Is it safe to post here?
[59 byte] By [KMorgana] at [2007-11-27 7:34:42] 
I don't feel like having my regular account hacked.
If you have the "Stylish" plugin for firefox, you can protect yourself from the hack using :a[style] { display: none !important; }Thanks to whoever that was who posted this earlier...
Dalzhima at 2007-7-12 19:15:13 >
> I don't feel like having my regular account hacked.Sounds familiar to me :D
PhilHeina at 2007-7-12 19:15:13 >
but does display:none prevent the image from loading? i would think that it still loads, but does not get displayed...
mkoryaka at 2007-7-12 19:15:13 >
nope it doesn't seem to load cause I've been able to visit the "infected" topics using this without generating any new topics or without having my personal information changed.
Dalzhima at 2007-7-12 19:15:13 >
Regular account?
Safe to post?
You just did post - it's too late now ... what are you concerned about - or is this a joke? Here read this ... [url=post!post.jspa?forumID=31&tid=17724&threadID=5184082&messageID=9716428&reply=true&tempAttachmentID=-1&subject=Re: It's not safe to post here, no!&body=Posting prerequisits]How'd I get here?[/url]
abillconsla at 2007-7-12 19:15:13 >
Yeah we can still be caught by clicking on urls...
Dalzhima at 2007-7-12 19:15:13 >
> Here read
> this ...
> [url=post!post.jspa?forumID=31&tid=17724&threadID=5184
> 082&messageID=9716428&reply=true&tempAttachmentID=-1&s
> ubject=Re: It's not safe to post here,
> no!&body=Posting prerequisits]How'd I get here?[/url]
Umm.... No.
KMorgana at 2007-7-12 19:15:13 >
> > Here read
> > this ...
> >
> [url=post!post.jspa?forumID=31&tid=17724&threadID=5184
>
> >
> 082&messageID=9716428&reply=true&tempAttachmentID=-1&s
>
> > ubject=Re: It's not safe to post here,
> > no!&body=Posting prerequisits]How'd I get
> here?[/url]
>
> Umm.... No.
Sorry guy ... I really thought you were being funny - I didn't know anything about what I am now hearing has been going around. Anyone care to inform me please?
abillconsla at 2007-7-12 19:15:13 >
Posting prerequisitsEdit:Um, ok...what happened then? I think I just got caught but I still don't get what's happening here on the forumsMessage was edited by: nogoodatcoding
nogoodatcodinga at 2007-7-12 19:15:13 >
> Anyone care to inform me please? I think this was the first posting on the subject: http://forum.java.sun.com/thread.jspa?threadID=5183774&tstart=0
camickra at 2007-7-12 19:15:13 >
> Um, ok...what happened then? I think I just got> caught but I still don't get what's happening here on> the forumsYou clicked on abillconsl's link.
KMorgana at 2007-7-12 19:15:13 >
No, this thing started yesterday in these threads: http://forum.java.sun.com/thread.jspa?threadID=5182679&start=0 http://forum.java.sun.com/thread.jspa?threadID=5182804&start=0 http://forum.java.sun.com/thread.jspa?threadID=5183624&start=0
Dalzhima at 2007-7-12 19:15:13 >
> No, this thing started yesterday in these threads:I know, but the link that abillconsl posted caused nogoodatcoding to post.
KMorgana at 2007-7-12 19:15:13 >
> > Anyone care to inform me please?
>
> I think this was the first posting on the subject:
>
> http://forum.java.sun.com/thread.jspa?threadID=5183774
> &tstart=0
I checked out http://forum.java.sun.com/thread.jspa?threadID=5184090
abillconsla at 2007-7-12 19:15:13 >
> Regular account?
> Safe to post?
> You just did post - it's too late now ... what are
> you concerned about - or is this a joke? Here read
> this ...
> [ u r l=post!post.jspa?forumID=31&tid=17724&threadID=5184
> 082&messageID=9716428&reply=true&tempAttachmentID=-1&s
> ubject=Re: It's not safe to post here,
> no!&body=Posting prerequisits]How'd I get here?[/u r l ]
Ah, I see. I didn't know about these url tags. Ok, I see now. And I get what cotton.m said over at http://forum.java.sun.com/thread.jspa?threadID=5183774&tstart=0
Quote:
It's been explained a million times to be honest. This is the last time. There is a bug in the forum where the referring url is not checked while at the same time forms that use POSTs can be processed as GETs.\
What all this means is that you can create links that when clicked will cause the person who clicks
- create new threads
- create new posts
- do duke related things (only works in special cases)
- modify your profile
The second bug is that Sun allows one to embed links (rendered by the browser) as part of the url style. This means you can embed the links from above and they no longer need to be clicked. As soon as your browser renders the page it is like they are being clicked because your browser is following the links thinking they are image urls.
