1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exploits and Vulnerabilities Section

Discussion in 'Forum Suggestions & Feedback' started by Elliot305, May 13, 2015.

  1. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    545
    Likes Received:
    1,509
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    There are various levels of members here and I'm looking to connect with legit players that are of like-mind. Posting a method, thought-process or past experience I've had in the "Making Money" section is just too vague in my opinion. At least with a section dedicated to exploits and vulnerabilities, you're entering that area knowing what you'll get and I think it would really help with fostering productive conversations. Personally, I would love to discuss strategies and thought-processes of potential vulnerabilities and how to go about taking advantage of them. Heck, I'd be willing to moderate such a section too as I deal solely in these areas and haven't had a normal job in 13 years because of my expertise with them. In closing, I would love to see such a section here and think the value it would bring in getting people to think outside-the-box would be immense.
     
  2. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,398
    Likes Received:
    2,072
    So you're volunteering to moderate a non-existent section on a forum that actively discourages this sort of behaviour?
     
    • Thanks Thanks x 2
  3. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    545
    Likes Received:
    1,509
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    LOL, if that's how you interpret it.
     
  4. TheMasterOfMoney

    TheMasterOfMoney Power Member

    Joined:
    May 22, 2010
    Messages:
    783
    Likes Received:
    1,424
    Home Page:
    The problem is that the vulnerabilities would be patchet almost instantly. I do find exploits too, not so technical like the ones you do, but I am just really good at recognizing patterns that actually create my methods, but if there was a section like that, it would get more complicated for everyone. Just because other people don´t talk about it doesn´t mean they didn´t notice either
     
  5. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,398
    Likes Received:
    2,072
    We are web masters here and people like you are our enemy. Most people here just want to make and rank websites, not ruin some else's day with out exploits. if you want to discuss that shit then go to a forum that is more accepting of it because you won't fit in here.
     
  6. rabbitking

    rabbitking Elite Member

    Joined:
    Sep 24, 2013
    Messages:
    1,712
    Likes Received:
    3,577
    I am not judging your character based on making money with exploits, but the forum heavily leans towards
    building profitable business models and trying to protect them from exploits. Not to mention that section would
    become a regular resource for companies to check and secure any glitches in their business models.
     
  7. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,009
    Likes Received:
    3,197
    Location:
    Hell
    Home Page:
    +1 for this suggestion, Its good to have exploits section. People saying "you are destroying bla bla" are just looking for thanks. Its BHW.
     
  8. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,398
    Likes Received:
    2,072
    lol you're joking right? No one cares about 'thanks' for starters, you can't buy a new car with 'thanks'. Secondly, blackhat means blackhat SEO in this context, not ruining other poeple's websites.
     
    • Thanks Thanks x 1
  9. Repulsor

    Repulsor Power Member

    Joined:
    Jun 11, 2013
    Messages:
    766
    Likes Received:
    275
    Location:
    PHP Scripting ;)
    If you keep your wallet open to the public, one of them is going to take a handful out of it.

    In your point of view it seems to be the fault of the public and they should get better.

    But in my point of view, its our fault thatkeep your wallet open. Not saying we are going to hack every other guys websites. Every single one of them here will try to run an exploit if someone found a loophole in Facebook,G+ or whatever.

    Way better than getting the site wiped off by a Nigerian hacker anyway.
     
    Last edited: May 13, 2015
  10. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,399
    Likes Received:
    1,524
    Location:
    Proudly romanian
    No way ur gonna see this section here.

    First, ur talking about flaws in a CMS or online platforms, which will bring us in the [email protected] area. AND talking about them on public is not a smart move.

    Second, BHW is about SEO, content strategy, money making methods and so on. How can a section like this will fit in here?

    Third. If this section will be allowed imagine how many kids will join BHW to offer their services.

    IMHO it's a pain in the a$$.
     
    • Thanks Thanks x 1
  11. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,566
    Likes Received:
    11,025
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    If you read the rules, it says something about "hacking" and "prohibited"...
     
    • Thanks Thanks x 1
  12. hotdew

    hotdew Regular Member

    Joined:
    Dec 1, 2013
    Messages:
    230
    Likes Received:
    50
    Location:
    Canada
    I think the BH part of BHW misleads a ton of people. Sure, there are a few of us here who make a living from making people's financial lives miserably. I think the vast majority of people here are all about making money the legit way with a respectable dose of hardwork.

    So if we were to do a show of hands, I'm not going to support the idea, and I'm sure the idea will fall through.
     
  13. Society Girl

    Society Girl Moderator Staff Member Moderator Jr. VIP

    Joined:
    Feb 20, 2014
    Messages:
    455
    Likes Received:
    475
    Occupation:
    Customer Support
    Location:
    London
    I'd love to see it. It doesn't have to be hacking or anything necessarily bad or illegal, just showing what is wrong with some systems. I mean, this is a public forum indexed by Google, this isn't about trading secrets and hacking into anywhere and stealing $947673773.

    I come across bugs/flaws/exploits all the time and it'd be good to show what's going on or even old exploits that HAVE been there in the past and discuss why they're there and how to fix future things like it.
    I think that while this is an SEO and marketing forum, it may not be right for BHW but I don't feel it should be banned or a taboo subject.

