SQL Injections?

[bloodless2010]

Hey again. I'm sorry I keep asking for help its just I'm a noob here :p I just want to ask are there and SQL vulnerability's in V1? If there are any, please tell me what they are so I can fix them! You don't need to tell me exactly what it is only the page and what part is the vulnerability. Thanks.

[AnonymousUser]

heres a site that might be helpful...

http://teachthe.net/

[lucky3809]

V1 can be recoded the queries, but other then that it is pretty much secured.

[Lithium]

V1 can be recoded the queries, but other then that it is pretty much secured.

Sorry but... LOL

[Lithium]

Hey again. I'm sorry I keep asking for help its just I'm a noob here :p I just want to ask are there and SQL vulnerability's in V1? If there are any, please tell me what they are so I can fix them! You don't need to tell me exactly what it is only the page and what part is the vulnerability. Thanks.

If you are going to "fix" them, pretty much looking at the code itself you'll find them!

[lucky3809]

Sorry but... LOL

Why LOL? Is it not secured from SQL Injections?? other then the queries selects everything in the table instead of the fields needed only??? I've looked it through looked secured to me against sql injection unless i missing something, that maybe you can shed some light on lol.

[bloodless2010]

If you are going to "fix" them, pretty much looking at the code itself you'll find them!

if you're going to "help" me, pretty muching helping me will help me.

[AnonymousUser]

do you want someone to help or someone to tell you what to do? if your relying on people here to do work for you, you will have to show your worth. people here feel they're entitled to certain respects and when you ask for 'help' this is there ways of helping some criticism will be good some bad its just how it works around here lol so if you want "Help" then i suggest checking out some of the 'locked' forums under security ;)

[bloodless2010]

I did ask for people not to tell me how to fix it, just what pages need securing.

[Spudinski]

Everything.

[Octarine]

blacklist.php for one

[chicka]

If your looking for help thats one thing but by the sounds of your question your trying to find someone that will do it for you. I doubt anyone is going to do it for you for free. I would recommend learning some php first, look over the difference between secure and not secure and go from there.

here is an example, took all of about 2 min to find

http://bobcares.com/blog/?p=110

[joshuawdams]

People still using V1 and V2? amazing..

[ColdBlooded]

Everything.

I'd like to see you exploit the gym.php page, Spudinski. Or even index.php. According to my knowledge, MCC engine v1 and v2 user-end pages are now secured from SQL injections (for the past several months).

Prove otherwise; and I shall push out a fix very fast.

[chicka]

is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet?

[ColdBlooded]

is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet?

http://samplev1.mccodes.com - StaffCP functionality is disabled.

V1 anyhow is off the shelves now. It's been made open-source and branded as MCCode engine FREE. Download package from: http://mccodes.com/downloadfree.php?type=engine&id=2

Edit: Crystal market & bank exploits has been fixed couple of years ago.

[Spudinski]

I'd like to see you exploit the gym.php page, Spudinski. Or even index.php. According to my knowledge, MCC engine v1 and v2 user-end pages are now secured from SQL injections (for the past several months).

Prove otherwise; and I shall push out a fix very fast.

Like a good 'ol chap once said, if your good at doing something, never do it for free.

But I'm game, what's in it for me?