Qbasicnews.com

Qbasicnews.com > General > General/Misc > General Programming > Anyone want to look for exploits?
Full Version: Anyone want to look for exploits?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Oz

04-16-2005, 12:02 AM
http://www.atosoftpp.digitalblackie.com/.../index.php
^that's a forum system I've been working on with zshzn and a guy from irc.

I'm trying to find as many exploits as possible, so i can increase my security. WhiteTiger has already found one, which I corrected.
Feel free to make as many absurd posts as possible.
The top panel isn't 100% functional, but don't worry about that - you can post anyways :rotfl:

Anyways, that's all I have so far

Oz~

dilettante

04-16-2005, 02:08 AM
I think i managed to break it. Sorry, but you did ask, right?

Oz

04-17-2005, 12:17 AM
Updated code....

Again, i want to make this secure

@dilettante: I'm not sure if you did - but if you did...i want to know what you did, so i can block against future attacks using whatever you did

Oz~

RZ

04-20-2005, 07:57 AM
Some comments on your coding style. You don't need to export html like this:

print "<div align=\"center\"><table width=\"500\" border=\"1\" cellpadding=\"5\" cellspacing=\"5\">";

You can just put a ?> and then the html, and then commence PHP processing again with <?.

Also you're not using addslashes/stripslashes in all of your database additions from user input. Remember that the user can only cause problems through their interaction with the site, carefully guard the data that they can input.
Qbasicnews.com > General > General/Misc > General Programming > Anyone want to look for exploits?