[VIEWED 15288
TIMES]
|
SAVE! for ease of future access.
|
|
|
Sajha Info
Please log in to subscribe to Sajha Info's postings.
Posted on 07-17-16 12:27
PM
Reply
[Subscribe]
|
Login in to Rate this Post:
2
?
Liked by
|
|
Please be advised that the recent "hacked" message popping up in sajha was due to the lax restrictions on postings. Users were free to use javascript tags within their posts and that was what happened. Some javascript were posted into the threadname thus the javascript was able to show the pop up message and redirect users to some other site. I have disabled the ability to use scripts within the messages and will be coordinating a more stricter policy on what is acceptable. Please rest assured that there were no malwares in the sajha server and user machine or information was compromised. Thank you to all users who informed us regarding this issue. Best wishes
Last edited: 17-Jul-16 12:30 PM
|
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-17-16 12:49
PM [Snapshot: 55]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
well i guess you learned to sanitize data... :)
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-17-16 1:42
PM [Snapshot: 155]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
Well Sajha Info bro, looks like you still have not fixed it ... i am also able to do this ..also there are tons of vulnerabilities in this site.. Hope you fix this... goddamn noobs going around like thinking they are pro hackers coz they learned some xss commands from internet..
|
|
|
mojaboy
Please log in to subscribe to mojaboy's postings.
Posted on 07-17-16 3:42
PM [Snapshot: 232]
Reply
[Subscribe]
|
Login in to Rate this Post:
1
?
Liked by
|
|
|
|
|
Sajha Info
Please log in to subscribe to Sajha Info's postings.
Posted on 07-17-16 4:00
PM [Snapshot: 245]
Reply
[Subscribe]
|
Login in to Rate this Post:
1
?
Liked by
|
|
guys I am on the road and am aware of other variations that can be used - which will be addressed soon. In the meantime please delete your posts with the codes. Thank you
|
|
|
nozzs
Please log in to subscribe to nozzs's postings.
Posted on 07-17-16 7:43
PM [Snapshot: 350]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
tei ta.. anek xss injection bhandai pop ups aucha, ab ta nas testing XSS injection po bhancha hau. kei click n touch garnai hunna hairaan parisakyo. afnu device nai hack hola bhanni dar. dimag kharab banayera. post haru ni bhata bhat harauna thalyo. I m out of here for few days until it gets fixed.
|
|
|
Sajha Info
Please log in to subscribe to Sajha Info's postings.
Posted on 07-19-16 6:01
AM [Snapshot: 616]
Reply
[Subscribe]
|
Login in to Rate this Post:
1
?
Liked by
|
|
Hi all Sajha has always tried to be very lenient as far as what one can post. This is because sometimes people want to share posts which are embedded via use of scr!pts. It seems like this is not a good idea. Initially i had put in a quick fix to rectify the issue but since the abuse (of freedom) has continued I have put in a more stricter policy in place. Thanks and best wishes.
Last edited: 19-Jul-16 06:01 AM
|
|
|
nozzs
Please log in to subscribe to nozzs's postings.
Posted on 07-19-16 6:11
AM [Snapshot: 613]
Reply
[Subscribe]
|
Login in to Rate this Post:
1
?
Liked by
|
|
तत्त! बैमान नास बोरो, के गरर्या हो येस्तो बित्थामा आतंक सृजना गरेर। अब म जस्ता आइ टि फाइ टि को नलेज नभका नि त धेरै छन नि हो यो थलोमा। साझा खोल्न डर लाग्नी अबस्था निम्त्यैदेर। Nas testing XSS injection भनेर मेसेज आयो, मेरो त सातो पुत्लो फ्लाइ। के हो के हो? भर, फेरि injection भन्छ त्यो नि XSS भन्नी अग्यात चिज तेस्माथी नासले हान्देको। हिजो आजको खराब जमाना test गर्या injection लागि हाल्यो भने एड्स नै पो हुन्छ कि जस्तो लागेर कत्तु गिला, तेस्पछी त आफू टाप नि। साझा खोल्नै दर। धन्न ऐले रोग हतेच। लौन प्रभु! फेरि येस्तो आतंक फैलिनी अवस्था नआवस र यो भन्दा नि खराब परिस्थिती नहोस भनेर उचित सुरक्षाको प्रत्याभुती हुनि गरि साझामा सछम सुरक्षा प्रणाली बिकास तथा बेबस्थापन गर्नुस त। ताकी हामी जस्ता निमुखा तथा कम्जोर साझाबासी ले सधै सुरक्षित अनुभूति गर्दै सान्तिको सास फेर्न सकौ र धुक्क त जीवन जिउन सकम्।
|
|
|
magorkhe1
Please log in to subscribe to magorkhe1's postings.
