pouët.net

So the script mess is over. Here's a 0day remake of limpninja's (shifter's) "0day" crack of pouët.net (Not that was either a crack or 0day, but anyway)
The prod

Other useful links:
Orig "crack"
My Interim regime page (Containing code possibly used from today in pouët.net's sourcce code. *Thank you shitman!*)
Mirror of orig "crack"

What now? I'm gonna eat some food, get some sleep and go to work tomorrow. Have a nice day!

PS, pouët dever's, you forgot to apply the code to prod titles.

HAHAHAHA I LOVE THIS!!!!!

LIMP NINJA POUET DOMINATION \o/

muhahahaha

Exactly what did he dominate? I think I dominated the most. (-:

try not to abuse prod and groupname please.
i'll patch it when i get back home after decibelio k?

nitro: nice code. now look up the php manual for htmlentities().

It's old, but still, I thought I'd post it.

First of all, Limp Ninja != yours truly and no, you didn't :)

I haven't got it: Was pouet.net "cracked" with ps' permission?

yes

This is if you want to see all the scripts in action:
http://pouet.net/search.php?what=%3Cscript%3E&type=bbs&x=17&y=13

Adok: No, only with Analouge's help.

It was posted from your account, so you're at least not totally innocent.

Could someone perhaps explain to me what the hole was? Maybe I have the same issue on some of my sites and therefore it would be good to fix it.

Adok: The problem is how HTML works. You have code and data in the same stream. While they are logically separated on static pages, there's in basically every dynamic page with user input the problem that a user can include code. Let's say we have
<table>
<tr>
<td>
[USER INPUT]
</td>
</tr>
...
</table>

As long as the user input consists of raw data, it can include code snippets like "</td></tr></table>" and the layout is broken. Therefor every (?) skript language gives you functions which strip code from the input or mask it, f.e. <br> becomes &lt;p&gt;.

What happened here was that there was no such function used for the topic while they are used for the message itself. (That's a bit strange becase ~4 years ago there was a bug found where people could use html codes in their nicknames. Analouge has fixed it and all those people who did that got the username "lamer".

"<br> becomes <p>"
of course it becomes <br> ;)

Btw: The allmighty add.php shows you the raw input. But since you're the only one to read your input it doesn't matter.

Hehe, I thought that was left on purpose to fool first-time script kiddies that their hacks actually worked.

looks like you found that one out the hard way.

Look through the database and realize that just aint the situation.

unlock: there was an oversight in the handling of thread/prod titles which allowed the limp ninja to insert a <script> element.

This was particularily funny because hey, that meant the script would be executed every time you loaded the main page -as long as the thread wasn't bumped by other threads (Madenmann tried to bump it off the front page a couple of times, then nitro2k01 and ATH500 shat up the practical joke with their own misuse at the oversight. That was unfortunate :)).

Mind you, there's a bunch of places where analogue/ps/whoever did things right, this was just one place where they slipped up.

At least I tried to be informative about the situation.

Btw, shifter, please explain why you let someone do that with your account in the first place.

What? I let nobody else do anything with my account. Can I have some of your delicious, mind altering drugs too?

One order for delicious, mind altering drugs received and on its way.

This is what the original limp ninja thread looks like



No the images are not faked (Have a look at the thread here for proof: http://pouet.net/topic.php?which=2929)
And no that's not a fake shifter  user, the user link goes to http://pouet.net/user.php?who=234
Are you still going to deny that post was made with your account?

In that case... er... AMIGA?

you really don't get it, do you?