Recent hacked messages in sajha
Please be advised that the recent "hacked" message popping up in sajha was due to the lax restrictions on postings. Users were free to use javascript tags within their posts and that was what happened. Some javascript were posted into the threadname thus the javascript was able to show the pop up message and redirect users to some other site.
I have disabled the ability to use scripts within the messages and will be coordinating a more stricter policy on what is acceptable.
Please rest assured that there were no malwares in the sajha server and user machine or information was compromised.
Thank you to all users who informed us regarding this issue.
Best wishes
Last edited: 17-Jul-16 12:30 PM
well i guess you learned to sanitize data... :)
Well Sajha Info bro, looks like you still have not fixed it ... i am also able to do this ..also there are tons of vulnerabilities in this site.. Hope you fix this... goddamn noobs going around like thinking they are pro hackers coz they learned some xss commands from internet..
guys I am on the road and am aware of other variations that can be used - which will be addressed soon. In the meantime please delete your posts with the codes.
Thank you
tei ta.. anek xss injection bhandai pop ups aucha, ab ta nas testing XSS injection po bhancha hau. kei click n touch garnai hunna hairaan parisakyo. afnu device nai hack hola bhanni dar. dimag kharab banayera.
post haru ni bhata bhat harauna thalyo.
I m out of here for few days until it gets fixed.
Hi all
Sajha has always tried to be very lenient as far as what one can post. This is because sometimes people want to share posts which are embedded via use of scr!pts. It seems like this is not a good idea.
Initially i had put in a quick fix to rectify the issue but since the abuse (of freedom) has continued I have put in a more stricter policy in place.
Thanks and best wishes.
Last edited: 19-Jul-16 06:01 AM
तत्त! बैमान नास बोरो, के गरर्या हो येस्तो बित्थामा आतंक सृजना गरेर। अब म जस्ता आइ टि फाइ टि को नलेज नभका नि त धेरै छन नि हो यो थलोमा। साझा खोल्न डर लाग्नी अबस्था निम्त्यैदेर।
Nas testing XSS injection भनेर मेसेज आयो, मेरो त सातो पुत्लो फ्लाइ। के हो के हो? भर, फेरि injection भन्छ त्यो नि XSS भन्नी अग्यात चिज तेस्माथी नासले हान्देको। हिजो आजको खराब जमाना test गर्या injection लागि हाल्यो भने एड्स नै पो हुन्छ कि जस्तो लागेर कत्तु गिला, तेस्पछी त आफू टाप नि। साझा खोल्नै दर। धन्न ऐले रोग हतेच।
लौन प्रभु! फेरि येस्तो आतंक फैलिनी अवस्था नआवस र यो भन्दा नि खराब परिस्थिती नहोस भनेर उचित सुरक्षाको प्रत्याभुती हुनि गरि साझामा सछम सुरक्षा प्रणाली बिकास तथा बेबस्थापन गर्नुस त। ताकी हामी जस्ता निमुखा तथा कम्जोर साझाबासी ले सधै सुरक्षित अनुभूति गर्दै सान्तिको सास फेर्न सकौ र धुक्क त जीवन जिउन सकम्।
Sajha Admin,
First this site was defaced by some group named "Romeo/Juliet" or something a few days back and now this xss injection. Hope you don't have sql injection vulnerability. Otherwise some punk may delete your whole database. Please do a thorough vulnerability testing on your site.
Thanks !
Last edited: 19-Jul-16 08:59 AM
नाज़ यस्तो गरना नहुन्ने टिमिले। लौ १०० चोटि उठ बस गर कान समायेरा । फेरी यस्तो गरेमा कड़ा डंडा हरूको प्रयोग गरी साझाबासी ले घोचनेछन टिमिलाई नारामरो sanga 😅😅🙂
Nas bro, did you figure out how i got "EFF u Nas" to pop up... :)
@ustadamirkhan ... the site wasn't defaced.. Romeo was just redirecting it to a page.(mountainlegendnepal.com)
Here is the page registrant info:
Registrant Name: Parshu Nepal
Registrant Organization: parashu.vertexsolution@gmail.com
Registrant Street: ktm
Registrant City: ktm
Registrant State/Province: Bagmati
Registrant Postal Code: Ktm
Registrant Country: NP
Registrant Phone: +977.9741040484
Last edited: 19-Jul-16 10:19 AM
hahah... testai testai hoo... first ma page load huda programatically Post New(mobile ma bhaye) desktop(Add new thread) ma click hune garne.. anii maathi ko code jastai lekhne ho... imagine 1000 people logging in would create 1000 post every second.. DDOS.. :) ma ta ajha specifically Nas bro lai target garera.. bro ko password cookie chorne sochekooo.. md5 enryption with no salt ho...crack garna sajilai hunuparcha..(kunai din:)
btw... ajahai ni sajha le fix gareko chain.. :) mero posting ma gayo bhane still "eff you nas" bhanne pop up aaucha ra mobile site ma redirect garcha..
koi yetro laamo reply lekheko... bich ma screeeeept bhayera message moderation ma gayo re.. bhayo ta... feri lekhna alchi lagyoo..
alikati coookie hijacking ko barema padha.. tyo aafule bhane jasto cookie line ta c sharp ma chahi tesari ho..... js ma kasari garne hera... :) should be pretty easy..
ani ko user ho thaha paauna bro lai maile sikaunai pardain :)
@Sajha info...
When i go into My Posting... i still get the pop up and says"FUCK U NAS" and it redirects to mobile version.. sorry i did that.. :( but you should fix that too.. :P
m not sure if it is relevant,,,pls play this game...buddy of mine shared with me....hopefully u win
http://targetedattacks.trendmicro.com/
Please log in to reply to this post
You can also log in using your Facebook