Fixing Stack Overflow
-
For some unknown reason I typed "Stack Overflow" into Google rather than going directly to the website of that name. But something at the top of the Google results caught my attention:
After reading that website several times I have come to the conclusion that I must be too dumb to understand what is written there
-
-
Old, a thread featuring this kind of thing already exists.
-
that's an unusual method to fix that sort of problem
-
Obviously I was too dumb to see the obvious stupidity in the way the page was generated. I was actually trying to parse the page out as a legitimate albeit simplistic explanation and totally failing. I must be TRWTF today.
-
@DescentJS said:
I think this might help explain it
Well, it might explain some, but not all.
@Error Nerds said:Regcure looks over your computer's registry system and repairs the following: Internet Explorer errors, ActiveX errors, Javascript and scripting errors, C++ errors, EXE/ DLL/ OCX/ INF/ VXD errors and more.
IE errors? Sure. ActiveX errors... well, those should really count as IE errors. JavaScript and scripting errors?? You mean like VBS being installed? C++ errors, oh yeah that makes sense. Random file type errors... now that's just random.
But the most important part seems to be:
@Error Nerds said:There's actually lots of reasons why annoying little errors like this one happen, but mostly its caused when new applications get installed over all old applications without being completly removed 100% first, causing registry pile ups and of course, getting error messages.
Yeah, gotta watch out for those registry pile ups! I also love how whoever wrote this seems to think that PC is another word for Windows.
-
The only way to fix Stack Overflow is to destroy the brain stem.
-
Awesome, a utility that can go into badly coded applications and fix all of those occasional infinite recursion errors? I wonder how they managed to do that? lol
-
awesome, a utility, that can actually fix stupidity! through registry!
http://error-nerds.com/how-to-fix/?id=Stupidity&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
i always knew there was something bad about windows...
-
@SEMI-HYBRID code said:
awesome, a utility, that can actually fix stupidity! through registry!
http://error-nerds.com/how-to-fix/?id=Stupidity&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
i always knew there was something bad about windows...
oh damn... too late...
-
@SEMI-HYBRID code said:
awesome, a utility, that can actually fix stupidity! through registry!
http://error-nerds.com/how-to-fix/?id=Stupidity&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
i always knew there was something bad about windows...
Except that stupidity isn't caused by the registry. The real way to fix stupidity errors is to remove System32. I did that and my PC is much less stupid now.
-
@MiffTheFox said:
Except that stupidity isn't caused by the registry. The real way to fix stupidity errors is to remove System32. I did that and my PC is much less stupid now.
Oh, but removing the registry might have a similar effect.
Admittedly, I've never tried either of these fixes.
Someone want to setup a VM?
Edit: Btw, this. My favorite error is about:blank.
-
At least this comes out right:
http://error-nerds.com/how-to-fix/?id=<3&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
-
You guys missed the obvious:
http://error-nerds.com/how-to-fix/?id=%3Cscript%3E&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
-
Doesn't work so well, actually: http://error-nerds.com/how-to-fix/?id=Nothing%3Ch1%3EI%20am%20giant%20tit!%3C/h1%3E%3C
As pointed out above, <script> works well, however <style> works better,
-
@Evo said:
You guys missed the obvious:
http://error-nerds.com/how-to-fix/?id=%3Cscript%3E&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
Maybe I was just a bit too slow.
http://error-nerds.com/how-to-fix/?id=%3Cscript%3Ealert(/xss/)%3C/script%3E
Bonus: note that cleaning the registry can help fix cross-site scripting issues. (On a website you don't own, no less.)
-
I like this one: http://error-nerds.com/how-to-fix/?id=%3C![CDATA[. What are those stupid other meaningless IDs for, anyway? They don't seem to do anything.
-
@ytrewq said:
@Evo said:
You guys missed the obvious:
http://error-nerds.com/how-to-fix/?id=%3Cscript%3E&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
Maybe I was just a bit too slow.
http://error-nerds.com/how-to-fix/?id=%3Cscript%3Ealert(/xss/)%3C/script%3E
Bonus: note that cleaning the registry can help fix cross-site scripting issues. (On a website you don't own, no less.)
Which immediately suggests doing this to the picture of "Andrew the PC Nerd". (NSFW)
-
Although in IE8, I get some "Internet Explorer altered this page to protect you against cross site scripting" error and a whole bunch of your source code.
Still, I love the gratuitous use of addlashes(), where searching for id=a'ownedmaybe tells you about "a\'ownedmaybe". Well at least there's no SQL injection.
-
@josh26 said:
Although in IE8, I get some "Internet Explorer altered this page to protect you against cross site scripting" error and a whole bunch of your source code.
Still, I love the gratuitous use of addlashes(), where searching for id=a'ownedmaybe tells you about "a\'ownedmaybe". Well at least there's no SQL injection.
Note that the site somehow "intelligently" escapes both single and double quotes. It's not an SQL injection protection mechanism, it's (probably) a generic half-baked attempt at preventing cross-site scripting.
-
You'd also think that a site called "Error nerds" could brew up a working 404 error handler. Is it running on some cheap shared hosting?
