Search

Discussion in 'Denied Suggestions' started by crankynurse, Nov 27, 2013.

Thread Status:
Not open for further replies.
Sign in to Post
Thread Tools

Thread Tools

  • Thread ID:
Search
  1. Unread #1 - Nov 27, 2013 at 11:46 PM
  2. crankynurse
    Joined:
    Jul 30, 2011
    Posts:
    778
    Referrals:
    0
    Sythe Gold:
    11

    crankynurse Crankiest nurse around
    Do Not Trade

    Search
    Hi so my suggestion is to take the search option completely off. It may help some but in my opinion it is doing more harm then good at the moment. There are many vulns that can be found in this option and hard to trace them back. You can do anything from steal user logins to footholds into the DB with the right exploits via XSS through the search option. This is just a suggestion and the community should not freak out over this just hoping to get some feedback.
     
    Share
  3. Unread #2 - Nov 28, 2013 at 12:21 AM
  4. BGlave
    Joined:
    Nov 11, 2011
    Posts:
    1,933
    Referrals:
    0
    Sythe Gold:
    0

    BGlave Guru
    Banned

    Search
    Search is a very important feature to every forum. Because of this, it should stay. You may not use it so you don't see the use of it, while there are others who use it probably on a daily basis. As for the exploits, report it?
     
    Share
  5. Unread #3 - Nov 28, 2013 at 12:22 AM
  6. Sythe
    Joined:
    Apr 21, 2005
    Posts:
    8,071
    Referrals:
    465
    Sythe Gold:
    5,271
    Discord Unique ID:
    742989175824842802
    Discord Username:
    Sythe
    Dolan Duck Dolan Trump Supporting Business ???
    Poképedia
    Clefairy Jigglypuff
    Who did this to my freakin' car!
    Hell yeah boooi
    Tier 3 Prizebox Toast Wallet User
    I'm LAAAAAAAME Rust Player Mewtwo Mew Live Free or Die Poké Prizebox (42) Dat Boi

    Sythe Join our discord

    test
    Administrator Village Drunk

    Search
    Dealing with this internally.

    Haven't been able to reproduce any reported exploits in search (and all the known ones have been patched) but I've put in additional security for it anyway.
     
    Share
  7. Unread #4 - Nov 28, 2013 at 12:23 AM
  8. crankynurse
    Joined:
    Jul 30, 2011
    Posts:
    778
    Referrals:
    0
    Sythe Gold:
    11

    crankynurse Crankiest nurse around
    Do Not Trade

    Search
    Yes but what I'm getting at is there may come a time a exploit is successful and no one has any clue where to look because that could just be a foothold. But just a suggestion.
     
    Share
  9. Unread #5 - Nov 28, 2013 at 12:24 AM
  10. Laptop65
    Joined:
    Dec 19, 2010
    Posts:
    7,918
    Referrals:
    4
    Sythe Gold:
    435
    Sythe RSPS Player Sythe Awards 2012 Winner Sythe's 10th Anniversary St. Patrick's Day 2013

    Laptop65 Hero
    $50 USD Donor New

    Search
    What could you do through the search function? As in what exploits would be possible? I'm curious as I thought all you could do with it is just search stuff.
     
    Share
  11. Unread #6 - Nov 28, 2013 at 12:30 AM
  12. crankynurse
    Joined:
    Jul 30, 2011
    Posts:
    778
    Referrals:
    0
    Sythe Gold:
    11

    crankynurse Crankiest nurse around
    Do Not Trade

    Search
    You can do multiple XSS exploits anywhere from cookie credential stealing to footholds in the DB but as sythe said the ones that I reported to him have been patched or are to difficult to use but I'm constantly looking for them :)
     
    Share
  13. Unread #7 - Dec 4, 2013 at 6:43 PM
  14. Superman
    Joined:
    May 17, 2009
    Posts:
    19,919
    Referrals:
    11
    Sythe Gold:
    1,680
    Detective Two Factor Authentication User Doge

    Superman The only user w/ 4 funranks bc I got things done.
    Cool Cat Nick Secret Asian Man Mudkips

    Search
    Following Richard's post, denied. Thanks anyways.
     
    Share
< Proof Requirement | Minirank Game >

Users viewing this thread
1 guest
Thread Status:
Not open for further replies.


 
 
Adblock breaks this site