds of blocks when you wave a wand.
Magical pixies fly into your internet and make it so it'd take assloads of money or luck( and usually both ) to know both who summoned the pixie and what the pixie is protecting.
My explanation:
The vBulliten homies be like, "Yo, this is your password, you need this to install shit. Be sure to delete this, homie." But the forum admin be like "YO DAWG MY FORUM WORK AWMG NO NEED TO READ REST OF INSTALL INSTRUCTIONS."
|
Posts: 0
Threads: 0
Joined: Nov 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-14-2013, 07:37 PM)w00t Wrote: [To see links please register here] No, but some forums( read: smart ones ) disallow odd user agents from viewing shit. Of course, no l337 haxor would be slowed by this, as curl is magical and gets around these kinds of blocks when you wave a wand.
Magical pixies fly into your internet and make it so it'd take assloads of money or luck( and usually both ) to know both who summoned the pixie and what the pixie is protecting.
My explanation:
The vBulliten homies be like, "Yo, this is your password, you need this to install shit. Be sure to delete this, homie." But the forum admin be like "YO DAWG MY FORUM WORK AWMG NO NEED TO READ REST OF INSTALL INSTRUCTIONS."
I don't think there are instructions to delete the install directory, even.
|
Posts: 0
Threads: 0
Joined: Jun 2019
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-14-2013, 07:37 PM)w00t Wrote: [To see links please register here] No, but some forums( read: smart ones ) disallow odd user agents from viewing shit. Of course, no l337 haxor would be slowed by this, as curl is magical and gets around these kinds of blocks when you wave a wand.
Magical pixies fly into your internet and make it so it'd take assloads of money or luck( and usually both ) to know both who summoned the pixie and what the pixie is protecting.
My explanation:
The vBulliten homies be like, "Yo, this is your password, you need this to install shit. Be sure to delete this, homie." But the forum admin be like "YO DAWG MY FORUM WORK AWMG NO NEED TO READ REST OF INSTALL INSTRUCTIONS."
I don't think there are instructions to delete the install directory, even.
|
Posts: 0
Threads: 0
Joined: Aug 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-14-2013, 10:52 PM)jewpack Wrote: [To see links please register here] Get on jabber you fucking homo..
Wrong, they advise an htaccess/renaming of the dir, etc..the only reason it's not deleted is to make upgrades easier, lol.
That isn't user auth LOL, jesus fucking christ, are you really trying to argue with someone who's had the bug for fucking ages? Who do you think Oni got it from? Your lack of the ability to use any logic humors me; I'm nominating you for the Darwin award @ 2013.
Just grepped that shit, no results for anything having to due with tor/anti-van mechz; have you ever considered reading before looking like a dumbass? Posting a link to a book that is obviously beyond you, cute.
How is that wrong? htaccess/renaming of the directory isn't removal. I'm fully aware why it isn't removed, since it's still present on their own site.
Edit: Also, I didn't get the exploit from you. I received the vulnerability from an acquaintance and had to find the exploit for it elsewhere.
|
Posts: 0
Threads: 0
Joined: Sep 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-14-2013, 10:52 PM)jewpack Wrote: [To see links please register here] Get on jabber you fucking homo..
Wrong, they advise an htaccess/renaming of the dir, etc..the only reason it's not deleted is to make upgrades easier, lol.
That isn't user auth LOL, jesus fucking christ, are you really trying to argue with someone who's had the bug for fucking ages? Who do you think Oni got it from? Your lack of the ability to use any logic humors me; I'm nominating you for the Darwin award @ 2013.
Just grepped that shit, no results for anything having to due with tor/anti-van mechz; have you ever considered reading before looking like a dumbass? Posting a link to a book that is obviously beyond you, cute.
How is that wrong? htaccess/renaming of the directory isn't removal. I'm fully aware why it isn't removed, since it's still present on their own site.
Edit: Also, I didn't get the exploit from you. I received the vulnerability from an acquaintance and had to find the exploit for it elsewhere.
|
Posts: 0
Threads: 0
Joined: May 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-12-2013, 03:18 AM)Cyanide and Cynicism Wrote: [To see links please register here] A better tutorial than some posted on here, on cURL why do you need to set the user-agent? It doesn't seem to have any info and vBulletin doesn't block cURL's user-agent as far as I know.
In response to this, many IDS will block curl/wget's user agent, especially mod_security on large hosts.
|
Posts: 0
Threads: 0
Joined: Jul 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-12-2013, 03:18 AM)Cyanide and Cynicism Wrote: [To see links please register here] A better tutorial than some posted on here, on cURL why do you need to set the user-agent? It doesn't seem to have any info and vBulletin doesn't block cURL's user-agent as far as I know.
In response to this, many IDS will block curl/wget's user agent, especially mod_security on large hosts.
|
Posts: 0
Threads: 0
Joined: Jun 2019
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-28-2013, 10:13 PM)Starfall Wrote: [To see links please register here] In response to this, many IDS will block curl/wget's user agent, especially mod_security on large hosts.
This is true as well. I just changed it because I felt like it. Makes it less suspicious in logs.
|
Posts: 0
Threads: 0
Joined: Jun 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(09-28-2013, 10:13 PM)Starfall Wrote: [To see links please register here] In response to this, many IDS will block curl/wget's user agent, especially mod_security on large hosts.
This is true as well. I just changed it because I felt like it. Makes it less suspicious in logs.
|
|
