HITMAN 17 Posted December 10, 2008 Posted December 10, 2008 ok guys i have a guy on my game who basically just said that my game is unsecure i said to him ok show me so he showed me buy sending an annoucement using my account can some one give me some advise and also which pages of my game is unsecure www.thedestroyers.co.cc please dont hack it but you dont really want to see another mccodes game go do you so please help me :) Quote
Savager Posted December 10, 2008 Posted December 10, 2008 Re: Some Advise its called sql_injection... and the only way to stop it is using secure coding on every page. which will take a very long time. all of your pages are unsecure. Quote
Tezza` Posted December 10, 2008 Posted December 10, 2008 Re: Some Advise ok guys i have a guy on my game who basically just said that my game is unsecure i said to him ok show me so he showed me buy sending an annoucement using my account can some one give me some advise and also which pages of my game is unsecure www.thedestroyers.co.cc please dont hack it but you dont really want to see another mccodes game go do you so please help me :) Well this post kinda gives away that announcments.php is insecure. Quote
HITMAN 17 Posted December 10, 2008 Author Posted December 10, 2008 Re: Some Advise ok is the annoucements.php insecure now as i changed it Quote
AlabamaHit Posted December 10, 2008 Posted December 10, 2008 Re: Some Advise I don't see how announcement.hp can be "insecure" it don't submit nothing. it shows a list from a table..... If someone hit you they probarly just used some bs forum attack.... Quote
HITMAN 17 Posted December 10, 2008 Author Posted December 10, 2008 Re: Some Advise forum doesnt work as i took the table off Quote
Tezza` Posted December 10, 2008 Posted December 10, 2008 Re: Some Advise Table or no table, it does not affect the sql. Quote
AlabamaHit Posted December 10, 2008 Posted December 10, 2008 Re: Some Advise You should have deleted the forums.php, like they said, they can still submit there injectin if the file is there. Quote
Zero-Affect Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise try cmarket give us more information on the attack, did he login to you're account? lol @ announcement exploit Quote
Haunted Dawg Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise On the cmarket.php you can only exploit to get crystal's. So no it won't be crystal market. Possibly one of the following wich i had trouble with: forums.php authenticate.php forgotpassword.php I would recomend deleting the forums.php and see what the little boy has to say then. Quote
Zero-Affect Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise On the cmarket.php you can only exploit to get crystal's. So no it won't be crystal market. oh now thats wrong i could get anything from any exploitable place... not trying to be mean here but you're giving out wrong information. any sql weakness can be exploited to do a large amount of things, if you know how most games block cmarket and forums n think nothing of it lol Quote
radio_active Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise I am spending $0.00 - $1000 to a professional programmer to secure all files on my site, create protection portals etc. My admins have all Chipped in some money to make it a bit easier on me. Once that job is done it will move out of the Stage (3) BETA into the open. Also have completely New registration, header.php etc being coded. Good hopes! Quote
Zero-Affect Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise I am spending $0.00 - $1000 to a professional programmer to secure all files on my site, create protection portals etc. My admins have all Chipped in some money to make it a bit easier on me. Once that job is done it will move out of the Stage (3) BETA into the open. Also have completely New registration, header.php etc being coded. Good hopes! 1k is a little high for a mc codes game, is it Nyna? maybe not 250 a hour is her fee lol Quote
Haunted Dawg Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise Zero-Affect, set up a test game. Try exploiting the cmarket.php. Try getting a user's password and what what. Authenticate... Some site's have had this problem where i can put in your username and my password and i can login to your account. Forgot Password... Some site's have had this problem aswell where a user can get the admin's password reset and the email is sent to the user who is exploiting. Forums... ALL site's have had this problem when they begin there v2 mccode game or even v1. Where the exploiter use's something like userpass,userpass,userpass,userpass,userpass,userpass,userpass where userid=1 or am i wrong? Now as for the cmarket. The only input you got is when your selling your own crystal's and it is only removing crystal's from the user's account. I might be wrong but with a simple union select userpass from userid=1 MIGHT work but i am not sure. Quote
radio_active Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise I am spending $0.00 - $1000 to a professional programmer to secure all files on my site, create protection portals etc. My admins have all Chipped in some money to make it a bit easier on me. Once that job is done it will move out of the Stage (3) BETA into the open. Also have completely New registration, header.php etc being coded. Good hopes! 1k is a little high for a mc codes game, is it Nyna? maybe not 250 a hour is her fee lol No i said im willing to spend up to $1000. By the time im finished with it, it will not be MCcode. No its not Nyna and no its not $250 an hour. The Programmer is David Schwartz if i decide to go into business with him. If not him ill probably go with MK5 who charges $125 but at the moment i believe its around $80. It takes much longer then 4 hours aswell to secure every file i believe. This is my hobby, i love it and i will expand on it. When everything is sweet, i will then use this code for any future games i do make which i have one planned with POG1 right now. None the less this isnt just a little game, its a small enterprise xD You have to spend some to make some. Quote
Haunted Dawg Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise I would not recomend MK5. Altho he can program/code very good. He tend's to run off some time's and come back after a week with some stupid excuse. Quote
radio_active Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise Thanks, i have had him work for me before and hes been perfect, im also a customer and he is like my career adviser in effect. Quote
Zero-Affect Posted December 11, 2008 Posted December 11, 2008 Re: Some Advise I would not recomend MK5. Altho he can program/code very good. He tend's to run off some time's and come back after a week with some stupid excuse. reminds me of someone... actually Kyle i have a test site i also have several codes for extracting username password and various other user table rows im sure you're mistake my friend on another note, good luck radio hope it works out well Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.