I hacked Digital Point forum last night and got banned

[jitendraag]

Normally it's a better practice to inform the site owner about a possible bug on their website and ONLY release it to public 'after' the owners have fixed it. You can also file cert advisories so that other webmasters using the software can get security patches.

What you did in this case was probably not the right way to expose the vulnerability. I am happy to know that you were curious enough to try the XSS vulnerability but making it public was not the best step.

[Hellas]

check this out
but dont login

Code:

http://forums.digitalpolnt.com/

watch for l in point.

[jangkrikjr]

Cool tips. But I don't wan't try it

[Shawn]

I got a laugh out of it. If someone did that too my forum and it wasn't anything bad like p0rn, I would have used it to improve the security and not have banned the poster/hacker.

To think that if you were to get ticked off now, you could make it worse on them, if you were a corrupt hacker.

[Shawn]

check this out
but dont login

Code:

http://forums.digitalpolnt.com/

watch for l in point.

What was your point?

Oh, I see, I will go visit.... or maybe not.... probably loads a virus if I did.

[stickycarrots]

lol...that is awesome

[epidemic]

I had one trying it on my old website once, if you use mysql_real_escape_string () youll be fine with any type of injection, it being js or sql

[LogicFlux]

Funny. I'm surprised that vulnerability exists, even in a version that's a year and a half old.

[Mike Dammann]

That place is like a hen house with no roosters. The mod chat has to be pure comedy with everyone trying to figure these things out.

[5starpix]

check this out
but dont login

Code:

http://forums.digitalpolnt.com/

watch for l in point.

probably used to hack accounts on dp, and fool people