EggSelent
Smash Apprentice
- Joined
- Jul 17, 2013
- Messages
- 189
Hey,
Last night (when the script kiddie ****** DDoSers were inactive or ineffective) I discovered some issues with the site. Out of courtesy, I won't describe the issues at length here, but I found two separate issues.
The first, if undetected / unresolved, could lead to a real reduction of revenue for the tournament organizers.
The second, which I haven't actually fully tested but suspect to be feasible, could have a variety of consequences depending on the attacker's ambitions. For instance, upon viewing the site a visitor could a) have his teammate selections unwittingly removed or changed, b) have his browser crash, c) have his browser redirect to an unwanted destination, or d) have his session data exported to an attacker's server. Those are just a few possibilities that came to mind. So while it's not a fatal vulnerability, it could be a nuisance to competitors and potential competitors.
I will describe the issues (and how to fix them) to the webmasters if they're willing to listen. They're easy to fix, but also easy to find.
Last night (when the script kiddie ****** DDoSers were inactive or ineffective) I discovered some issues with the site. Out of courtesy, I won't describe the issues at length here, but I found two separate issues.
The first, if undetected / unresolved, could lead to a real reduction of revenue for the tournament organizers.
The second, which I haven't actually fully tested but suspect to be feasible, could have a variety of consequences depending on the attacker's ambitions. For instance, upon viewing the site a visitor could a) have his teammate selections unwittingly removed or changed, b) have his browser crash, c) have his browser redirect to an unwanted destination, or d) have his session data exported to an attacker's server. Those are just a few possibilities that came to mind. So while it's not a fatal vulnerability, it could be a nuisance to competitors and potential competitors.
I will describe the issues (and how to fix them) to the webmasters if they're willing to listen. They're easy to fix, but also easy to find.
