My Forum Exploit!! (I coded a tool)

Systemerror's Avatar, Join Date: Jan 2008
Go4Expert Member
See that login prompt? that is an example of what this software can do (please don't bann me I just used that as an example)...,



This exploit is something I discovered whilst trying to find certain vulnerabillities on forums, the way this works is via the http access manipulation, URL encoding and injection.

So what does it do?

This tool uses a weakness in almost all forums, that is, the way BBCode is used, the way it handles file extensions, and the way they don't use propper input checking bounds which ultimately is one big flaw, now for example, you can use this tool for two reasons, one of which is to be destructive, flood forums with pop-ups, use your actual target do DDoS another target to get thousands of people to attempt to login, causing a major DoS etc, or the better option is, you can use this tool as a great way for phishing, stealing login information and sending it back to yourself, you would need some scripting knowledge to do this but nothing too difficult.., in-fact there is a lot more that can be done with this, it just takes a little imagination, though it comes with a lot of help if you're struggling.

System requirements:

Windows 32 (XP or above)
.NET 3.5

Go to my site on software page for more info [SEE SIGNITURE LINK]:

Also, I've nearly finished uploading a youtube video tut, i'll out on here once finished.
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
very coooooooooooooooooooooool!
Systemerror's Avatar, Join Date: Jan 2008
Go4Expert Member
Yeah it's pretty sweet huh, Ohh I uploaded a youtube vid

http://www.youtube.com/watch?v=RtGuMtiPVWk
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
You linked to an image which needs a password to view and so I edited your code
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Forgot to add. Does this goes as Ethical ? Please justify and I would not mind having it here.
indiansword's Avatar, Join Date: Oct 2008
Security Expert
Quote:
Originally Posted by SpOonWiZaRd View Post
very coooooooooooooooooooooool!

it isnt new AT ALL!!!! its called BASIC AUTH PASS... google it and learn LOL...
indiansword's Avatar, Join Date: Oct 2008
Security Expert
lol everyone regretting>?