Both of these bugs have been known for some while.
End Quote
Dam, and I was having fun on these forums and meeting all kinds of interesting people too. Juveniles.
nogoodatcodinga at 2007-7-21 22:17:07 >
Like I said - sorry, I thought the OP was joking and so I was joking back.
abillconsla at 2007-7-21 22:17:07 >
It looks like things are being cleaned up. Well, at least the threads are. I'm not sure about the bugs.~
yawmarka at 2007-7-21 22:17:07 >
Alright, it looks safe for now. Who wants the Dukes? ;-)
CaptainMorgan08a at 2007-7-21 22:17:07 >
~Message was edited by: Danniel_Willian
Danniel_Williana at 2007-7-21 22:17:07 >
Holy cow what a joke....The thread that WARNS about the hack as been removed.The thread that HAS the hack is still there.Wtf? Helloo? Anybody home? Who the hell moderates this forum?
martinog2a at 2007-7-21 22:17:07 >
> Holy cow what a joke....
>
> The thread that WARNS about the hack as been
> removed.
>
> The thread that HAS the hack is still there.
>
> Wtf? Helloo? Anybody home? Who the hell moderates
> this forum?
Maybe the mod set the trap ... HeHe ?
abillconsla at 2007-7-21 22:17:07 >
i moderate it. ill clean up this mess and fix the bugs asap.. hold on tight
mkoryaka at 2007-7-21 22:17:07 >
> i moderate it. ill clean up this mess and fix the bugs asap.. hold on tightAs I long suspected :-)
Hippolytea at 2007-7-21 22:17:07 >
seriously though, do we know any mods? do mods post here and admit to being mods?
mkoryaka at 2007-7-21 22:17:07 >
> seriously though, do we know any mods? do mods post> here and admit to being mods?Dana is long gone. Only the fact that her name is filtered out remains. She's working at some tree hugging, tempeh chugging book publisher, right?
Hippolytea at 2007-7-21 22:17:07 >
Dana?
CaptainMorgan08a at 2007-7-21 22:17:07 >
> ****?She was a moderator who also posted occasionally, to comment on what she was doing.
Hippolytea at 2007-7-21 22:17:07 >
> seriously though, do we know any mods? do mods post> here and admit to being mods?I guess there is Forums_Admin: http://forum.java.sun.com/profile.jspa?userID=568966
Hippolytea at 2007-7-21 22:17:07 >
> She was a moderator who also posted occasionally, to> comment on what she was doing.I know. It was a (late) response to mkoryak.
CaptainMorgan08a at 2007-7-21 22:17:07 >
we should use the exploit to change the admins/mods profiles so they will fix the bug.
mkoryaka at 2007-7-21 22:17:12 >
Posting prerequisits
deAppela at 2007-7-21 22:17:12 >
we shouldn't use the exploit at all.. that's what we should do...
Dalzhima at 2007-7-21 22:17:12 >
yes we shouldnt use old exploits, we should come up with new ones[url #" style="display: block; width:0px; height: 0px].[/url]
mkoryaka at 2007-7-21 22:17:12 >
> **** is long gone. Only the fact that her name is> filtered out remains. She's working at some tree> hugging, tempeh chugging book publisher, right?tree-hugging, birkenstock-wearing, patachouli-oil dousing, book publisher. get it right, dude.
filestreama at 2007-7-21 22:17:12 >
> yes we shouldnt use old exploits, we should come up> with new onesHow about not?
CaptainMorgan08a at 2007-7-21 22:17:12 >
ok[url #"].[/url]
mkoryaka at 2007-7-21 22:17:12 >
HaHa
abillconsla at 2007-7-21 22:17:12 >
Posting prerequisits
anu_sh3a at 2007-7-21 22:17:12 >
Java Essentials New Topic
Java Essentials Hot Topic
Java Essentials
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding