Bitcoin Forum

I may be thinking about that sweet security bounty, maybe not :)

Just wanted to know if the forum used JavaScript, or is built on just PHP.

AFAICT, no JS here. If you can't tell that the forum doesn't use JS, how do you even plan on getting a security bounty?

I never confirmed I was trying to get it ;)

Obviously an XSS attack wouldn't work, because you can't implement JS into a post. Just thinking whether people would notice anything out of the ordinary if JavaScript was turned on/off.

The forum actually uses some JavaScript for Ajax functionality.
You can read it here (https://bitcointalk.org/Themes/default/script.js). And I think, the forum is built on open source forum tool named PHPBB (http://phpbb.com). jQuery is not been used though. There is a function in that to post data to server in javascript.

The forum is secured for Injections
They even check HTTP referrer to process any data received
They have good session management.

Recently someone tried d-DOS to take server down, in vain, ROFL. I think it'd be pretty hard to do anything stupid on application layer. Try on network layer. And remember, they're running on one of the safest Operating System FreeBSD 6.2 OS. And only 2 ports are opened to public access, Port 80(HTTP) and 443(HTTPS) with nginx server. And they're not vulnerable for  SSL Heartbleed too.

Anyway, Good luck. Happy Hunting!

Thanks. I contacted Theymos a little while ago and he confirmed that there was JavaScript, however there is no way to change or edit that without having access to the server, so no traditional XSS attacks can be preformed.

The site's locked down pretty tight. There however still are still attacks I could think of that require the site's intervention to succeed, but theres no way to prevent it, as the site performing normally is what drives the attack.