It should be no surprise that the security of the site is going to come under some scrutiny. The Register already has one article about the issues someone found.
I took a few minutes and check the site out myself and found another issue.
If you look in the source code you see a link embedded in the javascript that looks like this...
/index.php?option=com_jfbconnect&task=logout
&return=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZ2aWV3PWFydGljbGUmaWQ9OCZJdGVtaWQ9Mg==
The interesting part is this:
aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZ2aWV3PWFydGljbGUmaWQ9OCZJdGVtaWQ9Mg==
If we decode this base64 encoded string, we get this:
index.php?option=com_content&view=article&id=8&Itemid=2
So, lets encode our own string and create a new URL that looks like this:http://www.hackiswack.com/index.php?option=com_jfbconnect&task=logout&return=aHR0cDovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PW9IZzVTSllSSEEw
Yeah. That would be yet another RickRoll...
No comments:
Post a Comment