DrDOS versus LZ (from the sightings thread)

BOBBYGRV · April 12, 2012, 11:56am

Why is it that I had to go to school with all these people. I went to school with the broads that DrDos supposedly hooks up with and JewFro lived down the st from me.

Matt_Danger · April 12, 2012, 12:25pm

A quick glance finds 10 instances in the rendered HTML source of showthread.php. The version number is used as a variable in decimal throughout the codebase and is sometimes sent as a parameter.

There is an SQL injection exploit for this current version.

boardjnky4 · April 12, 2012, 1:25pm

lol, Matt Danger, I just noticed your Location…nerd

LZ1 · April 12, 2012, 3:27pm

Group messages has a sqli

Daddie · April 12, 2012, 3:33pm

This went from OG drama callout to fucking huge nerd injection.

LZ1 · April 12, 2012, 3:42pm

Lol

Minglor · April 12, 2012, 4:00pm

I can’t decide if it’s better or worse…

Spam16v · April 12, 2012, 4:09pm

I think it’s awesome LZ looks like the Sherminator.

Minglor · April 12, 2012, 4:12pm

Sherminator or LZ.

You decide.

Studderin · April 12, 2012, 8:51pm

12.4? hahahahahahaha

Freek · April 12, 2012, 11:08pm

Do I get points for knowing what version we’re on?

boxxa · April 13, 2012, 5:43am

Still one of the best posts in this thread.

LZ1 · April 13, 2012, 5:53am

On bald street tires with a 2.3-2.2? lol I think he ended up going 12.2 with a 2.2

He is putting a rear end in with a real gear and real tires shortly so who knows

---------- Post added at 08:53 AM ---------- Previous post was at 08:50 AM ----------

I thought the SQL injection was in group messages and didn’t work correctly on here.

There was also some XSS in custom profile editing.

However I didn’t spend any real amount of time messing with it lol I could start fuzzing it with drop table;

ultradriver10000 · April 13, 2012, 6:21am

Yup and that was also the first time he has ever been on a track. He has never even owned a V8 with more then 300hp coupled to a manual trans. I’m assuming that me driving with slicks would be a solid 11.7 or better first time out cutting a 1.8 or so. I’d hope .4 in the 60’ would be at least .5s on the back end lol.

boxxa · April 13, 2012, 6:25am

The main SQL injection one is on the search and group messages feature which isn’t used here. This version has a easy DoS hole and some XSS/Open Redirect bugs but nothing wide open that someone can copy and paste code from a site as easy as the main SQL injection.

I do love me a good SQL injection hack tho.

LZ1 · April 13, 2012, 6:26am

Yea 3.73s and that cam are kinda meh also :lol:

---------- Post added at 09:26 AM ---------- Previous post was at 09:25 AM ----------

So your safe from DrDoS

Neon · April 13, 2012, 6:31am

vvvv

boxxa · April 13, 2012, 7:43am

^^^^ becuase of your post, Google chrome detected the page was in Thai and wanted to translate it.

:tup:

LZ1 · April 13, 2012, 7:48am

Neon is an anonymous groupie

Oasis24-7 · April 13, 2012, 8:28am

dinner for schmucks anyone? I think we could pull a real winner from this thread

Topic		Replies	Views
ATTN: UER's NYSpeed Off Topic	200	5924	July 3, 2008
Logo Vote NYSpeed Off Topic	140	4066	March 22, 2007
Petition to change Dos's title to "i try to be snky and its really annoying" NYSpeed Off Topic	68	1636	August 18, 2006
wtf dissapearing threads? PittSpeed Off Topic	99	1531	September 28, 2004
Calling out DrDos NYSpeed Automotive	57	3275	August 17, 2006

DrDOS versus LZ (from the sightings thread)

Related topics