http://hostamania.com/
In the less than ten minutes since I shared that here, I made a website.
SFW, except for the URL: http://buttfuck.hostamania.com/
Rapid rollout for ridiculous pages sounds exploitable as fuck.
Okay, they failed to reserve subdomains, so I got: http://m.hostamania.com/
Also got blog.hostamania.com but their real blog takes precedence.
Also this lets me execute random javascript on the page. TOTALLY SAFE. Except that I can use jQuery to replace the entire page with whatever content I like, or redirect anywhere from what appears to be an official business page, or other more dodgy stuff.
I think I am going to seriously upset Hulk Hogan with all these tweets I am sending his company explaining how bad the website is.
I've asked them to delete all the pages I made as part of my "here's what I did to your website" email, so in case nobody gets a chance to visit (I doubt they'll get it down that fast) image of m.hostamania.com posted here for posterity. It also gives a JavaScript alert when you arrive, just to point out that I can.
(http://i.imgur.com/rfCiEEk.png)
Wait a minute, who thought it was a shrewd business move to add Hulk Hogan to IT?
Success is practically guaranteed, brother.
It is ridiculously tempting to make ftp.hostamania.com or similar redirect to goatse but I'm resisting the urge to tell people to register common subdomains and giving Hulk a chance to (yes, I think he personally administrates the site) to fix it.
Quote from: Pæs on October 18, 2013, 01:44:10 PM
It is ridiculously tempting to make ftp.hostamania.com or similar redirect to goatse but I'm resisting the urge to tell people to register common subdomains and giving Hulk a chance to (yes, I think he personally administrates the site) to fix it.
I can't think of a single reason not to do this immediately.
Oh, Hulk! Like every other aging man of that generation, he went into IT, just a little after the ship sailed.
They wrote back to me and explained that they coded their subdomain validator and web security in JavaScript.
Yes, the very same JavaScript that modern browsers allow you disable with a checkbox.
Like building your door out of playdough.
TAKE YOUR VITAMINS AND SAY YOUR PRAYERS BROTHER!
Quote from: Pæs on October 21, 2013, 07:44:43 AM
They wrote back to me and explained that they coded their subdomain validator and web security in JavaScript.
Yes, the very same JavaScript that modern browsers allow you disable with a checkbox.
Like building your door out of playdough.
(http://img19.imageshack.us/img19/4213/1ktf.jpg)
Quote from: Tiddleywomp Cockletit on October 21, 2013, 10:57:50 PM
Quote from: Pæs on October 21, 2013, 07:44:43 AM
They wrote back to me and explained that they coded their subdomain validator and web security in JavaScript.
Yes, the very same JavaScript that modern browsers allow you disable with a checkbox.
Like building your door out of playdough.
(http://img19.imageshack.us/img19/4213/1ktf.jpg)
That's a popup that I added as a warning that the page was my bitch. Their JavaScript security is nowhere to be seen.