Sounds like preg... but not sure since i tested it with no successful results.
Edit: Ok i solved it. It is not preg. Just find the proper function which sanitizes only "some special characters" like < > and quotes, as our friend told us....
Extended Basic 7
Re: Extended Basic 7
by netman on Thu Jul 03, 2008 8:53 am
([msg=6441]see Re: Extended Basic 7[/msg])
- netman
- New User
- Posts: 2
- Joined: Tue Jul 01, 2008 2:56 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by laklaklak on Sun Jul 27, 2008 7:31 pm
([msg=8472]see Re: Extended Basic 7[/msg])
Maybe stupid question,but how can we sent to the form with get and grab with post?
- laklaklak
- New User
- Posts: 2
- Joined: Sun Jul 27, 2008 7:25 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by super_ on Fri Aug 08, 2008 6:50 pm
([msg=9140]see Re: Extended Basic 7[/msg])
laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?
thats the bug
- super_
- New User
- Posts: 7
- Joined: Fri Aug 08, 2008 6:24 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by BhaaL on Sat Aug 09, 2008 6:14 am
([msg=9165]see Re: Extended Basic 7[/msg])
super_ wrote:laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?
thats the bug
one part of the bug.
- BhaaL
- Poster
- Posts: 270
- Joined: Sun Apr 13, 2008 11:16 am
- Blog: View Blog (0)
Re: Extended Basic 7
by Gazok on Mon Aug 25, 2008 12:01 pm
([msg=10447]see Re: Extended Basic 7[/msg])
Are the bug and the vuln on the same line?
If they are, and I'm right about which line it is, then the bug can be fixed in so many different ways. I tried to b___n___() it, and fix what I thought the vuln was, but to no avail.
If they are, and I'm right about which line it is, then the bug can be fixed in so many different ways. I tried to b___n___() it, and fix what I thought the vuln was, but to no avail.
- Gazok
- New User
- Posts: 13
- Joined: Fri Aug 22, 2008 7:47 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by travmanx on Thu Jan 22, 2009 8:03 pm
([msg=16832]see Re: Extended Basic 7[/msg])
I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. 
Oh yeah I already changed the "way it handles the form".
Oh yeah I already changed the "way it handles the form".
- travmanx
- New User
- Posts: 18
- Joined: Tue Jan 20, 2009 10:53 am
- Blog: View Blog (0)
Re: Extended Basic 7
by mutants_r_us_guild on Thu Jan 22, 2009 8:14 pm
([msg=16833]see Re: Extended Basic 7[/msg])
travmanx wrote:I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections.
Oh yeah I already changed the "way it handles the form".
close.. but its not html**t*t**s ... try something with a similar name but a tad different
Also.. no need to change the "way it handles the form". Just sanitize.
-
mutants_r_us_guild - Poster
- Posts: 246
- Joined: Fri May 30, 2008 7:56 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by travmanx on Thu Jan 22, 2009 9:42 pm
([msg=16836]see Re: Extended Basic 7[/msg])
so its a "special" code 
. But isn't that the bug part? (switch methods)? Sorry if thats a spoiler I have no clue lol
. But isn't that the bug part? (switch methods)? Sorry if thats a spoiler I have no clue lol- travmanx
- New User
- Posts: 18
- Joined: Tue Jan 20, 2009 10:53 am
- Blog: View Blog (0)
Re: Extended Basic 7
by Eth3real on Fri Jan 30, 2009 9:30 am
([msg=17096]see Re: Extended Basic 7[/msg])
I'm having a hard time figuring this one out.
From what I can tell, it has nothing to do with the method, and it involves XSS.
If that's true, I'm not sure what the bug is, just the vuln. They are on the same line, right?
I think I have the sanitization part right.
Thanks!
From what I can tell, it has nothing to do with the method, and it involves XSS.
If that's true, I'm not sure what the bug is, just the vuln. They are on the same line, right?
I think I have the sanitization part right.
Thanks!
- Eth3real
- New User
- Posts: 3
- Joined: Mon Jan 12, 2009 7:45 pm
- Blog: View Blog (0)
Re: Extended Basic 7
by yuri20071 on Mon Feb 02, 2009 9:38 am
([msg=17264]see Re: Extended Basic 7[/msg])
side note: you should only submit 1 line of code
- yuri20071
- New User
- Posts: 1
- Joined: Wed Apr 23, 2008 7:53 am
- Blog: View Blog (0)
Who is online
Users browsing this forum: No registered users and 0 guests