V2 I need to know

[dementor]

Im thinking about starting a project using V2 codes

But I need to know what are the main exploits I should be looking to put a stop to in the game when i start it ?

[Haunted Dawg]

Re: V2 I need to know

cmarket.php => sql inject

forums.php => sql inject

register.php => xss inject

viewuser.php => xss inject

Im not sure of others.

[Zero-Affect]

Re: V2 I need to know

depending on the added mods

like:

Profile Signature

then there is some html exploitable points

[Haunted Dawg]

Re: V2 I need to know

If you actualy add the profile signatures correctly, it cant be html exploitable.

[Zero-Affect]

Re: V2 I need to know

that depends on the script you add

like the one which you added to kc was exploitable

register xxs injection care to give some insight into this kyle?

[Haunted Dawg]

Re: V2 I need to know

The register xss inject.. figure it out :wink:

[Haunted Dawg]

Re: V2 I need to know

I wont provide anything for him. :-)

That is the one and iframe. etc.

[Zero-Affect]

Re: V2 I need to know

Thanks Luke

don't see how it effects my register though, then again kyle did code it lol

so basically all you do is

change it to

if($_GET['REF'])
{
$_GET['REF']=abs((int) $_GET['REF']);
print $_GET['REF'];
}

 

right...

[Haunted Dawg]

Re: V2 I need to know

Umm zero i never coded the register on kc, i modified it to fit game.

[Zero-Affect]

Re: V2 I need to know

that reply must mean im correct or you would have notified me in your great wisdom that i was wrong

oh you didn't code it...

oh well oks it was the old register anyways i got mine up now i think

[Haunted Dawg]

Re: V2 I need to know

The register is the same one i had. :|

[Haunted Dawg]

Re: V2 I need to know

BTW all you got to do to the register is:

 

$_GET['ref'] = abs(@intval($_GET['ref']));
$_GET['REF'] = abs(@intval($_GET['REF']));

[Zero-Affect]

Re: V2 I need to know

so basically what i already did lol