Java Plug-in

**TheFarxy** · 14-04-2012, 21:52

nasty one this

**Loriku** · 14-04-2012, 21:52

Submit your attacks for analysis!

**Kitteh** · 14-04-2012, 21:55

Ah ****........

**Bowzer** · 14-04-2012, 22:25

file:C:\Users\****\AppData\Local\Temp\jar_cache827 878788570227754.tmp->msf/x/Help.class

It's loading new files now.

Aieeeeeeeeeeee.

**Eagle** · 14-04-2012, 22:31

FYI the script tag is attempting to insert itself into the title of posts when I hit reply to a post in a lot of threads. Although not in this one ironically enough. And to head off the immediate "it all you" posts it's not happening client side.

**Rushster** · 14-04-2012, 23:23

Right, we have sorted this latest attack out so all pages are clean. They are determined to say the least. However we are making further changes now to put a stop to this which is really inconvenient for everyone. We are doing our very best to deal with these attacks and we are watching it it 24/7. If anyone spots anything before we do, I urge you to send an email to paul@incgamers.com, not just a PM.

**Bowzer** · 14-04-2012, 23:25

Did you get the possible SQL injection method page I had sent you on IRC?

There are several XSS vulnerabilities related to the way the URL button works in the wysiwyg editor as well.

**Rushster** · 14-04-2012, 23:37

Bowzer, those XSS vulnerabilities should be patched in the latest Vbulltion (which this is) I didn't see any other methods you sent. Can you drop me a PM to make sure I have not missed anything you haven't?