Not Found
The requested URL /uyguyf was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at error-nerds.com Port 80
-
@ytrewq said:
Note that the site somehow "intelligently" escapes both single and double quotes. It's not an SQL injection protection mechanism, it's (probably) a generic half-baked attempt at preventing cross-site scripting.
Still possible to get quotes into the output. (Probably only working in Firefox; somehow, the <noscript> tag was the only one able to cut off the rest of the page completely.)
-
My favorite part is how the comments template actually includes a heckler, just to make it slightly more believable.
-
That's not part of the site, that's baked into PHP.
-
Site down!
http://downforeveryoneorjustme.com/error-nerds.com
I think someone must have just taken a look at the server logs...
-
@DaveK said:
http://downforeveryoneorjustme.com/error-nerds.com
I think someone must have just taken a look at the server logs...
It reports up for me.
-
@derula said:
(Probably only working in Firefox; somehow, the <noscript> tag was the only one able to cut off the rest of the page completely.)
Worked fine in Safari ... and made me lol
-
@The Wolf said:
Doesn't work so well, actually: http://error-nerds.com/how-to-fix/?id=Nothing<h1>I am giant tit!</h1><
As pointed out above, <script> works well, however <style> works better,
Click me. Now me.
Yeah, the JavaScript could be improved, I'm not exactly a JS expert, but it'll do.
This is fun.
-
@derula said:
@The Wolf said:
Doesn't work so well, actually: http://error-nerds.com/how-to-fix/?id=Nothing%3Ch1%3EI%20am%20giant%20tit!%3C/h1%3E%3C
As pointed out above, <script> works well, however <style> works better,
Click me. Now me.
Yeah, the JavaScript could be improved, I'm not exactly a JS expert, but it'll do.
This is fun.
Off now to switch my noscript back on before something nasty happens to me ... Err, I mean <click>
-
-
-
What really bugs me about that site is being actually listed as McAfee secure.
-
First, going meta: http://error-nerds.com/how-to-fix/?id=fake+%91System+Fixer%92+web+pages&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
Secondly: http://downforeveryoneorjustme.com/downforeveryoneorjustme.com
-
@Oliver Klozoff said:
First, going meta: http://error-nerds.com/how-to-fix/?id=fake+�System+Fixer�+web+pages&id2=EN46&gclid=CLj5wqK4qJwCFdFL5QodZxowiQ
You did click the link in the second post in this thread, didn't you?
-
For more complicated scripting things, such as links to other places etc you can use this and then spell out the stuff without needing "'s
function s(k){return String.fromCharCode(k);}a=s(97);b=s(98);c=s(99);d=s(100);e=s(101);f=s(102);g=s(103);h=s(104);i=s(105);j=s(106);k=s(107);l=s(108);m=s(109);n=s(110);o=s(111);p=s(112);q=s(113);r=s(114);ss=s(115);t=s(116);u=s(117);v=s(118);w=s(119);x=s(120);y=s(121);z=s(122);em=new String();lt=s(60);gt=s(62);sp=s(32);sl=s(47);eq=s(61);zr=s(48);cn=s(58);dt=s(46);qt=s(34);pt=s(37);ds=s(45);
-
@DescentJS said:
For more complicated scripting things, such as links to other places etc you can use this and then spell out the stuff without needing "'s function s(k){return String.fromCharCode(k);}
Is there any difference between defining s with a function body like that and just doing "s=String.fromCharCode"?@DescentJS said:
a=s(97);b=s(98);c=s(99);d=s(100);e=s(101);f=s(102);g=s(103);h=s(104);i=s(105);j=s(106);k=s(107);l=s(108);m=s(109);n=s(110);o=s(111);p=s(112);q=s(113);r=s(114);ss=s(115);t=s(116);u=s(117);v=s(118);w=s(119);x=s(120);y=s(121);z=s(122);em=new String();lt=s(60);gt=s(62);sp=s(32);sl=s(47);eq=s(61);zr=s(48);cn=s(58);dt=s(46);qt=s(34);pt=s(37);ds=s(45);
To generate that bit, I just go to http://ha.ckers.org/xss.html, paste in my text where it says "Characted encoding calculator", copy and paste the result from the "Decimal value" textbox into notepad or similar, and global-search-and-replace "&#" -> ")+s(". That'll get longer quicker than predefining all those letters like that, but for your average short injection you won't be too close to the maximum URL length anyway.
-
This link shows why I chose this method
as to the s=String.fromCharCode, there is not real reason not to do that. I just wasn't sure enough of my javascript to remember if that would work.
-
It seems we exceeded their (his?) bandwidth.
-
@random.next said:
It seems we exceeded their (his?) bandwidth.
WIN!
-
@belgariontheking said:
@random.next said:
Yeah, but what I want to know: has anyone fixed StackOverflow already?It seems we exceeded their (his?) bandwidth.
WIN!
-
@bjolling said:
@belgariontheking said:
@random.next said:
Yeah, but what I want to know: has anyone fixed StackOverflow already?It seems we exceeded their (his?) bandwidth.
WIN!I think we already found out how to do this. Wasn't it
deltree %SYSTEMROOT%\System32\config del %USERPROFILE%\NtUser.* del %APPDATA%\Local\Microsoft\Windows\UsrClass.*
?