Forum

> > CS2D > General > Security Security Security.
Forums overviewCS2D overviewGeneral overviewLog in to reply

English Security Security Security.

30 replies
Page
To the start Previous 1 2 Next To the start

old closed Security Security Security.

Ali security
User Off Offline

Quote
Important!..!!.!!!

> DEAR ADMINISTRATOR!

> Stored information we fond on your site. 2 The user is added to your server command!!

I didn't know, but they're trying to crack down on this program

watch out for the two places I mentoned in this picture

At least you're protecting your SQL DATA. We recommend you to make your site More sheltered panel.

IMG:https://i.hizliresim.com/lrGN3E.jpg


The person who fount the: Yalcin Ankara.

We didn't do it!

just warned.

Thank You, Yalçın.
Regards:

#.~Phudinq

old Re: Security Security Security.

DC
Admin Off Offline

Quote
Well, I'm sorry but I don't get it either. I'm not familiar with the markup you showed there. Thank you very much for your support but could you please explain this to me?
edited 1×, last 15.12.15 09:31:21 pm

old Re: Security Security Security.

Ali security
User Off Offline

Quote
These commands delete the site if they could maybe if they'd stand up to the schedule


Open your notice to another site

Edit: Warning!

IMG:https://i.hizliresim.com/zlov4g.jpg
edited 1×, last 15.12.15 11:47:02 pm

old Re: Security Security Security.

Yates
Reviewer Off Offline

Quote
Uh pretty sure CS2D.com has no user input fields anywhere, so SQL injecting it is quite impossible. CS2D.com also provides no login nor user accounts, what is there left to brute force?

Where are you getting these records from?

old Re: Security Security Security.

Lee
Moderator Off Offline

Quote
That's an AssemblyManifest packaged with programs and applications compiled using Microsoft's development kit. It is literally not relevant at all to anything.

old Re: Security Security Security.

slimK
User Off Offline

Quote
Not sure that he is trying to say but is related to sql injection (some critical security problem). I have asked to my friend which is a security expert to check the vulnerabilities on unrealsoftware and he told this website has ~50 vulnerabilities aleast (including sql injection).

old Re: Security Security Security.

Lee
Moderator Off Offline

Quote
Can your friend give some details? I am a security engineer for Facebook and I'm generally very wary of people who asked a "security expert friend of theirs" and claim that as the source of their own credibility. Beyond the proof, where's the argument for the exploitability of this website? There's little incentive within the platform for anyone to spend a nontrivial amount of time trying to exploit it. What does anyone gain out of controlling/taking this forum down? There might be a demo here and there, but the vast driving force behind such exploits will be because of recognition; it's all about the bragging rights.

Which is why I don't find your statement credible. If your friend found those vulnerabilities, there's vastly more incentive for him to disclose than to keep them secret. They hold zero practical value for him, and their biggest value is in terms of their potential social capital.

old Re: Security Security Security.

SmD
User Off Offline

Quote
I'm the official FaZe clan Youtube channel security expert. So i'm gonna change my name on us.de to "SmD Security" and make shitty forum posts no one understands because of my bad english... BUT TRUST ME, I'M AN EXPERT!!!

Edit: WARNING, I'm an ex... oh fuck this.

Quote
we fond on your site


Well... apparently i also have a multiple personality disorder.

Dude you know... to become a Security Supporter on us.de you have to find an actual security leak.

Oooor you just create cs2d hacks, act like a total moron and spam the forum with stupid bullshit. So you force DC to create a new usergroup and make you a member of it, because thats the only way to stop you.

But hey, what do i know. ¯\(ツ)/¯
edited 2×, last 16.12.15 06:44:40 am

old Re: Security Security Security.

GeoB99
Moderator Off Offline

Quote
Your thread is vague and lacks important informations regarding this. Oh, and there's something which brought up my attention...
user Ali security has written
Important!..!!.!!!

user Ali security has written
> DEAR ADMINISTRATOR!

