• What Are You Working On? V13
    5,003 replies, posted
[QUOTE=QueenElizebeth;25889449][url]http://rohan.giacjr.dino-hosting.net/[/url] Need some feedback and suggestions please :)[/QUOTE] sql injection. plus you missed the web dev section
[QUOTE=QueenElizebeth;25889449][url]http://rohan.giacjr.dino-hosting.net/[/url] Need some feedback and suggestions please :)[/QUOTE] I suggest discussing your website with the good people of the Web subforum. [url]http://www.facepunch.com/threads/969888-What-are-you-working-on-v3[/url]
[QUOTE=Siemens;25889706]sql injection.[/QUOTE] try
[QUOTE=QueenElizebeth;25889759]try[/QUOTE] [img]http://ahb.me/Rp1[/img]
His sites pretty insecure [code]Warning: fopen(/home/giacjrdi/public_html/rohan/profiles/'.php) [function.fopen]: failed to open stream: No such file or directory in /home/giacjrdi/public_html/rohan/register.php on line 88 Warning: fopen(/home/giacjrdi/public_html/rohan/profiles/profileinfo/'.php) [function.fopen]: failed to open stream: No such file or directory in /home/giacjrdi/public_html/rohan/register.php on line 89 Warning: fwrite(): supplied argument is not a valid stream resource in /home/giacjrdi/public_html/rohan/register.php on line 95[/code] [editline]6th November 2010[/editline] You can overwrite files pretty much anywhere [url]http://rohan.giacjr.dino-hosting.net/test2.php[/url] [editline]6th November 2010[/editline] You can overwrite files pretty much anywhere [url]http://rohan.giacjr.dino-hosting.net/test2.php[/url] [editline]6th November 2010[/editline] I feel like a skiddie, you better fix all this before anyone fucks something up [editline]6th November 2010[/editline] I feel like a skiddie, you better fix all this before anyone fucks something up [editline]6th November 2010[/editline] Oh wow facepunch [editline]6th November 2010[/editline] Oh wow facepunch
Oh hello, code execution vuln! :v: [url]http://rohan.giacjr.dino-hosting.net/test12345.php[/url] [img]http://ahb.me/RpT[/img]
Oh god, don't give tur...Siemens another easy to hack website. He's like a kid in a candy store; he just can't help himself.
Source to index.php [php] <?php include ("nav.php"); ?> <h4><font color="yellow"><DIV ALIGN=CENTER> Number of website views:</font><font color="white"> <?php $padding =6; // How many digits to show $fpt = "counter.txt"; // path to log file - chmod it to 666 include ("viewcounter.php"); ?> <br> </font></font><font color="blue"> <b>This website is currently under construction and is constantly being upgraded.</b></font> <br> <?php include ("database.php"); if(isset($_COOKIE['ID_my_site'])) { $username = mysql_real_escape_string( $_COOKIE['ID_my_site'] ); $pass = mysql_real_escape_string( $_COOKIE['Key_my_site'] ); $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); $found = false; while($info = mysql_fetch_array( $check )) { if ($username == $info['username']) { $found = true; echo "Welcome $username, you are logged in :D<Br><p>"; // echo "Welcome <a href=\"/profiles/".$username.".php?u=num\"><B>$username</B></a>, you are logged in.<p><br><p>"; include ("comment.php"); echo "<br /><br />"; break; } } } else { echo "You are not logged in. Please log in to gain further access."; } ?> <P> </font> <HTML> <HEAD> <link rel="favicon.ico" href="http://www.rohan.giacjr.dino-hosting.net/favicon.ico"> <title> My site </title> <style type="text/css"> <!-- A:link { COLOR: black; TEXT-DECORATION: none; font-weight: normal } A:visited { COLOR: black; TEXT-DECORATION: none; font-weight: normal } A:active { COLOR: green; TEXT-DECORATION: none } A:hover { COLOR: blue; TEXT-DECORATION: none; font-weight: none } --> </style> </HEAD> <BODY> <style type="text/css"> <!-- body { background-image:url('homebackground.jpg'); background-repeat:no-repeat; background-attachment:fixed; } --> </style> <p> </div></font> <center><a href="games.php"> <img border="0" src="Games.png"> </center></a> <p> <br> <Br> <P> <br /> <?php // <center><a href="http://www.rohan.giacjr.dino-hosting.net/MPZJR.html"><font color="red">.:MPZJR:.</a href></font></center></center> // <a href="aboutus.php">About us</a>?> </script> </body> </html> [/php] [editline]6th November 2010[/editline] [QUOTE=CarlBooth;25890120]Oh god, don't give tur...Siemens another easy to hack website. He's like a kid in a candy store; he just can't help himself.[/QUOTE] I belong to the school of thought that the best way to teach people to properly lock down their shit is to show them exactly what can happen when they don't. Controversial, maybe, but often it's necessary. Otherwise they just don't get the message - I've seen it happen.
