Navigation
Content
Links

follow dualisanoob at http://twitter.com

Pwning Rex Kwon Do


This is an illustration of a simple and harmless web hack. It all started with an ego search...




So this Tang Soo Do site linked to dualisanoob. Probably from the "Bow to Your Sensei" ring tone bland had made for me.




I had to check out the main international page. Ooh, they have a guestbook.




Looks normal enough. Let's sign it.




Out of habit I check to see if HTML renders.




Damn that's nasty. Wait a minute. Check out the URL. MessageID=0 and edit=False. Hmm.




I changed the ID and sure enough got somebody's post. But I didn't know where it was. I played around with the numbers until I found the ID of the latest post. Then it was a simple change of False to True...




Add a little pwnt...




And we've got exactly what we want. It's persistent and harmless. Most of all, it was fun.




Other Resources
ha.ckers.org
The Spanner