Jump to content

browser based game

vincentpol

By vincentpol
in Beta Test Your Stuff!

 Share

Recommended Posts

vincentpol Newbie

vincentpol

Posted
Posted

 

http://www.visiscreen.com/~vincent/

 

I made an online game where you can join 1 of the 4 empires. build on structures to improve your daily income. command soldiers. trade resources. quest to gain some gold and raise your level. fight against NPC and PVP. Main element is Teamwork

 

I would love it if it gets tested by this most respected community ;D.

 

Its totaly free and non commercial.

 

I just want this game to get out since all my teachers loved it and I am really passionate about the concept.

 

hope you will concider.

 

gr vincentpol.

Link to comment
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Cross Site Scripting:

http://www.visiscreen.com/~vincent/phpinfo.php?<script>alert('vulnerable')</script>

 

Cross Site Scripting:

There is Cross Site Scripting if your username contains code.

 

Full Path Disclosure:

http://www.visiscreen.com/~vincent/phpinfo.php

 

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /usr/home/vincent/public_html/data_img/index.php on line 2

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /usr/home/vincent/public_html/data_img/index.php:2) in /usr/home/vincent/public_html/data_img/index.php on line 2

 

Warning: session_destroy(): Session object destruction failed in /usr/home/vincent/public_html/data_img/index.php on line 3

 

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/vincent/public_html/data_img/index.php:2) in /usr/home/vincent/public_html/data_img/index.php on line 4

 

Full Path Disclosure:

There is Full Path Disclosure if your username contains '

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /usr/home/vincent/public_html/process.php on line 986

 

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/vincent/public_html/process.php:986) in /usr/home/vincent/public_html/process.php on line 1012

 

Full Path Disclosure:

There is Full Path Disclosure on the Attack page.

Warning: Invalid argument supplied for foreach() in /usr/home/vincent/public_html/includes/functions.php on line 741
Link to comment
Share on other sites
lightningstrike Newbie

lightningstrike

Posted
Posted

Full Path Disclosure will give the location of files to hackers on errors generated by php.

 

One solution is to fix all errors, or reduce warning level. Or when production ready completely disable the errors  from being displayed in your php.ini file.

 

I also recieved the

 

 

Warning: Invalid argument supplied for foreach() in /usr/home/vincent/public_html/includes/functions.php on line 741 and the battle page showed up at the top above the normal navigation.

Link to comment
Share on other sites
vincentpol Newbie

vincentpol

Posted
  • Author
Posted

ok thanks for the replies all

 

i'll tell you... dis-allowing registeration if they have registered from that IP previously is dumb. people have ips that change and other people use them... etc...

 

and besides my sister/brother may want to play Wink

 

I've seen this before on many sites. People can give me a mail if they badly want 2 accounts and then i can still moniter them. The ips changing thing might be true (dont know network stuff that well) but its just another type of security to narrow down the exploiters,cheaters and other scum that ruin the game. if you have any suggestions on how to do this in a more effective way im all ears.

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /usr/home/vincent/public_html/process.php on line 986

 

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/vincent/public_html/process.php:986) in /usr/home/vincent/public_html/process.php on line 1012

 

There is Full Path Disclosure if you log in with a ' in the username.

 

I now have a name, password and email filter and im going to filter anything else of any kind of input.

 

Full Path Disclosure when I pressed the "Attack" button.

 

Quote

Warning: Invalid argument supplied for foreach() in /usr/home/vincent/public_html/includes/functions.php on line 741

 

It seemed the server i build this game on and where its hosted now do not share the same php version so some stuff didnt work out the way it was meant to be. here it was a bug in the battle engine and its fixed now.

 

The full path disclosure will be fixed soon in the way lightningstrike suggested

 

I can't even get the conformation email...

 

I made an extra button on the login page to resend the activation mail. just type in your email you typed in the registration form and you should recieve it now.

Link to comment
Share on other sites
vincentpol Newbie

vincentpol

Posted
  • Author
Posted

 

Does not check for proper email address input (blah@blah.com) - though not super important, since you require confirmation by email

 

yes im aware of the problem. When the cronjobs are up its going to delete your account with the bad email within 24 hours.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.