Contest! The Exploit

Hey G33ks,
I did make a ‘mistake’ (or did I? 😉 ) where I left an exploit in the website for you to find.
So here is the contest:

Dear Reader,

An evil dude know as “Mr. H” hacked my website, and placed a piece of malicious code in my website!
He was a employee as SecCorp, but was fired after hacking into their servers to raise his salary.
After beeing fired, his rage made him hack into all kinds of websites and placing an exploit code.
This code, when run by a webbrowser turns the webbrowser into a zombie.
The zombie then, on the command of Mr. H will send a large amount of traffic to the website of SecCorp.

My Site also became victim of Mr. H.
I don’t want my site to have this exploit in it since I want to have all my visitors safe,
Yet I can’t seem to find the exploit.
I hope you can help me finding and removing the exploit!
I’ve managed to get some more details about Mr. H:

  • He often uses sloppy code
  • He hides his exploit invisible, yet visible in a sourceviewer
  • He likes numbers alot

I will reward you with 100G33kies if you can help me finding this exploit!
You can submit your entry to [email protected], but be sure to have yourself registered on my site first and send me your username, and also have the subject as ‘Contest: The Exploit’
If you don’t I can’t count your submission as valid.

Best of Luck,
Aroop ‘Finlay’ Roelofs

Notes:

  • Contest will end when the exploit is found
  • This would normally be a realworld scenario, but the exploit itself does NOT exist, no harm will be made! using a fake domain (which leads no-where)
  • Only Registered user submissions will be counted as valid
  • The names used in the contest are fake!
  • The G33kies rewarded can not be exchanged for cash
  • No correspondation over the results can be made

Leave a reply