Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:00 AM |
Video demonstration: http://www.youtube.com/watch?v=K4sTldvEARg
I found a second XSS vulnerability. This time it was reflected and not persistent. I reported it and got the Boss White Hat. They fixed the vulnerability. |
|
|
| Report Abuse |
|
|
| |
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:07 AM |
| Well if I didn't report it and just started deleting your items you might have cared. |
|
|
| Report Abuse |
|
|
| |
|
| |
|
|
| 27 Mar 2013 02:15 AM |
| Seriously, whats an XSS hack? |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:32 AM |
| XSS stands for cross-site scripting. Basically you try to get your own javascript to run in other people's browsers. That allows you to perform actions that they would be able to do, such as deleting their items. |
|
|
| Report Abuse |
|
|
GigsD4X
|
  |
| Joined: 06 Jun 2008 |
| Total Posts: 3794 |
|
|
| 27 Mar 2013 02:35 AM |
I reported an XSS vulnerabilty a while back (and it was actually addressed) and didn't get the Boss White Hat :( http://www.roblox.com/Forum/ShowPost.aspx?PostID=60009926 |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:37 AM |
"That allows you to perform actions that they would be able to do, such as deleting their items"
And selling them, etc?
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:40 AM |
That's unfortunate.
I reported mine by emailing info@roblox.com. I think they pay more attention to security problems there. |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:41 AM |
I also like your fake 'infinite money' hack you put up on YouTube.
http://www.youtube.com/watch?v=IBpQXudtOM0
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:42 AM |
@legofreck Yep.
Although since I don't have BC I would have a hard time experimenting to find the way to do that. |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:42 AM |
It's your fake video, isn't it?
Should you know how to do your own fake hack?
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:43 AM |
Yeah the money one is fake.
What do you mean? |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:44 AM |
"Yeah the money one is fake."
I thought people who used their hacks for good and not even got that Boss hat?
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:44 AM |
Trying to fool people with non-legitimate exploits isn't exactly the way to go.
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 02:47 AM |
I did use my (XSS) hacks for good.
I didn't get rewarded for the fake money thing. I didn't report it because it doesn't actually exist.
Well I did start out the video with a rickroll and end it by saying the video is just like the ones that Infinite Solutions (an obvious troll group) makes. |
|
|
| Report Abuse |
|
|
|
| 27 Mar 2013 02:51 AM |
Saw your post on IN too.
Good job man, nice work on helping keep this site safe. You deserve it. |
|
|
| Report Abuse |
|
|
legofreck
|
  |
| Joined: 31 Mar 2008 |
| Total Posts: 399 |
|
|
| 27 Mar 2013 02:51 AM |
It's not exactly keeping the site safe when you release these videos in the first place.
How do we know you haven't been using these?
add precisely 52,160 to my post count |
|
|
| Report Abuse |
|
|
Buge
|
  |
| Joined: 12 Aug 2008 |
| Total Posts: 147 |
|
|
| 27 Mar 2013 03:00 AM |
I only release the videos after the problem has been fixed.
Well I have been using them for testing purposes. For example I used it to buy the hacked t-shirt from Kohltastrophe 11 times while testing.
If I was malicously using them and Roblox saw that around the same time I reported the bug, they might figure out that I was the one doing the hacking.
If I wanted to use the exploits I wouldn't report it, or at least I wouldn't report it with this account. |
|
|
| Report Abuse |
|
|