English Security Security Security.

30 replies
Goto Page
To the start Previous 1 2 Next To the start
15.12.15 08:44:23 pm
Up
Ali security
User
Offline Off
Important!..!!.!!!

> DEAR ADMINISTRATOR!

> Stored information we fond on your site. 2 The user is added to your server command!!

I didn't know, but they're trying to crack down on this program

watch out for the two places I mentoned in this picture

At least you're protecting your SQL DATA. We recommend you to make your site More sheltered panel.

IMG:http://i.hizliresim.com/lrGN3E.jpg


The person who fount the: Yalcin Ankara.

We didn't do it!

just warned.

Thank You, Yalçın.
Regards:

#.~Phudinq
Security.
15.12.15 09:04:53 pm
Up
Infinite Rain
Reviewer
Offline Off
What?
A thousand may fall at your side, ten thousand at your right hand, but it will not come near you. You will only look with your eyes and see the recompense of the wicked. - Psalm 91:7-8 ESV
15.12.15 09:06:25 pm
Up
Ali security
User
Offline Off
@user Infinite Rain: important Security problem.
Security.
15.12.15 09:21:12 pm
Up
DC
Admin
Offline Off
Well, I'm sorry but I don't get it either. I'm not familiar with the markup you showed there. Thank you very much for your support but could you please explain this to me?
edited 1×, last 15.12.15 09:31:21 pm
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
15.12.15 11:35:31 pm
Up
Ali security
User
Offline Off
These commands delete the site if they could maybe if they'd stand up to the schedule


Open your notice to another site

Edit: Warning!

IMG:http://i.hizliresim.com/zlov4g.jpg
edited 1×, last 15.12.15 11:47:02 pm
Security.
16.12.15 12:07:31 am
Up
Yates
Reviewer
Offline Off
Uh pretty sure CS2D.com has no user input fields anywhere, so SQL injecting it is quite impossible. CS2D.com also provides no login nor user accounts, what is there left to brute force?

Where are you getting these records from?
16.12.15 12:46:32 am
Up
BcY
User
Offline Off
@user Ali security: man,go study some English first.
Kgb2d Community - Since 2012
16.12.15 02:20:24 am
Up
Sparty
Reviewer
Offline Off
seriously man, no one understands.. maybe explain alittle bit more, maybe in english please
user DC has written:
@user omg: Actually a pretty good idea...
16.12.15 02:33:03 am
Up
Lee
Moderator
Offline Off
That's an AssemblyManifest packaged with programs and applications compiled using Microsoft's development kit. It is literally not relevant at all to anything.
16.12.15 02:37:26 am
Up
SlimPT
User
Offline Off
Not sure that he is trying to say but is related to sql injection (some critical security problem). I have asked to my friend which is a security expert to check the vulnerabilities on unrealsoftware and he told this website has ~50 vulnerabilities aleast (including sql injection).
"Nothing to fear and nothing to doubt."
16.12.15 02:53:24 am
Up
Lee
Moderator
Offline Off
Can your friend give some details? I am a security engineer for Facebook and I'm generally very wary of people who asked a "security expert friend of theirs" and claim that as the source of their own credibility. Beyond the proof, where's the argument for the exploitability of this website? There's little incentive within the platform for anyone to spend a nontrivial amount of time trying to exploit it. What does anyone gain out of controlling/taking this forum down? There might be a demo here and there, but the vast driving force behind such exploits will be because of recognition; it's all about the bragging rights.

Which is why I don't find your statement credible. If your friend found those vulnerabilities, there's vastly more incentive for him to disclose than to keep them secret. They hold zero practical value for him, and their biggest value is in terms of their potential social capital.
16.12.15 03:42:17 am
Up
omg
User
Offline Off
lol wtf is this, its like some badly made conspiracy tape
will code for food
16.12.15 06:32:42 am
Up
SmD
User
Offline Off
I'm the official FaZe clan Youtube channel security expert. So i'm gonna change my name on us.de to "SmD Security" and make shitty forum posts no one understands because of my bad english... BUT TRUST ME, I'M AN EXPERT!!!

Edit: WARNING, I'm an ex... oh fuck this.

Quote:
we fond on your site


Well... apparently i also have a multiple personality disorder.

Dude you know... to become a Security Supporter on us.de you have to find an actual security leak.