Posted on 07-19-16 8:51
AM [Snapshot: 871]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
|
|
|
ustadamirkhan
Please log in to subscribe to ustadamirkhan's postings.
Posted on 07-19-16 8:59
AM [Snapshot: 880]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
Sajha Admin, First this site was defaced by some group named "Romeo/Juliet" or something a few days back and now this xss injection. Hope you don't have sql injection vulnerability. Otherwise some punk may delete your whole database. Please do a thorough vulnerability testing on your site. Thanks !
Last edited: 19-Jul-16 08:59 AM
|
|
|
OBAMA
Please log in to subscribe to OBAMA's postings.
Posted on 07-19-16 9:12
AM [Snapshot: 855]
Reply
[Subscribe]
|
Login in to Rate this Post:
1
?
Liked by
|
|
नाज़ यस्तो गरना नहुन्ने टिमिले। लौ १०० चोटि उठ बस गर कान समायेरा । फेरी यस्तो गरेमा कड़ा डंडा हरूको प्रयोग गरी साझाबासी ले घोचनेछन टिमिलाई नारामरो sanga 😅😅🙂
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-19-16 10:18
AM [Snapshot: 1004]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
Nas bro, did you figure out how i got "EFF u Nas" to pop up... :) @ustadamirkhan ... the site wasn't defaced.. Romeo was just redirecting it to a page.(mountainlegendnepal.com) Here is the page registrant info: Registrant Name: Parshu Nepal Registrant Organization: parashu.vertexsolution@gmail.com Registrant Street: ktm Registrant City: ktm Registrant State/Province: Bagmati Registrant Postal Code: Ktm Registrant Country: NP Registrant Phone: +977.9741040484
Last edited: 19-Jul-16 10:19 AM
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-19-16 11:22
AM [Snapshot: 1117]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
hahah... testai testai hoo... first ma page load huda programatically Post New(mobile ma bhaye) desktop(Add new thread) ma click hune garne.. anii maathi ko code jastai lekhne ho... imagine 1000 people logging in would create 1000 post every second.. DDOS.. :) ma ta ajha specifically Nas bro lai target garera.. bro ko password cookie chorne sochekooo.. md5 enryption with no salt ho...crack garna sajilai hunuparcha..(kunai din:) btw... ajahai ni sajha le fix gareko chain.. :) mero posting ma gayo bhane still "eff you nas" bhanne pop up aaucha ra mobile site ma redirect garcha..
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-19-16 5:25
PM [Snapshot: 1413]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
koi yetro laamo reply lekheko... bich ma screeeeept bhayera message moderation ma gayo re.. bhayo ta... feri lekhna alchi lagyoo.. alikati coookie hijacking ko barema padha.. tyo aafule bhane jasto cookie line ta c sharp ma chahi tesari ho..... js ma kasari garne hera... :) should be pretty easy.. ani ko user ho thaha paauna bro lai maile sikaunai pardain :)
|
|
|
Archer
Please log in to subscribe to Archer's postings.
Posted on 07-19-16 5:27
PM [Snapshot: 1422]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
@Sajha info... When i go into My Posting... i still get the pop up and says"FUCK U NAS" and it redirects to mobile version.. sorry i did that.. :( but you should fix that too.. :P
|
|
|
Daru
Please log in to subscribe to Daru's postings.
Posted on 07-19-16 5:57
PM [Snapshot: 1456]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
m not sure if it is relevant,,,pls play this game...buddy of mine shared with me....hopefully u win http://targetedattacks.trendmicro.com/
|
|
|