Me Paranoid ?

Mon Feb 18, 2013 7:27 pm » by **Rizze**

I have a theory of what may prove critical to DTV members.

I know a small amount about scripts and how to use them to get information, Today whilst browsing new members, I saw something very familiar to me, it was a word that is used in scripting for webmasters and hackers.
So I delved a bit deeper and found this browserscope a part of this script can be used to get user names, e-mail and ip addresses.

The keyword for here is user_test_csrf
What do you think, anyone here know if I am right or just a bit paranoid. :think:

Do you think there is some foundation to this theory of mine?

Mon Feb 18, 2013 7:47 pm » by **Cosmine**

Ain't it part of dtv's site setup...?

:scary:

Mon Feb 18, 2013 7:50 pm » by **Kinninigan**

Dont ask me!

Mon Feb 18, 2013 7:59 pm » by **Rizze**

I think it goes like this, post reply to topic, add the script, I could be wrong but a few years ago I knew some one that could log in as Full Administrator and use something like this script below and they were not admin, a hacker it was.Not saying this is the actual script, but it mat resemble it.

Code: Select all: if request.POST: current_user = users.get_current_user() u = models.user_test.User.get_or_insert(current_user.user_id()) u.email = request.POST.get('email', current_user.email()) u.save() return http.HttpResponseRedirect('/user/settings')

Click on preview then get the required info without posting the reply.

Mon Feb 18, 2013 8:09 pm » by **Rizze**

OK Here is my reason on why I am a bit para user_test_csrf And check those videos, wtf are these doing here, no relevance at all.

Mon Feb 18, 2013 8:43 pm » by **Zan**

I just created my profile a few days ago and got a message here or email like this, it may even be the same one. I deleted it immediately because I thought is was spam BS.

Mon Feb 18, 2013 9:03 pm » by **WillEase666**

Zan wrote:I just created my profile a few days ago and got a message here or email like this, it may even be the same one. I deleted it immediately because I thought is was spam BS.

You would be right. Welcome to the rabbit hole. :cheers:

Mon Feb 18, 2013 9:18 pm » by **Perry LaGuardia**

WillEase666 wrote:
Zan wrote:I just created my profile a few days ago and got a message here or email like this, it may even be the same one. I deleted it immediately because I thought is was spam BS.

You would be right. Welcome to the rabbit hole.

Aaaaah f'ck....I thought I had pulled

:mrgreen:

Mon Feb 18, 2013 9:19 pm » by **Rizze**

Did anyone read into what I posted, anyone connect the dots?
Not funny you know, I am being quite serious.

But this is

Mon Feb 18, 2013 9:25 pm » by **Perry LaGuardia**

Rizze wrote:Did anyone read into what I posted, anyone connect the dots?
Not funny you know, I am being quite serious.

But this is

Has your penis got a face...thats not funny, thats serious rizze....

Seriously can you explain for dummies, Im good with the hardware but shite with software and programming :flop: