Bitcoin Forum
July 24, 2019, 05:46:08 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Does bitcointalk use JavaScript?  (Read 382 times)
Decoded
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024


give me your cryptos


View Profile
October 06, 2016, 01:07:55 AM
 #1

I may be thinking about that sweet security bounty, maybe not Smiley

Just wanted to know if the forum used JavaScript, or is built on just PHP.

looking for a signature campaign, dm me for that
1563947168
Hero Member
*
Offline Offline

Posts: 1563947168

View Profile Personal Message (Offline)

Ignore
1563947168
Reply with quote  #2

1563947168
Report to moderator
1563947168
Hero Member
*
Offline Offline

Posts: 1563947168

View Profile Personal Message (Offline)

Ignore
1563947168
Reply with quote  #2

1563947168
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563947168
Hero Member
*
Offline Offline

Posts: 1563947168

View Profile Personal Message (Offline)

Ignore
1563947168
Reply with quote  #2

1563947168
Report to moderator
1563947168
Hero Member
*
Offline Offline

Posts: 1563947168

View Profile Personal Message (Offline)

Ignore
1563947168
Reply with quote  #2

1563947168
Report to moderator
achow101
Staff
Legendary
*
Offline Offline

Activity: 1834
Merit: 2562


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 06, 2016, 01:11:40 AM
 #2

AFAICT, no JS here. If you can't tell that the forum doesn't use JS, how do you even plan on getting a security bounty?

Decoded
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024


give me your cryptos


View Profile
October 06, 2016, 01:17:01 AM
 #3

AFAICT, no JS here. If you can't tell that the forum doesn't use JS, how do you even plan on getting a security bounty?

I never confirmed I was trying to get it Wink

Obviously an XSS attack wouldn't work, because you can't implement JS into a post. Just thinking whether people would notice anything out of the ordinary if JavaScript was turned on/off.

looking for a signature campaign, dm me for that
buxlover
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
October 06, 2016, 09:45:37 AM
 #4

The forum actually uses some JavaScript for Ajax functionality.
You can read it here. And I think, the forum is built on open source forum tool named PHPBB. jQuery is not been used though. There is a function in that to post data to server in javascript.

The forum is secured for Injections
They even check HTTP referrer to process any data received
They have good session management.

Recently someone tried d-DOS to take server down, in vain, ROFL. I think it'd be pretty hard to do anything stupid on application layer. Try on network layer. And remember, they're running on one of the safest Operating System FreeBSD 6.2 OS. And only 2 ports are opened to public access, Port 80(HTTP) and 443(HTTPS) with nginx server. And they're not vulnerable for  SSL Heartbleed too.

Anyway, Good luck. Happy Hunting!
Decoded
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024


give me your cryptos


View Profile
October 06, 2016, 10:03:55 AM
 #5

The forum actually uses some JavaScript for Ajax functionality.
You can read it here. And I think, the forum is built on open source forum tool named PHPBB. jQuery is not been used though. There is a function in that to post data to server in javascript.

The forum is secured for Injections
They even check HTTP referrer to process any data received
They have good session management.

Recently someone tried d-DOS to take server down, in vain, ROFL. I think it'd be pretty hard to do anything stupid on application layer. Try on network layer. And remember, they're running on one of the safest Operating System FreeBSD 6.2 OS. And only 2 ports are opened to public access, Port 80(HTTP) and 443(HTTPS) with nginx server. And they're not vulnerable for  SSL Heartbleed too.

Anyway, Good luck. Happy Hunting!

Thanks. I contacted Theymos a little while ago and he confirmed that there was JavaScript, however there is no way to change or edit that without having access to the server, so no traditional XSS attacks can be preformed.

The site's locked down pretty tight. There however still are still attacks I could think of that require the site's intervention to succeed, but theres no way to prevent it, as the site performing normally is what drives the attack.

looking for a signature campaign, dm me for that
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!