[QUOTE=Siemens;25890146]I belong to the school of thought that the best way to teach people to properly lock down their shit is to show them exactly what can happen when they don't. Controversial, maybe, but often it's necessary. Otherwise they just don't get the message - I've seen it happen.[/QUOTE] I don't disagree with you.
thanks for your help, got exactly what I needed :)
[QUOTE=QueenElizebeth;25890256]thanks for your help, got exactly what I needed :)[/QUOTE] [url=http://www.addedbytes.com/writing-secure-php/writing-secure-php-1/]Please read this.[/url] I don't want to see this happen to you again :smile:
[QUOTE=Siemens;25890287][url=http://www.addedbytes.com/writing-secure-php/writing-secure-php-1/]Please read this.[/url] I don't want to see this happen to you again :smile:[/QUOTE] Yes sir.
that's how we do it folks [editline]6th November 2010[/editline] bonus fact: i saw the social network today - great movie. First 10 minutes and there's mentions of wget, perl, emacs, apache, and screenshots of KDE and Mozilla
I haven't posted about this in a while: [img]http://i.imgur.com/C7dA9.jpg[/img] (probably looks worse than you remember, I'm on my mums old shitty computer so it's using shadow map instead of stencil shadows) That cardboard man is one of many that will be in the final simulation. He's a physics body (sphere for now) and follows you around the map using A* and lua and a state system. We have the basis for the emotion system and affordance system in now but the AI doesn't use them yet. The final AI will have to walk around, change depending on their emotion. There needs to be 3 different kinds of NPCs. And You need to be able to push NPCs over and all the other NPCs should come and try and help. You also must be able to pick up physics objects and throw them etc. Right now our other team mate is debugging his OBB-OBB collision detection code.
[QUOTE=QueenElizebeth;25890303]Yes sir.[/QUOTE] [img]http://imgs.xkcd.com/comics/exploits_of_a_mom.png[/img] Remember this.
[QUOTE=deloc;25884236]i'll offer ~prizes~[/QUOTE] What do you mean by democompo?
[QUOTE=Icedshot;25890673]What do you mean by democompo?[/QUOTE] a demo competition shit like this: [media]http://www.youtube.com/watch?v=XtCW-axRJV8[/media] [editline]7th November 2010[/editline] or this: [media]http://www.youtube.com/watch?v=71zIlq5d4w4[/media] [sp](but i don't think the second one counts :V)[/sp]
We could have a weekly competition where there's a theme and everyone makes an entry. Sorta like WAYWO Fads, but more organised.
[QUOTE=CarlBooth;25890828]Sorta like WAYWO Fads, but more organised.[/QUOTE] Sorta like fads, except that there's a new one every week. Actually, this sounds kinda good.
[QUOTE=esalaka;25890899]Sorta like fads, except that there's a new one every week. Actually, this sounds kinda good.[/QUOTE] Hell yeah, let's do this!
You guys make me miss having free time :frown: [QUOTE=Siemens;25890755]a demo competition shit like this: [editline]7th November 2010[/editline] or this: [sp](but i don't think the second one counts :V)[/sp][/QUOTE] So just cool shit that runs on its own without user input?
Just got git working and wow, it's awesome!
Have you considered using svn? :buddy:
Programming Language fad? I'll work on a new one so it's fair :v:
It has to be a general theme that's easy for everyone to pick up and you don't need to spend hours on it. Like "Products Microsoft would never make" or something.
Hey guys, quick question. Who the fuck is Siemens
[QUOTE=geel9;25891553]Hey guys, quick question. Who the fuck is Siemens[/QUOTE] I think he's null's alt or something
[QUOTE=CarlBooth;25891480]"Products Microsoft would never make"[/QUOTE] Oh man, I could enter with anything I'm coding :v:
[QUOTE=Siemens;25891583]I think he's null's alt or something[/QUOTE] ...Seriously?
[QUOTE=Siemens;25890755]a demo competition shit like this: [media]http://www.youtube.com/watch?v=XtCW-axRJV8[/media] [editline]7th November 2010[/editline] or this: [media]http://www.youtube.com/watch?v=71zIlq5d4w4[/media] [sp](but i don't think the second one counts :V)[/sp][/QUOTE] Or modern ones like these: [media]http://www.youtube.com/watch?v=Grqb1aIa_4s[/media] Binaries: [URL]http://www.pouet.net/prod.php?which=55558[/URL] Warning: This won't run well without a high-end PC. [media]http://www.youtube.com/watch?v=xfg5O6ftel0[/media] [URL]http://www.pouet.net/prod.php?which=25776[/URL] At least Avast! heuristics falsely detects this as a trojan and prevents it from running, because it was packed (due to 64k demo compo rules) with a packer that was used to pack malware ages ago. Obviously these are made by more than one guy though and took way longer than a week to make. Also both of them are a lot more awesome when you run the binaries on your own PC.
Sorry, you need to Log In to post a reply to this thread.