Extbasic 7

Learn how to do code review

Extbasic 7

Post by Nyteblade on Wed Apr 23, 2008 10:10 am
([msg=1070]see Extbasic 7[/msg])

Ok... I've noticed that the code on extbasic 7 changed again. Is this the final revision of that mission? I'm trying to complete it but if it keeps changing it's going to make it more difficult to figure it out :D LoL
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Extbasic 7

Post by -Pein-God- on Wed Apr 23, 2008 2:59 pm
([msg=1105]see Re: Extbasic 7[/msg])

Yea...I'm stuck on this ExtB.7 too ....i know what is the wrong LINE but i don't know what too change
-Pein-God-
New User
New User
 
Posts: 8
Joined: Wed Apr 23, 2008 8:15 am
Blog: View Blog (0)


Re: Extbasic 7

Post by sharpskater69 on Wed Apr 23, 2008 3:46 pm
([msg=1111]see Re: Extbasic 7[/msg])

There must be at least a few other ways to patch it besides the function I'm trying, so try other ways I guess.
sharpskater69
New User
New User
 
Posts: 34
Joined: Tue Apr 22, 2008 4:10 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by max_1250 on Wed Apr 23, 2008 7:19 pm
([msg=1129]see Re: Extbasic 7[/msg])

There's an error in your script...

<?php
if (!empty($_POST['data']))
{
$data = mysql_real_escape_string($_POST['data']);
mysql_query("INSERT INTO tbl_data (data) VALUES '$data'");
}

?>
<form name="grezvahfvfnjuvavatovgpu" action="<?=$_SERVER['PHP_SELF']?>" method="get">
<input type="textbox" name="data" />
<input type="submit" />
</form>



you wrote $_POST at 2 places but in the form it's "get" method... $_GET[ ...
max_1250
New User
New User
 
Posts: 18
Joined: Tue Apr 15, 2008 2:53 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by max_1250 on Wed Apr 23, 2008 7:27 pm
([msg=1130]see Re: Extbasic 7[/msg])

By the way, I guess this 'mission' is broken... I know the right answer(s), nothing works... can any admin or moderator PM me so I can show you my answer?Thanksss
max_1250
New User
New User
 
Posts: 18
Joined: Tue Apr 15, 2008 2:53 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by I-MrKnox-I on Thu Apr 24, 2008 4:07 am
([msg=1165]see Re: Extbasic 7[/msg])

lol, I see multiple flaws in this script, guys...
I-MrKnox-I
New User
New User
 
Posts: 20
Joined: Fri Apr 18, 2008 2:45 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by Nyteblade on Thu Apr 24, 2008 7:57 am
([msg=1190]see Re: Extbasic 7[/msg])

At one time they had $_GET['data'] in their script. 1st is was $_POST['data'].. then $_GET['data'].. now it's $_POST['data'] again.

Has anyone gotten this recently? I know there's a bunch out there that have completed it but I'm asking about anyone who's completed it within the ... oh say... last month?

EDIT: Well, they changed it again. Now it shows a POST method.
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Extbasic 7

Post by nights_shadow on Thu Apr 24, 2008 11:25 am
([msg=1201]see Re: Extbasic 7[/msg])

Alright, do I want to take out the vulnerable piece or somehow make it work while using that same vulnerable piece?

Also, if I do have to take out that vulnerable piece, how exact do I want to make it? Like is specifying a charset to be submitted going too far?
nights_shadow
New User
New User
 
Posts: 2
Joined: Wed Apr 23, 2008 4:04 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by TheMindRapist on Thu Apr 24, 2008 5:13 pm
([msg=1224]see Re: Extbasic 7[/msg])

You need to fix the vulnerable piece so it is no longer vulnerable.
It will still be one line of code.
Or at least when I did it 2 days ago it was.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by nights_shadow on Thu Apr 24, 2008 10:51 pm
([msg=1252]see Re: Extbasic 7[/msg])

It seems I made my question get an answer that didn't exactly help.
I'm going to be more straightforward, someone can modify it if needed.

Do I need to modify the vulnerable function to make it work or do I need to use a better function, like I want to do?

Now, if I do use the better function, how specific do I want to make it. Is setting a charset going too far?
nights_shadow
New User
New User
 
Posts: 2
Joined: Wed Apr 23, 2008 4:04 pm
Blog: View Blog (0)


Next

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests