Thread: ChiefDelphi is 1337.
View Single Post
  #1   Spotlight this post!  
Unread 05-01-2006, 00:09
Mike's Avatar
Mike Mike is offline
has common ground with Matt Krass
AKA: Mike Sorrenti
FRC #0237 (Sie-H2O-Bots (See-Hoe-Bots) [T.R.I.B.E.])
Team Role: Programmer
  
Join Date: Dec 2004
Rookie Year: 2004
Location: Watertown, CT
Posts: 1,003
Mike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond reputeMike has a reputation beyond repute
ChiefDelphi is 1337.
K, so me and another Chief Delphi member (Adam from 1341) were looking around the new Firefox plugin Yakalike. Yakalike is a program that lets people chat to each other when they are browsing the same site. EG: People browsing ChiefDelphi could all chat together while browsing.

Well, anyways, we were just looking around. We thought it might be based on some sort of IRC backbone (which we still think, and are trying to prove) so we were trying to prove this. Lo and behold, we accidently stumbled upon the login script. So, this sparked our interest. A few stumbles later, and we find out that each site has a unique chat ID. Guess what ChiefDelphi.com is? Quick snippet from my packet sniffer shows...

(channel_id is the GET data referencing what channel to post data to)

So yeah, I just thought I should share that with you guys

EDIT: Link to yakalikE http://www.yakalike.com/
And yes, we are currently writing up an email to the developer of yakalikE explaining this security hole and possible ways to fix it.
__________________
http://www.mikesorrenti.com/
Reply With Quote