you already know what you were exploiting, why can't you just tell me so I can make sure it's secure?
dlh has looked over the code and I believe most of it has been fixed already.
toursumo.tk questions & answers
Moderator: Light
Re: Sumo league - discussion, interest, brainstorming
ok concord,
unsuspend me and let me try to find bugs,
if I still find them, I will tell you where they are and you can fix them, with help of me or dhl.
deal ?
unsuspend me and let me try to find bugs,
if I still find them, I will tell you where they are and you can fix them, with help of me or dhl.
deal ?
Re: Sumo league - discussion, interest, brainstorming
you lost the benefit of the doubt already. tell me the ones you already were using and we'll see.
Re: Sumo league - discussion, interest, brainstorming
concord,
you should trust me on this one.
consider this is the last chance for me, I won't do any shit..
I'll just check if its fixed (good) and what isn't fixed yet, you got my word.
you should trust me on this one.
consider this is the last chance for me, I won't do any shit..
I'll just check if its fixed (good) and what isn't fixed yet, you got my word.
Re: Sumo league - discussion, interest, brainstorming
you need to give me something before i give you something.
Re: Sumo league - discussion, interest, brainstorming
uuhm well prevent logging in as:
Delta
DElta
DELta
prevent exploit, easy done by only allow a-z, A-Z.
so if I try again something like:
<script>alert('hi')</script>
it will be filtered as:
script alert hi script
Delta
DElta
DELta
prevent exploit, easy done by only allow a-z, A-Z.
so if I try again something like:
<script>alert('hi')</script>
it will be filtered as:
script alert hi script
Re: Sumo league - discussion, interest, brainstorming
already fixed both those things
Re: Sumo league - discussion, interest, brainstorming
well..
I gave you something , I hope you now let me check for other bugs
(ex. manual adding a script to your site to manipulate the form).
I gave you something , I hope you now let me check for other bugs
(ex. manual adding a script to your site to manipulate the form).
Re: Sumo league - discussion, interest, brainstorming
There are much better ways to prevent XSS attacks than to filter regex.TheDelta wrote:uuhm well prevent logging in as:
Delta
DElta
DELta
prevent exploit, easy done by only allow a-z, A-Z.
so if I try again something like:
<script>alert('hi')</script>
it will be filtered as:
script alert hi script
What you gave was about the most basic attack there is though. :XTheDelta wrote:well..
I gave you something , I hope you now let me check for other bugs
(ex. manual adding a script to your site to manipulate the form).
You could always chroot a sandbox and let people try to screw with it. It could prove to be useful.Concord wrote:you need to give me something before i give you something.
Re: Sumo league - discussion, interest, brainstorming
ic tnx,
but I need an account so could you manually make some accounts or activate delta ?
but I need an account so could you manually make some accounts or activate delta ?
Re: Sumo league - discussion, interest, brainstorming
I see, delta is in the list.
but when I try login, I am still suspended (redicted to home, nothing happens)
but when I try login, I am still suspended (redicted to home, nothing happens)
Re: Sumo league - discussion, interest, brainstorming
If you were at risk of an XSS attack, you may be for SQL injection as well. I wouldn't keep it on the same database if you were to let him mess around.
I'm assuming that's a copy of the files anyways.
Re: Sumo league - discussion, interest, brainstorming
it's not the same database
delta, try again
delta, try again
Re: Sumo league - discussion, interest, brainstorming
yep it works,
I'll keep you updated on everything I find
I'll keep you updated on everything I find