Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Tue Nov 26, 2024 12:30 am
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: General » Old News & Rumors
[Trailhead] Kevin Balderock
View previous topicView next topic
Page 17 of 28 [411 Posts]   Goto page: Previous 1, 2, 3, ..., 15, 16, 17, 18, 19, ..., 26, 27, 28  Next
Author Message
jalava
Veteran

Joined: 31 Dec 2009
Posts: 76

 		Also that form seems to be vulnerable to simple sql injection as I'm getting MYSQL ERROR and PERMISSON ERROR messages from it. Also trying values to email field adds debug information on front of page.

PostPosted: Sun Jan 31, 2010 5:37 pm
 View user's profile
 Back to top 
Joe Fiddy
Greenhorn

Joined: 01 Feb 2010
Posts: 5
Location: Dover PA USA

 		Email Response
recieved email from Altum
Hello all, I am brand new to ARG and this is the first time I have experienced it. I read up a little and it says to combine your real life with the game so, I did that. I read the blog, looked over the posts. I work for a printer so I sent an email to the email address on Altum's web site telling them so and that I would like more information. I received this back within 20 minutes:
"Joseph,

Thank you for your interest. Could you be a bit more specific about your inquiry?

Sincerely,
Timothy Lamdell
Business Services
AltumCorp Shipping, Inc.
On Mon, Feb 1, 2010 at 7:15 PM, Joseph F Yontz <jyontz> wrote:
Good evening,
I work for a commercial sheet fed printing company and would like to receive some additional information about your company. The website is pretty bland. We ship all over the United States and are always looking for good quality shippers.
Thank you in advance,
Joe"
This doesn't seem like much, but at least there is a contact name now. It could be useful if to getting into the website. I am going to send an email back just asking if I need a log in to the website to becaome a customer. And also ask what kind of shipping serivce they offer. What do you guys think?

PostPosted: Mon Feb 01, 2010 9:54 pm
 View user's profile
 Back to top 
alogicnamedjoe
Boot


Joined: 11 Dec 2003
Posts: 54
Location: Lost

 		Progress?
After making a second attempt to weasel a corporate account from AltumCorp, I received this encouraging email:

Quote:
Thank you for your interest. We do business with only the upper-class of industries. If you would kindly provide us with some information about your company, then we can see if you are a qualified client.


Sincerely,
Mortimer Anderson
Business Services
AltumCorp Shipping, Inc.

The last time I perpetrated like I was a legitimate company, they saw through my ruse pretty easily. Perhaps we should work together in creating a "upper-class" front company. What do you guys think?

Cheers
_________________
[watch this space]

PostPosted: Mon Feb 01, 2010 10:16 pm
 View user's profile
 Back to top 
Joe Fiddy
Greenhorn

Joined: 01 Feb 2010
Posts: 5
Location: Dover PA USA

 		Email Repsonse
continued conversation
Here is the latest reply. i am going to continue to represent with my actual work information. Since this is a legitmate business and we do ship, who knows how far I might be able to go woth it.:
"Joseph,

We work with our clientele to create a customized package that suits both parties. Currently, we offer worldwide shipping with flexible rates. Our teams will pick up on request, and stand by for duty 24/7. We also respect our customers privacy, and do not inspect or open containers unless specifically requested to do so. Depending on your needs there are a variety of other options available.
We look forward to doing business with you.
Sincerely,
Timothy Lamdell
Business Services
AltumCorp Shipping, Inc."

On Mon, Feb 1, 2010 at 8:01 PM, Joseph F Yontz wrote:
Thank you for the quick response Timothy,
As I said we ship printed product all over the United States. We have national accounts all over the lower 48. We have been in business for over 20 years. I was wondering what kind of shipping services you supply? What times you pick up? Will you ship anywhere? Rates? Etc. We currently use courier services, LTL, and the standard overnight options.
Thank you,
Joe

PostPosted: Mon Feb 01, 2010 11:09 pm
 View user's profile
 Back to top 
jalava
Veteran

Joined: 31 Dec 2009
Posts: 76

 		Hey, what email addresses the responses have come from?

I'm working on cracking the admin gui but can't figure which email address to use on it.

PostPosted: Tue Feb 02, 2010 9:21 am
 View user's profile
 Back to top 
Joe Fiddy
Greenhorn

Joined: 01 Feb 2010
Posts: 5
Location: Dover PA USA

 		Email Response
Altum Shipping
jalava wrote:
Hey, what email addresses the responses have come from?

I'm working on cracking the admin gui but can't figure which email address to use on it.