Oooor you just create cs2d hacks, act like a total moron and spam the forum with stupid bullshit. So you force DC to create a new usergroup and make you a member of it, because thats the only way to stop you.

But hey, what do i know. ¯\(ツ)/¯
edited 2×, last 16.12.15 06:44:40 am
16.12.15 09:29:51 am
Up
Fraizeraust
Moderator
Offline Off
Your thread is vague and lacks important informations regarding this. Oh, and there's something which brought up my attention...
user Ali security has written:
Important!..!!.!!!

user Ali security has written:
> DEAR ADMINISTRATOR!

These two sentences explain a lot that what are you trying to do is just being an attention whore. If you were actually bothered to AT LEAST explain and elaborating what are you trying to say regard these vulnerabilities you've found we would understand more. Marking up some lines in the code and posting it here doesn't bring us any useful informations but rather doubts and questions.

Another thing that brought up my attention is the second screenshot about the "scan results" of CS2D.com. Looks like you just made up some false informations by editing them, made a screenshot and showing to us that CS2D.com site has a shit load of security vulnerabilities and many technical errors. As user Yates said, this site hasn't a database that contains user's content infos such as password, username - you name it nor log in feature, US.de has.

Which is why I find this thread really vague and better to "leave it alone". Not forget the title of this thread with three repeated words "Security" - another thing that you're an attention whore.
16.12.15 10:27:19 am
Up
SlimPT
User
Offline Off
user Lee has written:
Can your friend give some details? I am a security engineer for Facebook and I'm generally very wary of people who asked a "security expert friend of theirs" and claim that as the source of their own credibility. Beyond the proof, where's the argument for the exploitability of this website? There's little incentive within the platform for anyone to spend a nontrivial amount of time trying to exploit it. What does anyone gain out of controlling/taking this forum down? There might be a demo here and there, but the vast driving force behind such exploits will be because of recognition; it's all about the bragging rights.

Which is why I don't find your statement credible. If your friend found those vulnerabilities, there's vastly more incentive for him to disclose than to keep them secret. They hold zero practical value for him, and their biggest value is in terms of their potential social capital.


Well it was a long time ago (1 year) I just asked to a person who belongs to lulzsec portugal (and he works for a security company I don't remember atm) the vulnerabilities just for curiosity. Ofc all this things are not 100% safe and needs some effort (especially DC who don't have much time to improve the security).
Anyway I could try to ask him back the list and send to DC but is hard now because I don't have the contact of him but mabye he used a program to "stress" the website and get the exploits idk just like Ali Security shows in 1 picture.
"Nothing to fear and nothing to doubt."
16.12.15 11:44:02 am
Up
Yates
Reviewer
Offline Off
I've been through all user input fields like two years ago looking for SQL injection vulnerabilities (curiosity). I found none.
16.12.15 12:14:42 pm
Up
DC
Admin
Offline Off
I'm constantly checking that all user input is verified and handled in a safe way. So there shouldn't be any SQL injection vulnerabilities on unrealsoftware.de

For the same reason it's absolutely not helpful to tell me that there are vulnerabilities. It only helps me when you can actually tell me WHERE something is not going right.

Moreover it makes people think that the website is super shitty and unsafe which is simply not the case. So please don't claim stuff unless you checked it yourself and are sure it's actually right.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
16.12.15 02:59:01 pm
Up
Inflexion
User
Offline Off
@DC, happiness on your side is: close this thread, ban that user.. happiness in my side? He's trolling you so you could add him to Security Supporter usergroup with @user Gaios: but he's failing so bad because he's english is way more worse than @user WORST GUY ON THE TEAM:
to tell you, plus something cs2d.net or whatever doesn't have any login-register stuff, so it's just fake whatever you're telling here.

us.de is the only login & register website for all the games that @user DC: makes.
weeb
16.12.15 05:00:21 pm
Up
Gaios
Security Supporter
Offline Off
@user Inflexion: Ban yourself and don't act like moderator! My english is not bad but sometimes I do use Slavic grammar because of I haven't any desire to think about germanic grammar.
16.12.15 08:05:16 pm
Up
DC
Admin
Offline Off
@user Inflexion: user Gaios actually found a real security issue and also explained me exactly where it is. This is a whole different thing and not like the random assertions done here.

Well.. who knows. It's always possible that there are more issues but as I said: The stuff posted here is not useful in any way. I highly appreciate reports about problems when they actually lead to a more secure website.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
To the start Previous 1 2 Next To the start