Hacking Trollbox / Pocky Gallery
Here's another gallery of moments of embarassment for careless programmers. A few weeks ago I found an exploit in Trollbox, a Windows 93 chatroom, that allowed me to execute arbitrary javascript code within users' clients.
I originally planned to make a video or a live stream hacking session, but soon I realized this would be hard to make interesting, because all the entertaning things (jumpscares, sounds, e.t.c.) occur on the users' ends, which would require signficant effort to record and, even then, we could not capture their reactions.
Due to this, I decided to only post the chat logs indicating what had occurred.
Together with this, I also managed to get the exact location of one user in the chatroom. they had uploaded an image from their phone to trollbox using litterbox.catbox.moe, which doesn't remove EXIF data. After sending him a picture of a location near his home, he went beserk and helped produce more quality content for this blog.
Enjoy.
I plan on uploading both the tutorial for this hack and for mikraite soon, although I might first make a live stream where I deface mikraite according to my viewers' suggestions.
Yours sincerely, Agent Red.