Octarine Posted January 25, 2012 Share Posted January 25, 2012 (edited) Topic moved Edited February 16, 2012 by Octarine Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 25, 2012 Share Posted January 25, 2012 Ok I found... quiet some. Some are really serious, some are annoying, others are... just... would be better to change. Will send you my list in PM. Quote Link to comment Share on other sites More sharing options...
Neon Posted January 25, 2012 Share Posted January 25, 2012 Edited by a_bertrand: DO NOT Provide direct answers here... send them via PM to octarine, at least at first. Quote Link to comment Share on other sites More sharing options...
Nickson Posted January 25, 2012 Share Posted January 25, 2012 my list ends at 29! It's actually a good test :D Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 25, 2012 Share Posted January 25, 2012 It's indeed a good test, it may help some MWG (and me too actually) spot some of the most common and yet some of the less common issues most scripts I saw on MWG share. Quote Link to comment Share on other sites More sharing options...
Dabomstew Posted January 25, 2012 Share Posted January 25, 2012 Getting into this for a while was quite fun and produced quite a long list of issues - which I'm sure isn't close to the "full" answers. Though I did start to question myself after a while on what was actually relevant... Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 25, 2012 Share Posted January 25, 2012 Sorry SomeRandomBastart: I don't want direct answer otherwise people will not need to make any efforts to find the issues as simple as that. It's like a game, so don't spoil it ;) Octarine will help us later on by giving all the info or nearly. Quote Link to comment Share on other sites More sharing options...
Nickson Posted January 25, 2012 Share Posted January 25, 2012 Oh SRB please, you know well enough that this has nothing to do with dictatorship or freedom of speech. It's one of our key rules since ever and that's not changing. I know you like to be evil and jump every chance you have, and if you're right, you're right, but here it was to not give away any spoilers so everyone has a fair chance to make the test so no answers are just copied from the list. I would have done the same, and told every mod to do the same. If you have nothing to say about the topic, don't post in it. If you got an issue with anyone on staff, feel free to pm me. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 25, 2012 Share Posted January 25, 2012 On some forums there is like a spoiler tag which allows you to hide it until you click on the tag and then you see the content. If there was something like that, then maybe it would make sense to leave the results directly on the thread. As we don't have such feature, I'm all in favor of keeping the results away for the moment. BTW My "octarine score" is: Pretty good. all round. not bad, but you would not get you hired. Quote Link to comment Share on other sites More sharing options...
Danny696 Posted January 25, 2012 Share Posted January 25, 2012 How would one define a bug. For instance, I may say a bug is not using say, ob_flush(); whereas another may only see that as optional. Some may use brackets for say, if statements, others may use : and endif; or neither of them. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 25, 2012 Share Posted January 25, 2012 That would be more code style Danny. There is really a lot of open issues in the code, from very obvious which can for example prevent the code to work to some others.... Quote Link to comment Share on other sites More sharing options...
Ishraq Posted January 25, 2012 Share Posted January 25, 2012 There's thousands of things wrong here lol. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted January 25, 2012 Share Posted January 25, 2012 My 'Octarine score': Interesting answer; you've certainly addressed a lot of the points; but I think it's a "not bad, could do better" response. Thanks for the test Octarine, it's useful to test one's skills every once in a while. :) Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted January 25, 2012 Share Posted January 25, 2012 I know I am a noob if you want to call it that in security, because i am still learning about it, but the main thing I would never use in the script provided is $_REQUEST, that is the first thing I see wrong in it, and of course several other things, but not as many as you all see lol, but I am no expert yet. Quote Link to comment Share on other sites More sharing options...
Danny696 Posted January 25, 2012 Share Posted January 25, 2012 I know I am a noob if you want to call it that in security, because i am still learning about it, but the main thing I would never use in the script provided is $_REQUEST, that is the first thing I see wrong in it, and of course several other things, but not as many as you all see lol, but I am no expert yet. Whats wrong with $_REQUEST? (Please I want lucky to answer it) Also, octerain, Now, I know it works fine, but the php manual tells you differently, but would the lowercase l(L) in the first header function be a bug, or just persona preference? Quote Link to comment Share on other sites More sharing options...
Spudinski Posted January 25, 2012 Share Posted January 25, 2012 (edited) Anyone mind a Patebin link? Although I did see the REQUEST global, I think Oct will have a good opinion for that Danny. Actually, not opinion but just primitive. Edited January 25, 2012 by Spudinski T.M.I. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted January 25, 2012 Share Posted January 25, 2012 Anyone mind a Patebin link? Although I did see the REQUEST global, I think Oct will have a good opinion for that Danny. Actually, not opinion but just primitive. Code from first post (I assume you still cannot see things in code tags) as well as table definitions. http://pastebin.com/59DRjrRC Quote Link to comment Share on other sites More sharing options...
Djkanna Posted January 25, 2012 Share Posted January 25, 2012 Urm lol... Quote Link to comment Share on other sites More sharing options...
Neon Posted January 26, 2012 Share Posted January 26, 2012 Milk meh boyss. Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted January 26, 2012 Share Posted January 26, 2012 Whats wrong with $_REQUEST? (Please I want lucky to answer it) It does not only combine $_GET and $_POST, but also $_COOKIE, where a specific cookie value can be set by a malicious user, if the value already exists it will overwrite the $_GET and $_POST data... Maybe I am wrong?? Some people don't think $_REQUEST is bad, but what I have read and learned I will never be using it. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted January 26, 2012 Share Posted January 26, 2012 I found 7 bugs. :O Quote Link to comment Share on other sites More sharing options...
Nickson Posted January 26, 2012 Share Posted January 26, 2012 I found 7 bugs. :O look a little bit deeper, think of everything you can think of, also notice the word "flaws", it might mean more than a bug ... You should have some multiple of what you found ;) Quote Link to comment Share on other sites More sharing options...
Spudinski Posted January 26, 2012 Share Posted January 26, 2012 look a little bit deeper, think of everything you can think of, also notice the word "flaws", it might mean more than a bug ... You should have some multiple of what you found ;) All mine are logic and security errors. Quote Link to comment Share on other sites More sharing options...
Nickson Posted January 26, 2012 Share Posted January 26, 2012 still, look at the script, make it better in any possible way you can think of. C'mon spudinski, show us what you're worth! If it crosses your mind, add it to your list. And now I need to shut up before octarine kills me for spoiling much xD Quote Link to comment Share on other sites More sharing options...
Spudinski Posted January 26, 2012 Share Posted January 26, 2012 still, look at the script, make it better in any possible way you can think of. C'mon spudinski, show us what you're worth! If it crosses your mind, add it to your list. And now I need to shut up before octarine kills me for spoiling much xD I'm worth 10p... who want to buy? Lol. I'll edit the script and take note of changes, though there are dependencies I cannot replicate accurately. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.