Jump to content
MakeWebGames

SQL Injections?


bloodless2010

Recommended Posts

Hey again. I'm sorry I keep asking for help its just I'm a noob here :p I just want to ask are there and SQL vulnerability's in V1? If there are any, please tell me what they are so I can fix them! You don't need to tell me exactly what it is only the page and what part is the vulnerability. Thanks.

If you are going to "fix" them, pretty much looking at the code itself you'll find them!

Link to comment
Share on other sites

Sorry but... LOL

Why LOL? Is it not secured from SQL Injections?? other then the queries selects everything in the table instead of the fields needed only??? I've looked it through looked secured to me against sql injection unless i missing something, that maybe you can shed some light on lol.

Link to comment
Share on other sites

do you want someone to help or someone to tell you what to do? if your relying on people here to do work for you, you will have to show your worth. people here feel they're entitled to certain respects and when you ask for 'help' this is there ways of helping some criticism will be good some bad its just how it works around here lol so if you want "Help" then i suggest checking out some of the 'locked' forums under security ;)

Link to comment
Share on other sites

If your looking for help thats one thing but by the sounds of your question your trying to find someone that will do it for you. I doubt anyone is going to do it for you for free. I would recommend learning some php first, look over the difference between secure and not secure and go from there.

here is an example, took all of about 2 min to find

http://bobcares.com/blog/?p=110

Link to comment
Share on other sites

is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet?

Link to comment
Share on other sites

is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet?

http://samplev1.mccodes.com - StaffCP functionality is disabled.

V1 anyhow is off the shelves now. It's been made open-source and branded as MCCode engine FREE. Download package from: http://mccodes.com/downloadfree.php?type=engine&id=2

Edit: Crystal market & bank exploits has been fixed couple of years ago.

Link to comment
Share on other sites

I'd like to see you exploit the gym.php page, Spudinski. Or even index.php. According to my knowledge, MCC engine v1 and v2 user-end pages are now secured from SQL injections (for the past several months).

Prove otherwise; and I shall push out a fix very fast.

Like a good 'ol chap once said, if your good at doing something, never do it for free.

But I'm game, what's in it for me?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...