Number Psychic

[numberpsychic]

Hey!

 

I need testers for a mathematical experiment which I am running. It is based at http://www.numberpsychic.net

 

It's an investigation into the way people think about randomness, and involves an easy five minute game in which you pick a few random numbers, and the NumberPsychic will try to READ YOUR MIND!

 

The NumberPsychic is a learning system, and improves with each game that is played.

 

Thanks so much for your time.

 

[Coreye]

You can skip stages. You don't have to do any of the steps, you can go straight to http://www.numberpsychic.net/results.php.

 

You can keep refreshing http://www.numberpsychic.net/results.php, and the total games from "Nobody else has ever chosen your combination, out of 115 games played so far." number goes up.

 

Cross Site Scripting

You can submit code into the drop down menus for choosing numbers, and on the http://www.numberpsychic.net/results.php page it executes.

 

Cross Site Scripting

<input type="hidden" name="aaaprediction" value="<marquee><h1>vulnerable"/>

[numberpsychic]

Hi Coreye,

 

Thanks for the help. Can you tell me how I can remedy any of these things?

 

How do you make a web page that a person can't just access by typing in the address? How do you stop a person submitting code into the drop down menus? How is that even done?

 

Thanks

 

David

[agentsteal]

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage1.php if the playedbefore field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage2.php if the aaa field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage2.php if the aaaprediction field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the aaa field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the bbb field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the aaaprediction field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the bbbprediction field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the stage2table field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the aaa field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the bbb field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the ccc field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the aaaprediction field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the bbbprediction field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the cccprediction field contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if the drop down menus contain ">code.

 

Drop Down Menu:

If you edit the drop down menus you can submit arbitrary values.

[neoform]

It only guessed my last number correctly.

 

I must be too wily for it.

[helraizer]

It only guessed my last number correctly.

 

I must be too wily for it.

 

It has scored an average of 6.99% over the last 100 plays, compared to an Expectation Value of 10%

 

Your numbers were 3, 7 and 3

 

Number psycic guessed 1, 1 and 1.  It's not very good at playing it's own games.