    Also, I don't like the word "hacking" being used as if It's illegal or either. Hacking is a brilliant way to use websites, software or even devices in a way that they were not maybe made for. What you do with those hacks may be illegal but hacking is just being creative. Life hacks for example.
    Hacking is not some disgusting word that needs to be avoided, It's just the way It's portrayed, mainly by the media.

    TLDR: I'd love to see it, but is it for BHW? Maybe not. If it was was to go through, I think It'd only be a matter of time before "Xbox section!" and "CHICKEN SECTION!!11" requests start coming in.
     
    • Thanks Thanks x 3
  14. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,408
    Likes Received:
    3,056
    Gender:
    Male
    Well, I am from ethical hacking background too, but as per rules, we are not allowed to discuss these things over here. I personally think that bhw administration could allow ethical hacking but I am not sure if they will. This forum is my virtual home, so I am not gonna do something silly that hurts the community. We do have a lot of alternatives anyway..
     
    • Thanks Thanks x 2
  15. phatzilla

    phatzilla Jr. VIP Jr. VIP

    Joined:
    Apr 9, 2009
    Messages:
    1,383
    Likes Received:
    1,023
    Want to buy/sell nice active exploits? check the deep web ;P

    The only useful reasons to post exploits here would be to have them eliminated and/or drum up some business for yourself :)
     
    • Thanks Thanks x 2
  16. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,408
    Likes Received:
    3,056
    Gender:
    Male
    But dude, you know it better than me... Ethical hacking is so much better than getting hacked. Think about it. Rules are meant to be revised atleast...
     
  17. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,566
    Likes Received:
    11,025
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    The so called "ethical hacking" is the politically correct term for the same thing, used to "legitimize" an industry to the public opinion. Hacking in itself is a value-free act. Its use is what determines the "good" or "bad" characterization of the action.

    You can't discuss hacking innoculating it from action. "Here's a remote execution PoC for the latest WP, check out my code which I release for educational purposes only" - Riiiight.
     
    • Thanks Thanks x 1
  18. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,408
    Likes Received:
    3,056
    Gender:
    Male
    Politically correct term for unethical hacking, yes, but this is technology dude. Einstein invented E = MC² but can you convict him for the war? You certainly can't. The point here is to be prepared against the hackers. We have a lot of new webmasters in the community, as this forum is the heart of Internet Marketing. Isn't it better to teach them how to protect against silly vulnerabilities such as MITM, Ddos, XSS, SQL Injection and so on?

    You might say, how do we draw a line / why should the moderators take this burden? That's because IMers here DO suffer from these problems and BHW I believe is primarily meant for helping out these people. Besides, we have techically knowledgeable mods like you, Mr Apricot, s0ap and a lot of others who might know about these things and can delete potentially harmful threads in a jiffy.

    Let me point out an incedent.. I was recently thinking that I could make a post for teaching people how to make a basic fake keygenerator/ coupon generator using VB or similar technologies. I decided not to post because I feared it would be against the terms. A lot of people here practice this. Shouldn't this also be called illegal then? too? In fact, PPI, CPA..these methods should be in the "not to be discussed" zone if you take my opinion.
    Oh yes please dude. Even if you don't post it on the public forum, please do PM me the PoC. I have a lot of blogs to look after and this is how I earn money. I would love to fix it before they get me. Thanks :)
     
    Last edited: May 13, 2015
  19. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,566
    Likes Received:
    11,025
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    This discussion is allowed, and its a simple one. Update, don't use cracked software, secure your credentials, don't connect over untrusted networks, use plugins that help with security.

    Discussing about how to combing timing attacks with weak prngs across different software that are on the same server to get remote execution isn't exactly going to help any IMer trying to secure his site. Vulnerability finding is a nice hobby (and the more exotic, the better), but this is not the forum for this kind of things.

    Feel free to open a suggestion thread. Hacking is not allowed no matter if you use it for PPI, CPA, SEO etc. You can do all of these without hacking. Or should we ban SEO too?

    Feel free to contact one of the reputable 0-day aggregation "ethical hacking" companies. They'll be happy to fulfil your request for a sizable fee.
     
  20. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,408
    Likes Received:
    3,056
    Gender:
    Male
    but this is a part of how they hack right? Couldn't we open a sub-forum in programming section and move the related topics then? Vulnerability finding might be a hobby, but getting hacked certainly isn't IMHO. Some information on Web security could certainly help.
    Well I might do that. Especially, PPI is directly related to getting HACKED. I mean, why would a normal user let a software install another software silently? Wtf? Still, we do not have any policy agianst it, as it seems to me reading the T & C. I guess this is as serious as cookie stuffing. As for SEO, search engines directly get affected, unlike end users..in PPI/PPD cases. Anything unethical should be called unethical. Be it in medical science, or.. in seo. That should not prevent us to discuss about the topic itself(and ofcourse, we are not gonna discuss post mortem over here).
    I have darknet for that. I am a concerned person. Not everyone ( especially the one who is starting it ) is as concerned. Why should we care about the n00bs? Because as some point, we all were n00bs lol.

    Edit: PLease excuse my grammer.English is not a natural language for me :eek:
     
    Last edited: May 13, 2015