Coder-Launch

What about the SQL injection? http://coder-launch.com/viewscript.php?script=

You have a good point. Been trying to explain this to Maximum in a long time.

[editline]10th March 2014[/editline]

I myself only knows GLua but Maximum knows PHP so how exactly would you SQL inject a error?

[editline]10th March 2014[/editline]

doesnt have a line over the name so yeah a error

**Could not get data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘select * from scripts’’ at line 1
**

A+ op, I have full access to your DB

SQL injection is not possible due to it checks for authcodes etc, and runs them to see if they are correct and ofc no one no the auth codes due to they change every 2 minutes.

what the fuck are you talking about

This is basicly saying you were unable to connect to steam, you should just open another tab and try again, always works.

I opened a new window.

Clear your cache + data uploaded to apps

I’d also like to point out that this isn’t an issue with Steam, as it loaded fine, it’s an issue with your website. What ARE you talking about?

i assumed you was going on about download scripts etc that exploit but i now what you meen now, and doubt you could sql inject it, it has Pre prepared statements, try it if you want and tell me what u get back.

[editline]9th March 2014[/editline]

At that current time u couldnt get the data from steam XML, look at the error.

if it has prepared statements I shouldn’t be able to cause an SQL error.

That’s not an issue with Steam, because if it was my server’s loadscreen would throw an SQL error as it uses the Steam community API.

http://puu.sh/7pvYG/24ae49983a.jpg

You have no idea what you’re talking about :v:

there is one not prepared, but i doubt it could be exploited.

Do you want to put a wager on that?

No, but try ur best to exploit it , i would personally wont to see it done.

[editline]10th March 2014[/editline]

It must use another method of fetching steam data, all i saying is that error is basicly saying failed to connect to the xml to get the data

You’re running a website for people to buy/sell stuff, that’s not the kind of attitude you should be taking.

its not really 100% done yet alot of work to finish, i was only trying to see if you were able to exploit it, becuase i dont think its easily exploited.

You honestly have no idea what you’re talking about. There *is *no other way of connecting to the Steam community API except XML, JSON or VDF. I use XML and it works fine.

You are a moron.


(User was banned for this post ("Flaming" - Craptasket))

Why release it to the public then, your best bet is to actually get a working product before you give it out, not a half done website that may or may not have some serious exploits in.