Message Board
Message Board > Site bugs/ideas > Bugs! |
January 15, 2008, 15:56 | |
OScoder
None 1338 posts |
Glad to see that those aren't too bad problems then! Btw, you didn't comment on the sql injection point I found! Not sure you can do anything with it though... edit: I *think* I managed to upload a php file through the content submission (I'm getting an internal server error now, instead of a 404). Check this: http://www.booleansoup.com/dow … es/bad_juju.php [Edited on January 15, 2008 by OScoder] ____________ om |
# |
January 15, 2008, 17:21 | |
Fiona
games are terrible -9616558 posts |
Sorry, which SQL injection point? How exactly did you upload a file with a .php extension? (Frim - I thought the gallery checked extensions and only accepted a certain few?) [edit] Oh I see, that's interesting. Apache seems to be catching it though and just panicking. That's not very good though, have to keep that in mind for the future, thanks OSCoder. [Edited on January 15, 2008 by Fiona] ____________ laffo |
# |
January 15, 2008, 18:31 | |
OScoder
None 1338 posts |
Quote: Sorry, which SQL injection point? How exactly did you upload a file with a .php extension? (Frim - I thought the gallery checked extensions and only accepted a certain few?) The trick was to modify the http request sent by my browser with a null character: it sent '... filename="bad_juju.php"' and I changed this to '... filename="bad_juju.php/x00.zip'. Its a shame I couldn't change the directory it was uploaded to! My apologies to whoever validates game submissions btw - I'm afraid I uploaded quite a few tests in order to discover this! The injection point was here: http://www.booleansoup.com/ind … mp;pl=0&dt= ____________ om |
# |
January 15, 2008, 19:45 | |
Fiona
games are terrible -9616558 posts |
Oh. Not my code. The site is more than likely littered with them though. Amateur code all the way through I'm afraid. ____________ laffo |
# |
January 15, 2008, 20:23 | |
Htbaa
Perl 368 posts |
You aren't very supportive towards Frimkron now are you?
____________ blog.htbaa.com |
# |
January 15, 2008, 20:26 | |
Frimkron
Frustrated Megalomaniac 703 posts |
Ho ho ho. Yes its my code. Good find, OS Coder. ____________ |
# |
Page 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 |
Message Board > Site bugs/ideas > Bugs!