Every response I have gotton has come from:
"business@altumcorp.biz.tm"

PostPosted: Tue Feb 02, 2010 9:30 am
 View user's profile
 Back to top 
BrigitJones
Veteran


Joined: 26 Dec 2009
Posts: 88
Location: Britland

 		Re: Email Response
Altum Shipping
Joe Fiddy wrote:
Every response I have gotton has come from:
"business@altumcorp.biz.tm"


Mine were from the same address.

PostPosted: Tue Feb 02, 2010 9:44 am
 View user's profile
 Back to top 
jalava
Veteran

Joined: 31 Dec 2009
Posts: 76

 		Using businessSPLATaltumcorp.biz.tm gives in head of html result:
Code:
<DEBUG>


I wonder what it expects. The admin page login email address is the crux here I believe. Adding ; into email field gives result MYSQL ERROR and adding ;DROP, ;INSERT, ;UPDATE gives PERMISSION ERROR.

PostPosted: Tue Feb 02, 2010 9:52 am
 View user's profile
 Back to top 
Joe Fiddy
Greenhorn

Joined: 01 Feb 2010
Posts: 5
Location: Dover PA USA

 		Email Response
Different Names
I think we each had different names though. Mine is:
Timothy Lamdell
Business Services
AltumCorp Shipping, Inc.

PostPosted: Tue Feb 02, 2010 9:55 am
 View user's profile
 Back to top 
BrigitJones
Veteran


Joined: 26 Dec 2009
Posts: 88
Location: Britland

 		Terry Allenson
Business Services
AltumCorp Shipping, Inc.

PostPosted: Tue Feb 02, 2010 10:32 am
 View user's profile
 Back to top 
Joe Fiddy
Greenhorn

Joined: 01 Feb 2010
Posts: 5
Location: Dover PA USA

 		Latest email response
So I didn't hear back after I asked to be set up as a client, asked for a quick way to contact AltumCorp and how to register with the website. I followed up with an email expressing my disappointment that a shipping company that claims to have a "higher clientel" is so slow in repsonse and that I thought they were more. I got this as a respionse:

"We apologize, but Mr. Timothy Lamdell is no longer with us. We are currently in the process of transferring your client information. Once a new representative has been assigned, he or she will be in touch with you shortly. We must also remind you that you are not the only person our company deals with, and as an international corporation, we are kept very busy and cannot always reply instantaneously.

AltumCorp Shipping, Inc. "

So I guess I will wait and see what happens. I am hoping to get set up as a client and pass that log in info onto the guys here in hopes of hacking the site.

PostPosted: Tue Feb 02, 2010 8:58 pm
 View user's profile
 Back to top 
jalava
Veteran

Joined: 31 Dec 2009
Posts: 76

 		There is more hints in debug field on web admin interface.

Code:
DEBUG: SELECT * FROM admin WHERE email="business@altumcorp.biz.tm" AND password="business" AND logintype=1 - DATABASE RETURNED 0 RESULTS.


I've tried using quotes in fields but those seem to be escaped, any idea to get the debug to result all fields from admin table now that we know what the table name is.

PostPosted: Wed Feb 03, 2010 3:11 am
 View user's profile
 Back to top 
jalava
Veteran

Joined: 31 Dec 2009
Posts: 76

 		I succesfully logged in by fabricating my own form and replacing logintype 1 with "1 OR 1=1"

There is 3 options, Create Backups, Erase Backups, Restore Backup.

I just erased their backups Razz

Edit: And then I called restore backups -> It's down!

PostPosted: Wed Feb 03, 2010 5:06 pm
 View user's profile
 Back to top 
amandel
I Have 100 Cats and Smell of Wee


Joined: 15 Jan 2008
Posts: 4096
Location: Nederland

 		Worshippy That they are. jalava! And I'm enjoying looking at their 'nothingness' after feeling sooooo thwarted. Kudos Rock On
_________________
"I could write a hell of a paper on a grown man who dresses like a flying rodent."
"Can you hook up with a Snow Person? Can't tell you or I'd have to marry you."

PostPosted: Wed Feb 03, 2010 5:17 pm
 View user's profile Visit poster's website Yahoo Messenger
 Back to top 
BrigitJones
Veteran


Joined: 26 Dec 2009
Posts: 88
Location: Britland

 		Ooh, awesome sauce!

PostPosted: Wed Feb 03, 2010 7:50 pm
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 17 of 28 [411 Posts]   Goto page: Previous 1, 2, 3, ..., 15, 16, 17, 18, 19, ..., 26, 27, 28  Next
View previous topicView next topic
 Forum index » Archive » Archive: General » Old News & Rumors
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group