Jump to content

Kindly dont spoil my site but try to find flaws and report to me

om

By om
in Beta Test Your Stuff!

 Share

Recommended Posts

om Newbie

om

Posted
  • Author
Posted

I posted a message and somehow it worked...  Did I just get a virus? 

 

I still don't understand the whole point of this site?

 

Just make sure to leave your Name, in the message.

 

 

You may have observed there were no advertisements. 

 

I am happy to learn that it has worked,  WAS it Fast,

 

Dont worry from my side there wont be any virus, but from Internet you may get it, to which almost all are equally susceptible.

 

 

The point is communication among the group, just like this message board

  • Replies 260
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

om Newbie

om

Posted
  • Author
Posted

OM what do you plan on doing about the SQL injection on the register page ???

 

Well so far I didn't detect any vulnerability, same clean function works well before $POST is used.

 

If you have found any, please immediatly  or post message here or on my site, I will give you a special mail id at my site / see your inbox.

Maq Prolific Member

Maq

Posted
Posted

Submitted Form State:

 

    * huid: ++

    * htpwd: ++

    * hcode: ++

    * ribtn: ++ Change / Refresh Image

    * cbe: ++

    * jbs_indx_submit: ++Open

 

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

om Newbie

om

Posted
  • Author
Posted

MAQ forget it this guy isnt ever going to learn how to do proper SQL injection, i will laugh when his site gets hacked once again :D

 

Lol!  His site has already been hacked?

 

 

 

 

Can you tell what way?

 

I told some valid people to alter some table show its column names on this

 

site so that at least they prove they were able penetrate the data base?

 

 

 

Initial page is not effected

 

 

Will you help??????????????????

 

 

aximbigfan Regular Member

aximbigfan

Posted
Posted

Welp, I figured out how to login... Barley... After teaching myself PHP, CSS, HTML, VB, VC++, C, Javascript, etc, starting a computer business, and making a custom database server, logging in was close to one of the most confusing things I have ever done...

 

Your links are broken. When you click on something, it doesn't open (you have to right click => "open in new tab" or somesuch). My guess is it is trying to open the link in an iframe (wouldn't be surprised...) or something. I haven't really gotten any deeper in it.

 

As soon as I try to figure out how to post a message, I'll try some things.

 

Do you seriously want your members to try and memorize several different codes just to log in?

 

Chris

 

 

 

 

Maq Prolific Member

Maq

Posted
Posted
Welp, I figured out how to login... Barley... After teaching myself PHP, CSS, HTML, VB, VC++, C, Javascript, etc, starting a computer business, and making a custom database server, logging in was close to one of the most confusing things I have ever done...

 

I laughed when I read that...

 

So are you saying if I can figure out how to log in then I can teach myself PHP, CSS, HTML, VB, VC++, C, Javascript, etc, starting a computer business, and making a custom database server?

aximbigfan Regular Member

aximbigfan

Posted
Posted

Welp, I figured out how to login... Barley... After teaching myself PHP, CSS, HTML, VB, VC++, C, Javascript, etc, starting a computer business, and making a custom database server, logging in was close to one of the most confusing things I have ever done...

 

I laughed when I read that...

 

So are you saying if I can figure out how to log in then I can teach myself PHP, CSS, HTML, VB, VC++, C, Javascript, etc, starting a computer business, and making a custom database server?

 

Pretty much, yeah...

 

Logging in should be the new MENSA membership test. Extra points for posting a message..

 

Chris

aximbigfan Regular Member

aximbigfan

Posted
Posted

Sorry guys, I think I "spoiled" it. I attempted to test the "change password" deal. I think I just killed the guest account he posted...  It won't let me log in anymore, with either password...

 

The new password was "lol", but I can't login anymore. OM could you give us a new guest account? I promise I won't hose it up again!

 

Chris

Maq Prolific Member

Maq

Posted
Posted

Sorry guys, I think I "spoiled" it. I attempted to test the "change password" deal. I think I just killed the guest account he posted...  It won't let me log in anymore, with either password...

 

Chris

 

Good job, how am I going to get in touch with god now?

aximbigfan Regular Member

aximbigfan

Posted
Posted

Sorry guys, I think I "spoiled" it. I attempted to test the "change password" deal. I think I just killed the guest account he posted...  It won't let me log in anymore, with either password...

 

Chris

 

Good job, how am I going to get in touch with god now?

 

Sorry :( I guess you are just going straight to hell :(

 

The new password was going to be "lol", if you want to mess with it..

 

OOM, see the above edited post

 

Chris

Maq Prolific Member

Maq

Posted
Posted

Every time I try to log in it logs me right out...

 

om: You shouldn't have JS popups until the user is finished filling out the fields.  You could have little notifications next to the fields like Yahoo has when you're creating an email account but the popups are just annoying.

om Newbie

om

Posted
  • Author
Posted

Sorry guys, I think I "spoiled" it. I attempted to test the "change password" deal. I think I just killed the guest account he posted...  It won't let me log in anymore, with either password...

 

The new password was "lol", but I can't login anymore. OM could you give us a new guest account? I promise I won't hose it up again!

 

Chris

 

i OBSERVED SOME BODY TESTED CHNG PWD, SO THAT WAS NO PROBLEM, MAY BE be you for got it, so i have over written it back to g and code to g2g, so u can as it is.

 

Well i saw some feed back, but hope once you know  it, there will be nothing so easy.

 

om Newbie

om

Posted
  • Author
Posted

MAQ forget it this guy isnt ever going to learn how to do proper SQL injection, i will laugh when his site gets hacked once again :D

 

Your clean implemented but still is vulnerable to SQL injection checked on sql INJECT ME.

 

So any improvements.

 

Well there was a missing semicolon verify on page 10/9.

 

it gave xss me error while testing.

 

Then i rectified it.

 

 

om Newbie

om

Posted
  • Author
Posted

last I was reading this thread you guys where talking about how horrible the website is, and what not. Now you guys are talking about hacking it, I must say "lol"!

 

I just dont understand, well you, get nothing by destructive [-ve] hacking

 

Posit[+ve]hacking will be appreciated.

 

I discovered a bug my messages at my site can be longer as long as this check out at my site

The following 40 lines are posted................ 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 The following 40 lines are posted................ 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 A totalof The above lines are 83 lines inclu. this

 

om Newbie

om

Posted
  • Author
Posted

You do it!  Download SQL inject me and test it on your forms.

 

i have done it but clean is not really clean.

 

I call it just after the including of files, in the beggining of the php script .

 

Well for a normal operations, the site is strong enough.

 

What do you say

 

Well from now on I look forward for those who can really help me out in getting into the site.

 

Well, I contacted my host, they said it was first down for routine maintanance on Indian sundays.

 

Now, I eagerly look forward to +ve, days.

om Newbie

om

Posted
  • Author
Posted

MAQ forget it this guy isnt ever going to learn how to do proper SQL injection, i will laugh when his site gets hacked once again :D

 

Lol!  His site has already been hacked?

 

 

 

 

Can you tell what way?

 

I told some valid people to alter some table show its column names on this

 

site so that at least they prove they were able penetrate the data base?

 

 

 

Initial page is not effected

 

 

Will you help??????????????????

 

 

Now Maq and others really answer  to the point is expected.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.