First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
there is just no fix for this problem ...
Teamspeak3 Webinterface
- Thread starter SoulofSorrow
- Start date
- Apr 23, 2016
- 483
- 249
- 167
I don't know much about frontend, but this tutorial looks kinda ok atleast for me http://phpsec.org/projects/guide/4.html
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
I will now try to fix that... That problem is, that i don´t really now how the hack works and how to fix them.... If someone have usefull tips pls let it me now 
.
.
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
That problem is, that I try to understand the hack, before I try to fix them. Otherwise I can not look if my fix works. I found now that its some kind of "HTML Injection". That mean that i manipulate the link like:
http://example.com/foobar.html?arg=JAVACODE
I have tried that now on https://demo.first-coder.de/ but it won´t work... Sry I am just not a good hacker :S
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
ohhh crap... I know how it work / happens...
that's so dump... Yeah that's a really terrible security problem and need to be fixed for sure... Thank you for this information! If you will get another bugs pls let it me know
that's so dump... Yeah that's a really terrible security problem and need to be fixed for sure... Thank you for this information! If you will get another bugs pls let it me know
Laszl0w
Well-Known Member
- Oct 10, 2015
- 217
- 149
- 143
You gonna see when i do something
EDIT:
Watch out:
https://demo.first-coder.de/index.php?web_profil_edit
https://demo.first-coder.de/index.php?web_main_main
EDIT:
Watch out:
https://demo.first-coder.de/index.php?web_profil_edit
https://demo.first-coder.de/index.php?web_main_main
Last edited:
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
yes I've sawn that. But for now pls let me some time to fix this bug. After that you can try to crash the site again .
.razerxpke12
Member
- Nov 5, 2016
- 4
- 1
- 35
Hello
Discover a failure in your dashboard
Due to error in the profile where we can change the personal information just put in the field Twitter or steam one with me malicious that when the admin will see his profile is redirected to google
For test click:
In Globale Einstellungen click
Benutzer -> And click in firt account (admin in this case)
And see what's happening with just a simple code placed in the profile.
If you need help im epxpert in cybersecurity web and I'm also developing a teamspeak panel but it's still very early on
Discover a failure in your dashboard
Due to error in the profile where we can change the personal information just put in the field Twitter or steam one with me malicious that when the admin will see his profile is redirected to google
For test click:
In Globale Einstellungen click
Benutzer -> And click in firt account (admin in this case)
And see what's happening with just a simple code placed in the profile.
If you need help im epxpert in cybersecurity web and I'm also developing a teamspeak panel but it's still very early on
Last edited:
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
Hey guys,
I found today some time to write some code. And now I should have fixed that XSS exploid. Pls let me know if it works or if i forget some input fields.
I hope it works finde
Dear
First-Coder
I found today some time to write some code. And now I should have fixed that XSS exploid. Pls let me know if it works or if i forget some input fields.
I hope it works finde
Dear
First-Coder
Laszl0w
Well-Known Member
- Oct 10, 2015
- 217
- 149
- 143
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
-.-, i forgot to upload it to the webserver. That ticket isn´t done now, but it will fixed later. On all other sides should be now xss secure!
For JS: I replaced that tags with nothingPage works, what did you do with it?
Code:
.replace(/(<([^>]+)>)/ig,"")For PHP: I show the text with htmlspecialchars and this means it will be not executed.
Sorry for that. The webinterface has already a english version, but i write in german so it´s not up to date. But in the closed alpha will be german and english supported. Later will also come dutch and french if I am right informed.
Last edited:
First-Coder
Active Member
- Nov 14, 2016
- 212
- 83
- 78
Yea that´s trueLooks like its fixed.
But your site still vulnerable to Slowloris
. But this is just a demo side and Slowloris attack not the website. It attacks your whole server. If you have that webinterface on your own server you need to make it Slowloris secure.Correct me if I am wrong
or if i understand that wrong .PS for that who not know Slowloris: https://en.wikipedia.org/wiki/Slowloris_(computer_security)
Joxiii
Discord hater!
- Feb 2, 2016
- 271
- 183
- 92
@First-Coder
My Feedback about First-Coder Closed Beta :
+Very Nice Design!
+Much Features that are useful!
+Easy to use!
-Bot can only connect realtime so it spam the ts3 log . (It would be nice if you have the option how fast the Bot refresh)
Thanks for have the acces of the closed beta and you have made a good job!
My Feedback about First-Coder Closed Beta :
+Very Nice Design!
+Much Features that are useful!
+Easy to use!
-Bot can only connect realtime so it spam the ts3 log . (It would be nice if you have the option how fast the Bot refresh)
Thanks for have the acces of the closed beta and you have made a good job!
Last edited: