bloodless2010 Posted November 18, 2012 Share Posted November 18, 2012 Hey again. I'm sorry I keep asking for help its just I'm a noob here :p I just want to ask are there and SQL vulnerability's in V1? If there are any, please tell me what they are so I can fix them! You don't need to tell me exactly what it is only the page and what part is the vulnerability. Thanks. Quote Link to comment Share on other sites More sharing options...
AnonymousUser Posted November 19, 2012 Share Posted November 19, 2012 heres a site that might be helpful... http://teachthe.net/ Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted November 19, 2012 Share Posted November 19, 2012 V1 can be recoded the queries, but other then that it is pretty much secured. Quote Link to comment Share on other sites More sharing options...
Lithium Posted November 19, 2012 Share Posted November 19, 2012 V1 can be recoded the queries, but other then that it is pretty much secured. Sorry but... LOL Quote Link to comment Share on other sites More sharing options...
Lithium Posted November 19, 2012 Share Posted November 19, 2012 Hey again. I'm sorry I keep asking for help its just I'm a noob here :p I just want to ask are there and SQL vulnerability's in V1? If there are any, please tell me what they are so I can fix them! You don't need to tell me exactly what it is only the page and what part is the vulnerability. Thanks. If you are going to "fix" them, pretty much looking at the code itself you'll find them! Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted November 19, 2012 Share Posted November 19, 2012 Sorry but... LOL Why LOL? Is it not secured from SQL Injections?? other then the queries selects everything in the table instead of the fields needed only??? I've looked it through looked secured to me against sql injection unless i missing something, that maybe you can shed some light on lol. Quote Link to comment Share on other sites More sharing options...
bloodless2010 Posted November 19, 2012 Author Share Posted November 19, 2012 If you are going to "fix" them, pretty much looking at the code itself you'll find them! if you're going to "help" me, pretty muching helping me will help me. Quote Link to comment Share on other sites More sharing options...
AnonymousUser Posted November 19, 2012 Share Posted November 19, 2012 do you want someone to help or someone to tell you what to do? if your relying on people here to do work for you, you will have to show your worth. people here feel they're entitled to certain respects and when you ask for 'help' this is there ways of helping some criticism will be good some bad its just how it works around here lol so if you want "Help" then i suggest checking out some of the 'locked' forums under security ;) Quote Link to comment Share on other sites More sharing options...
bloodless2010 Posted November 19, 2012 Author Share Posted November 19, 2012 I did ask for people not to tell me how to fix it, just what pages need securing. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted November 19, 2012 Share Posted November 19, 2012 Everything. Quote Link to comment Share on other sites More sharing options...
Octarine Posted November 19, 2012 Share Posted November 19, 2012 blacklist.php for one Quote Link to comment Share on other sites More sharing options...
chicka Posted November 19, 2012 Share Posted November 19, 2012 If your looking for help thats one thing but by the sounds of your question your trying to find someone that will do it for you. I doubt anyone is going to do it for you for free. I would recommend learning some php first, look over the difference between secure and not secure and go from there. here is an example, took all of about 2 min to find http://bobcares.com/blog/?p=110 Quote Link to comment Share on other sites More sharing options...
joshuawdams Posted November 19, 2012 Share Posted November 19, 2012 People still using V1 and V2? amazing.. Quote Link to comment Share on other sites More sharing options...
ColdBlooded Posted November 20, 2012 Share Posted November 20, 2012 Everything. I'd like to see you exploit the gym.php page, Spudinski. Or even index.php. According to my knowledge, MCC engine v1 and v2 user-end pages are now secured from SQL injections (for the past several months). Prove otherwise; and I shall push out a fix very fast. Quote Link to comment Share on other sites More sharing options...
chicka Posted November 20, 2012 Share Posted November 20, 2012 is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet? Quote Link to comment Share on other sites More sharing options...
ColdBlooded Posted November 20, 2012 Share Posted November 20, 2012 is there a v1 demo up somewhere? Last time I checked you can go into the negatives with the crystal market bank, when you were married you could give or take -99999999 from your partner, and others I can't exactly remember off the top of my head.. have any of those been fixed yet? http://samplev1.mccodes.com - StaffCP functionality is disabled. V1 anyhow is off the shelves now. It's been made open-source and branded as MCCode engine FREE. Download package from: http://mccodes.com/downloadfree.php?type=engine&id=2 Edit: Crystal market & bank exploits has been fixed couple of years ago. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted November 20, 2012 Share Posted November 20, 2012 I'd like to see you exploit the gym.php page, Spudinski. Or even index.php. According to my knowledge, MCC engine v1 and v2 user-end pages are now secured from SQL injections (for the past several months). Prove otherwise; and I shall push out a fix very fast. Like a good 'ol chap once said, if your good at doing something, never do it for free. But I'm game, what's in it for me? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.