The forum actually uses some JavaScript for Ajax functionality.
You can read it here. And I think, the forum is built on open source forum tool named PHPBB. jQuery is not been used though. There is a function in that to post data to server in javascript.
The forum is secured for Injections
They even check HTTP referrer to process any data received
They have good session management.
Recently someone tried d-DOS to take server down, in vain, ROFL. I think it'd be pretty hard to do anything stupid on application layer. Try on network layer. And remember, they're running on one of the safest Operating System FreeBSD 6.2 OS. And only 2 ports are opened to public access, Port 80(HTTP) and 443(HTTPS) with nginx server. And they're not vulnerable for SSL Heartbleed too.
Anyway, Good luck. Happy Hunting!
You can read it here. And I think, the forum is built on open source forum tool named PHPBB. jQuery is not been used though. There is a function in that to post data to server in javascript.
The forum is secured for Injections
They even check HTTP referrer to process any data received
They have good session management.
Recently someone tried d-DOS to take server down, in vain, ROFL. I think it'd be pretty hard to do anything stupid on application layer. Try on network layer. And remember, they're running on one of the safest Operating System FreeBSD 6.2 OS. And only 2 ports are opened to public access, Port 80(HTTP) and 443(HTTPS) with nginx server. And they're not vulnerable for SSL Heartbleed too.
Anyway, Good luck. Happy Hunting!
Thanks. I contacted Theymos a little while ago and he confirmed that there was JavaScript, however there is no way to change or edit that without having access to the server, so no traditional XSS attacks can be preformed.
The site's locked down pretty tight. There however still are still attacks I could think of that require the site's intervention to succeed, but theres no way to prevent it, as the site performing normally is what drives the attack.
