Analog Posted March 9, 2010 Posted March 9, 2010 Game: Chaotic Worlds Stage: Beta Story Line: Futuristic, still working on URL: http://www.chaotic-worlds.net Demo Account Username: demo Password: pass Well, its basically McCodes v2 right now, not much added to it yet. I believe security issues have been taken care of. What I need! I want some people to test it all out. It is open to the public, but need some people with the know how to try and break the system basically. Log in page is temporary. New one is in the works that will flow with the in game layout. General layout of pages is still being done. Has been up for 3 weeks with no glitches thus far. Everything is backed up, so no fear if it gets broke... Quote
Jordan Palmer Posted March 9, 2010 Posted March 9, 2010 Looking good mate (: I can't see any major security issue's, Although I didn't play long enough to find any. But looks good :) Quote
wrx Posted March 9, 2010 Posted March 9, 2010 Validate any file your allowing to be uploaded to your site. Don't rely on file extension as validation. wrx Quote
Zero-Affect Posted March 9, 2010 Posted March 9, 2010 I found: 4 XSS 2 CSRF 1 MySQL also afew others im sure with more time i'd find more but all of them are MAJOR issues. the below may be of interest. [mp]17[/mp] WRX does have a very good point. Quote
wrx Posted March 10, 2010 Posted March 10, 2010 WRX does have a very good point. yes the profile image for the demo account pic.gif was not an image yet was uploaded <---- pay no attention to my avatar i had a rough week wrx Quote
Analog Posted March 10, 2010 Author Posted March 10, 2010 I found: 4 XSS 2 CSRF 1 MySQL also afew others im sure with more time i'd find more but all of them are MAJOR issues. the below may be of interest. [mp]17[/mp] WRX does have a very good point. @CrimGame.com - Could you send me details via private messeage with what you found please? @wrx - thanks for the heads up will explore other methods to stop Quote
Zero-Affect Posted March 10, 2010 Posted March 10, 2010 I added you to my MSN earlier this morning, I won't be back on till later today though (im doing that rare thing called sleeping). Quote
Analog Posted March 10, 2010 Author Posted March 10, 2010 I added you to my MSN earlier this morning, I won't be back on till later today though (im doing that rare thing called sleeping). Sleep is always good... Quote
Analog Posted March 10, 2010 Author Posted March 10, 2010 Has a run through with crimgame.com this morning on the game. Pointed out some things I may have missed, so going to do a check of all files. Hit him up if you need some security help.. Quote
Analog Posted March 10, 2010 Author Posted March 10, 2010 updated numerous files to filiter incoming url information Quote
Analog Posted March 12, 2010 Author Posted March 12, 2010 Yeah, I was pretty confident already on the base security especially regarding all the form inputs. Which in turn I completely overlooked the _Get inputs... 1 more update to make, then i think the base should be good. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.