Language:

en_US

switch to room list switch to menu My folders
Go to page: First ... 63 64 65 66 [67]
[#] Sat Feb 01 2025 15:51:02 UTC from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

lol and back to scumbags..   

servicenow. hit their documentation pages, my entire browser is covered in "you got an ad block and cant load some content" slide outs ( i have popups blocked, they got around that  ) .  They eventually time out. But if you scroll, you get more.  According to Ublock, it removed over 40% of the page.    F-these people.   I ll be glad when i'm out of here.   i have never experienced such a bad company and terrible product in my life.  I thought Oracle was the top tier of scum. But no.

 

if i move to another entity later this year and not just retire, first question: "Do you now, or do you ever plan, on using service now" if yes, i walk out. ( or if its a virtual interview, just turn it off. )



[#] Sun Feb 02 2025 20:48:02 UTC from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

( 2nd attempt to post after that above strangeness..  )

 

Did we get hacked, or someone find a way to break a room ( or ami broke :) )? And for what its worth when i posted in woof zone, and while it did apparently post, i was instantly transported here instead, with that mess above. 



[#] Mon Feb 03 2025 14:14:30 UTC from IGnatius T Foobar

Subject: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

We haven't been hacked, but some lowlife is trying:

Bottom Feeders> . Read User listing: katana
User Name                               Last Login
---------------------------------------------------------------- --------------
katana                                                           2025-02-03
katana;echo $((197 + 494))&echo $((197 + 494))                   2025-02-02
katana;echo $((7608 + 6438))&echo $((7608 + 6438))               2025-02-01
katana;echo XRGHKF$((94+17))$(echo XRGHKF)XRGHKF                 2025-01-18
katana'mLyZOU<'">uvKwpW                                          2025-01-17
katana'OROLvD<'">YfcWzW                                          2025-01-17
katana.print(system(phpinfo()))                                  2025-02-02

Hey there "katana", if you're reading this, script injection attacks can never work here.  Our server architecture makes it impossible.  Even if you managed to get the web code to misbehave, you'd still only be able to work within the confines of your own user session.  And guess what, kiddo: the protocol the web server uses to talk to the back end is both exposed to the public and fully documented.



[#] Mon Feb 03 2025 14:32:33 UTC from Nurb432

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

lowlifes such as this need to be taken out to the square for presentation, then taken out back to turn them into fertilizer, like we did in medieval times.



[#] Mon Feb 03 2025 17:07:08 UTC from Nurb432

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

Still at it.. new username popped up. Same idea just different numbers in the 'injection' part.



[#] Mon Feb 03 2025 18:32:19 UTC from darknetuser

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

2025-02-03 14:14 from IGnatius T Foobar
Subject: Script injection attacks don't work here.
We haven't been hacked, but some lowlife is trying: Bottom
Feeders> . Read User listing: katana User Name Last Login
----------------------------------------------------------------
-------------- katana 2025-02-03 katana;echo $((197 +
494))&echo $((197 + 494)) 2025-02-02 katana;echo $((7608 +
6438))&echo $((7608 + 6438)) 2025-02-01 katana;echo
XRGHKF$((94+17))$(echo XRGHKF)XRGHKF 2025-01-18
katana'mLyZOU<'">uvKwpW 2025-01-17
katana'OROLvD<'">YfcWzW 2025-01-17
katana.print(system(phpinfo())) 2025-02-02

Hey there "katana", if you're reading this, script injection
attacks can never work here.  Our server architecture makes it
impossible.  Even if you managed to get the web code to
misbehave, you'd still only be able to work within
the confines
of your own user session.  And guess what, kiddo: the protocol
the web server uses to talk to the back end is both exposed to
the public and fully documented.


That, and Citadel is not PHP software.

[#] Mon Feb 03 2025 19:18:32 UTC from Nurb432

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

Ya, i thought the same thing: They didn't do their research :)

Mon Feb 03 2025 18:32:19 UTC from darknetuser Subject: Re: Script injection attacks don't work here.

That, and Citadel is not PHP software.

 



[#] Mon Feb 03 2025 23:36:46 UTC from IGnatius T Foobar

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

That, and Citadel is not PHP software.

Yes, there is that. :)

I suppose there could be two different objectives for an attacker. One would be to gain privileged access to the site. This is of course impossible, since the web server runs without privilege. The level of access one could achieve by breaking out of the intended session path is the same level of access we give all users, free for the taking.

The other objective, and possibly the more likely one, is that they just want to find a way to get it to offer them a shell. Then they can use the server as part of a botnet or something. Is such an attack possible? I'll bet it is. They'd need to download the source code for Citadel, figure out where it might have a *native* exploit (like a buffer overrun or something) and then penetrate the target system. If they were foolish enough to target the lead developer's own system they'd have less than a day before they were caught and locked out.

But of course, neither of these objectives will be achieved with script injection attacks, since we're not using PHP, we're not using SQL, we're not using any technology from which a script injection attack can do anything other than make your script crash. Because this software is written by maniacs who still develop everything in C except for the client-side browser interface. So go pick on the Rust zealots or something.

[#] Mon Feb 03 2025 23:39:13 UTC from Nurb432

Subject: Re: Script injection attacks don't work here.

[Reply] [ReplyQuoted] [Headers] [Print]

#3 would to be just to crash things.. "let it burn" so to speak.



[#] Tue Feb 11 2025 18:27:20 UTC from IGnatius T Foobar

Subject: Still at it.

[Reply] [ReplyQuoted] [Headers] [Print]

User Name Last Login
---------------------------------------------------------------- --------------
katana 2025-02-10
katana;echo $((197 + 494))&echo $((197 + 494)) 2025-02-02
katana;echo $((7608 + 6438))&echo $((7608 + 6438)) 2025-02-01
katana;echo $((779 + 4143))&echo $((779 + 4143)) 2025-02-03
katana;echo XRGHKF$((94+17))$(echo XRGHKF)XRGHKF 2025-01-18
katana;id 2025-02-11
katana'mLyZOU<'">uvKwpW 2025-01-17
katana'OROLvD<'">YfcWzW 2025-01-17
katana{${print(`echo 2025-02-11
katana.print(system(phpinfo())) 2025-02-02

Everyone feel free to send hate mail to the main "katana" account.

Go to page: First ... 63 64 65 66 [67]