Extended Basic 7

Learn how to do code review

Re: Extended Basic 7

Post by netman on Thu Jul 03, 2008 8:53 am
([msg=6441]see Re: Extended Basic 7[/msg])

Sounds like preg... but not sure since i tested it with no successful results.

Edit: Ok i solved it. It is not preg. Just find the proper function which sanitizes only "some special characters" like < > and quotes, as our friend told us....
netman
New User
New User
 
Posts: 2
Joined: Tue Jul 01, 2008 2:56 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by laklaklak on Sun Jul 27, 2008 7:31 pm
([msg=8472]see Re: Extended Basic 7[/msg])

Maybe stupid question,but how can we sent to the form with get and grab with post?
laklaklak
New User
New User
 
Posts: 2
Joined: Sun Jul 27, 2008 7:25 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by super_ on Fri Aug 08, 2008 6:50 pm
([msg=9140]see Re: Extended Basic 7[/msg])

laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?

thats the bug ;)
super_
New User
New User
 
Posts: 7
Joined: Fri Aug 08, 2008 6:24 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by BhaaL on Sat Aug 09, 2008 6:14 am
([msg=9165]see Re: Extended Basic 7[/msg])

super_ wrote:
laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?

thats the bug ;)

one part of the bug.
BhaaL
Poster
Poster
 
Posts: 270
Joined: Sun Apr 13, 2008 11:16 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by Gazok on Mon Aug 25, 2008 12:01 pm
([msg=10447]see Re: Extended Basic 7[/msg])

Are the bug and the vuln on the same line?

If they are, and I'm right about which line it is, then the bug can be fixed in so many different ways. I tried to b___n___() it, and fix what I thought the vuln was, but to no avail.
Gazok
New User
New User
 
Posts: 13
Joined: Fri Aug 22, 2008 7:47 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by travmanx on Thu Jan 22, 2009 8:03 pm
([msg=16832]see Re: Extended Basic 7[/msg])

I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. :(

Oh yeah I already changed the "way it handles the form".
travmanx
New User
New User
 
Posts: 18
Joined: Tue Jan 20, 2009 10:53 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by mutants_r_us_guild on Thu Jan 22, 2009 8:14 pm
([msg=16833]see Re: Extended Basic 7[/msg])

travmanx wrote:I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. :(

Oh yeah I already changed the "way it handles the form".





close.. but its not html**t*t**s ... try something with a similar name but a tad different ;) Also.. no need to change the "way it handles the form". Just sanitize.
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by travmanx on Thu Jan 22, 2009 9:42 pm
([msg=16836]see Re: Extended Basic 7[/msg])

so its a "special" code :). But isn't that the bug part? (switch methods)? Sorry if thats a spoiler I have no clue lol
travmanx
New User
New User
 
Posts: 18
Joined: Tue Jan 20, 2009 10:53 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by Eth3real on Fri Jan 30, 2009 9:30 am
([msg=17096]see Re: Extended Basic 7[/msg])

I'm having a hard time figuring this one out.
From what I can tell, it has nothing to do with the method, and it involves XSS.
If that's true, I'm not sure what the bug is, just the vuln. They are on the same line, right?
I think I have the sanitization part right.
Thanks!
Eth3real
New User
New User
 
Posts: 3
Joined: Mon Jan 12, 2009 7:45 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by yuri20071 on Mon Feb 02, 2009 9:38 am
([msg=17264]see Re: Extended Basic 7[/msg])

side note: you should only submit 1 line of code
yuri20071
New User
New User
 
Posts: 1
Joined: Wed Apr 23, 2008 7:53 am
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests