01-16-2013, 07:07 PM
Hello,
I found and exploit in the system by using the surf module. The exploit was quite simple. I found this exploit on my live site, then made a temp fix.
Basically I made a small program that has 10 threads which navigate to
2 times a second. I found this because it's hardcoded in to the website template (you can find it with a scraper), and it gives you the coins for viewing that site. However they're not actually viewing the site and it will show as having been viewed 300 times a minute.
The easiest fix would just be to disallow direct access to this file so users can't visit those urls.
I found and exploit in the system by using the surf module. The exploit was quite simple. I found this exploit on my live site, then made a temp fix.
Basically I made a small program that has 10 threads which navigate to
Code:
Hidden content for guests2 times a second. I found this because it's hardcoded in to the website template (you can find it with a scraper), and it gives you the coins for viewing that site. However they're not actually viewing the site and it will show as having been viewed 300 times a minute.
The easiest fix would just be to disallow direct access to this file so users can't visit those urls.