UserID: 1085988 Joined: 09/02/2008 22:49:57 Last Login: 29/12/2011 4:22:57 Last Active: 29/12/2011 4:36:28 Hobbies: Not Entered Location: USA Website: Not Entered TimeZone: GMT -8 Birthday: Not Entered
Points: 25 Description: Found a way to abuse old unused code to login as any user with just his passhash and userid. Proof of concept gave him to get full administrator access on the site.
Points: 100 Description: A major SQL injection was found in the IRC stats page!
Points: 100 Description: StenoPlasma found a SQL injection in the search feature of the rankings page which potentially allowed him to read arbitrary data from the database.
Points: 500 Description: StenoPlasma found a vulnerability in the source viewing script which allowed him to view any file on the server. He also found the same flaw in another script shortly after.
Points: 50 Description: Nines9 and StenoPlasma found a CSRF vulnerability in the Forum BBCode that allowed them to make themselves site administrators, log out users, flag comments, accept and delete IRC linked Nicknames, etc.