Home
Thursday, July 27, 2017
6:50:01 AM
Users online: 0   You are here >> Home > Security

Forums | Security Forums search
Forum FAQ
   
  1 | 2 | 3 Next Page 
I Invite You To Break My Site
superfireydave 
17/4/08 4:11:04 AM
Titan

That's right, you heard correctly.

I'm doing a University assignment, and the first part is due soon.

Essentially it's a facebook knock-off. At the moment it's just a basic user list which where you can create, edit, display, browse, and search users.

I'm still in the process of styling everything and making it look really nice, but the main code is pretty much done for this milestone (I hope anyway).

Therefore, I invite you to try and see if you can break if (if you can be stuffed =P) and if you do, please let me know how you did it ^_^

The link:


(yes, there's no index file =P I need to figure out something to put on it :|)

edit: Oh, and I'd appreciate no porn -_-


Edited by superfireydave: 17/4/2008 4:15:29 AM


Edited by superfireydave: 11/7/2008 10:12:10 PM

-----
Mreow?

Harmonic Cacophony 
17/4/08 4:18:19 AM
Titan

Seems to work okay to me. Obviously needs more to it if it's to function as a full on facebook-esque site, but what you've done seems to work great.

-----
Need cheering up?
http://www.youtube.com/watch?v=vdQj2ohqCBk

superfireydave 
17/4/08 4:19:39 AM
Titan

Cool ^_^ thanks for helping =P

-----
Mreow?

smadge1 
17/4/08 6:33:31 AM
Immortal

arghh

the Create Look Search links are too small, or maybe it's just me just waking up...

-----

at first i was like:
{:|
but then:
}:D
I lol'd

[ .. The WHS Guy .. ]

http://geocline.net/
17938

DJ_Pee_Zee 
17/4/08 6:45:18 AM
Titan

Quote by smadge1
arghh

the Create Look Search links are too small, or maybe it's just me just waking up...



I agree to that. I really hate squinting while trying to read.

-----
INTEL Q6600 | 4GB DD2 | 8800GTS 640MB | GB P35-DS3P | Vista Home Premium

johnsee 
17/4/08 7:03:34 AM
Mod
SuperHero

Immortal


http://www.davidlumleydesign.com/2503/assignment/user.php?id=8

Broken enough for you?

-----
Quote by Mac Dude
I love the smell of napalm in the Green Room.
------

battlefield_gir 
17/4/08 7:20:45 AM
Guru

try 4 chan

-----

Minister for Education, Innovation, Science & Research.
Quote by s.o.u.p!
She better be putting out like a porn star on a double serve of horny goat goat weed with spanish fly chasers




T
Mr_Insidious 
17/4/08 7:26:52 AM
Guru

http://www.davidlumleydesign.com/2503/assignment/user.php?id=11

Heh.

-----
http://atomicmusic1.tripod.com/

smadge1 
17/4/08 7:36:03 AM
Immortal

where did Mr Pimbles go? I liked him.

-----

at first i was like:
{:|
but then:
}:D
I lol'd

[ .. The WHS Guy .. ]

http://geocline.net/
17938

Mr_Insidious 
17/4/08 7:37:15 AM
Guru

My user is gone. :S

-----
http://atomicmusic1.tripod.com/

smadge1 
17/4/08 7:42:21 AM
Immortal

Quote by Mr_Insidious
My user is gone. :S



someone probably blanked the name, just adjust the URL to find your user.

-----

at first i was like:
{:|
but then:
}:D
I lol'd

[ .. The WHS Guy .. ]

http://geocline.net/
17938

Sneddo 
17/4/08 7:47:23 AM
Hero
Immortal


Seems you can delete other peoples postings...

And Garry has no header on his page

<_<
>_>

-----

robzy 
17/4/08 12:17:10 PM
Hero
Immortal


Ain't nothin' gonna break my break my site,
nobody's gonna slow me down, oh no,
I've got to keep on movin'.
Ain't nothin' gonna break my site,
I'm never gonna walk such ground, oh no,
I've got to keep on movin'.

(I'll try it out now)

Rob.

-----
&#1506;&#1501; &#1497;&#1513;&#1512;&#1488;&#1500; &#1495;&#1497;

superfireydave 
17/4/08 12:21:02 PM
Titan

Alright, so someone tried to SQL inject and failed =P
Who got the image up and how'd you do it? Just type an image address in the name?

Edit: Nice work DEVERE? I hadn't thought of closing the hyperlink tag in the name >_<


Edited by superfireydave: 17/4/2008 12:23:18 PM

-----
Mreow?

Mr_Insidious 
17/4/08 12:25:58 PM
Guru

http://www.davidlumleydesign.com/2503/assignment/user.php?id=30

-----
http://atomicmusic1.tripod.com/

elusiveone 
17/4/08 12:28:06 PM
Initiate
Quote by Mr_Insidious
http://www.davidlumleydesign.com/2503/assignment/user.php?id=30



Oh that is awesome :D

-----

robzy 
17/4/08 12:28:46 PM
Hero
Immortal


Quote by superfireydave
Alright, so someone tried to SQL inject and failed =P
Who got the image up and how'd you do it? Just type an image address in the name?

Edit: Nice work DEVERE? I hadn't thought of closing the hyperlink tag in the name >_<


That was me... playing around with DEVERE's profile. Because I do thinks like that :P

Allowing HTML in any field is just bad bad bad. You should do that thing where it converts it to that stuff that is in my signature....

Rob.


Edited by robzy: 17/4/2008 12:29:20 PM

-----
&#1506;&#1501; &#1497;&#1513;&#1512;&#1488;&#1500; &#1495;&#1497;

Sir_Substance 
17/4/08 12:30:35 PM
Titan

http://www.davidlumleydesign.com/2503/assignment/user.php?id=32

edit: make sure people cant choose select one as their country.


Edited by Sir_Substance: 17/4/2008 12:31:28 PM

-----
Quote by Nich...
Government says you need some remedial spelling lessons, but hey.



superfireydave 
17/4/08 12:30:41 PM
Titan

Quote by robzy
[
Allowing HTML in any field is just bad bad bad.


I know that! Don't lecture me :<
I just wanted to see how people could break it =P

-----
Mreow?

Linux_Inside V2 
17/4/08 12:31:32 PM
Immortal

It cut off the other half of the name I entered, it put Richa instead of richard or something

BTW

http://au.php.net/strip_tags

Not hard to implement... SANITISE YOUR INPUTS


Edited by Linux_Inside V2: 17/4/2008 12:32:37 PM

-----
Quote by Damo
Although no doubt watching your mother being repeatedly stabbed with a 2 inch stabbing device must be a traumatic experience worthy of future councelling.



  1 | 2 | 3  | Next Page 
Forums | Security