kaliza Posted August 6, 2007 Share Posted August 6, 2007 i made this for world of warcraft about 7-8 months ago when i first learned to code, if u guys wanna peak around and try to find any glitches go ahead, Known glitches are script and html tags stay i havent got rid of that. http://www.pidbaq.com/raids/raids.php Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/ Share on other sites More sharing options...
agentsteal Posted August 7, 2007 Share Posted August 7, 2007 Admin Access: The password box contains your password. Array: http://www.pidbaq.com/raids/raids.php?raid[] Cross Site Scripting: http://www.pidbaq.com/raids/raids.php?action=view&raid=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.pidbaq.com/raids/raids.php?decision=delete&raid='><marquee><h1>vulnerable</marquee> Includes Directory: http://www.pidbaq.com/raids/ Log: http://www.pidbaq.com/raids/action_log Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-317290 Share on other sites More sharing options...
teng84 Posted August 8, 2007 Share Posted August 8, 2007 LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL PLZ Don't Refresh the Page One Post Per Player what does it mean HAHAHAHAHAHAHAHAHAHAHAHHAHAHAH ????? Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-318207 Share on other sites More sharing options...
kaliza Posted August 8, 2007 Author Share Posted August 8, 2007 HEY HEY!!! it was one of my first php code i ever did lol ! i mean u don't even wanna see the source, its really bad, but i put admin log in info because it is a demo site, i am demoing it for www.curse.com, its a simple tool to keep track of people who show up to events within games. and the action_log is meant for debugging purposes. btw how do u block the folder view? one more thing, how do to block so if a person refreshes the page it wont insert another query. like a double post. and ty for your help. Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-318273 Share on other sites More sharing options...
lemmin Posted August 8, 2007 Share Posted August 8, 2007 Disallowing directory browsing is done using server settings. Simply placing a default file in the directory would stop most people, but some browsers or software would probably still allow listings. The simplest way to stop refresh from adding another query would be to use post instead of get. Other than that, you can check stuff server side like whether it already exists or not. I think you might be able to use the server variable 'HTTP_REFERER' to make sure it came from the correct page. If the user can come form multiple places, instead of checking to make sure they came from a certain page, check to make sure they don't come from a url that includes the get values that input data. Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-318570 Share on other sites More sharing options...
teng84 Posted August 8, 2007 Share Posted August 8, 2007 Disallowing directory browsing is done using server settings. Simply placing a default file in the directory would stop most people, but some browsers or software would probably still allow listings. The simplest way to stop refresh from adding another query would be to use post instead of get. Other than that, you can check stuff server side like whether it already exists or not. I think you might be able to use the server variable 'HTTP_REFERER' to make sure it came from the correct page. If the user can come form multiple places, instead of checking to make sure they came from a certain page, check to make sure they don't come from a url that includes the get values that input data. use the header file and redirect the user Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-318855 Share on other sites More sharing options...
mattd8752 Posted August 14, 2007 Share Posted August 14, 2007 If your redoing it I suggest using the armory and just asking for their user name and server (or server could be defined by the admin). I did something like this @ http://wow.mattdsworld.com/read.php?name=NAME&realm=REALM Obviously you have to replace NAME and REALM with your name and realm. If you want to see the source for that you can email mrfg2006@gmail.com (I probably won't remember to check back on this topic). Link to comment https://forums.phpfreaks.com/topic/63636-a-php-tool-for-wow/#findComment-323504 Share on other sites More sharing options...
Recommended Posts