These two sentences explain a lot that what are you trying to do is just being an attention whore. If you were actually bothered to AT LEAST explain and elaborating what are you trying to say regard these vulnerabilities you've found we would understand more. Marking up some lines in the code and posting it here doesn't bring us any useful informations but rather doubts and questions.

Another thing that brought up my attention is the second screenshot about the "scan results" of CS2D.com. Looks like you just made up some false informations by editing them, made a screenshot and showing to us that CS2D.com site has a shit load of security vulnerabilities and many technical errors. As user Yates said, this site hasn't a database that contains user's content infos such as password, username - you name it nor log in feature, US.de has.

Which is why I find this thread really vague and better to "leave it alone". Not forget the title of this thread with three repeated words "Security" - another thing that you're an attention whore.

old Re: Security Security Security.

slimK
User Off Offline

Quote
user Lee has written
Can your friend give some details? I am a security engineer for Facebook and I'm generally very wary of people who asked a "security expert friend of theirs" and claim that as the source of their own credibility. Beyond the proof, where's the argument for the exploitability of this website? There's little incentive within the platform for anyone to spend a nontrivial amount of time trying to exploit it. What does anyone gain out of controlling/taking this forum down? There might be a demo here and there, but the vast driving force behind such exploits will be because of recognition; it's all about the bragging rights.

Which is why I don't find your statement credible. If your friend found those vulnerabilities, there's vastly more incentive for him to disclose than to keep them secret. They hold zero practical value for him, and their biggest value is in terms of their potential social capital.


Well it was a long time ago (1 year) I just asked to a person who belongs to lulzsec portugal (and he works for a security company I don't remember atm) the vulnerabilities just for curiosity. Ofc all this things are not 100% safe and needs some effort (especially DC who don't have much time to improve the security).
Anyway I could try to ask him back the list and send to DC but is hard now because I don't have the contact of him but mabye he used a program to "stress" the website and get the exploits idk just like Ali Security shows in 1 picture.

old Re: Security Security Security.

Yates
Reviewer Off Offline

Quote
I've been through all user input fields like two years ago looking for SQL injection vulnerabilities (curiosity). I found none.

old Re: Security Security Security.

DC
Admin Off Offline

Quote
I'm constantly checking that all user input is verified and handled in a safe way. So there shouldn't be any SQL injection vulnerabilities on unrealsoftware.de

For the same reason it's absolutely not helpful to tell me that there are vulnerabilities. It only helps me when you can actually tell me WHERE something is not going right.

Moreover it makes people think that the website is super shitty and unsafe which is simply not the case. So please don't claim stuff unless you checked it yourself and are sure it's actually right.

old Re: Security Security Security.

Inflexion
User Off Offline

Quote
@DC, happiness on your side is: close this thread, ban that user.. happiness in my side? He's trolling you so you could add him to Security Supporter usergroup with @user Gaios: but he's failing so bad because he's english is way more worse than @user WORST GUY ON THE TEAM:
to tell you, plus something cs2d.net or whatever doesn't have any login-register stuff, so it's just fake whatever you're telling here.

us.de is the only login & register website for all the games that @user DC: makes.

old Re: Security Security Security.

Gaios
Reviewer Off Offline

Quote
@user Inflexion: Ban yourself and don't act like moderator! My english is not bad but sometimes I do use Slavic grammar because of I haven't any desire to think about germanic grammar.

old Re: Security Security Security.

DC
Admin Off Offline

Quote
@user Inflexion: user Gaios actually found a real security issue and also explained me exactly where it is. This is a whole different thing and not like the random assertions done here.

Well.. who knows. It's always possible that there are more issues but as I said: The stuff posted here is not useful in any way. I highly appreciate reports about problems when they actually lead to a more secure website.
To the start Previous 1 2 Next To the start
Log in to replyGeneral overviewCS2D overviewForums overview