Page 2 of 9

Re: Extended Basic 7

PostPosted: Thu Jul 03, 2008 8:53 am
by netman
Sounds like preg... but not sure since i tested it with no successful results.

Edit: Ok i solved it. It is not preg. Just find the proper function which sanitizes only "some special characters" like < > and quotes, as our friend told us....

Re: Extended Basic 7

PostPosted: Sun Jul 27, 2008 7:31 pm
by laklaklak
Maybe stupid question,but how can we sent to the form with get and grab with post?

Re: Extended Basic 7

PostPosted: Fri Aug 08, 2008 6:50 pm
by super_
laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?

thats the bug ;)

Re: Extended Basic 7

PostPosted: Sat Aug 09, 2008 6:14 am
by BhaaL
super_ wrote:
laklaklak wrote:Maybe stupid question,but how can we sent to the form with get and grab with post?

thats the bug ;)

one part of the bug.

Re: Extended Basic 7

PostPosted: Mon Aug 25, 2008 12:01 pm
by Gazok
Are the bug and the vuln on the same line?

If they are, and I'm right about which line it is, then the bug can be fixed in so many different ways. I tried to b___n___() it, and fix what I thought the vuln was, but to no avail.

Re: Extended Basic 7

PostPosted: Thu Jan 22, 2009 8:03 pm
by travmanx
I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. :(

Oh yeah I already changed the "way it handles the form".

Re: Extended Basic 7

PostPosted: Thu Jan 22, 2009 8:14 pm
by mutants_r_us_guild
travmanx wrote:I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. :(

Oh yeah I already changed the "way it handles the form".





close.. but its not html**t*t**s ... try something with a similar name but a tad different ;) Also.. no need to change the "way it handles the form". Just sanitize.

Re: Extended Basic 7

PostPosted: Thu Jan 22, 2009 9:42 pm
by travmanx
so its a "special" code :). But isn't that the bug part? (switch methods)? Sorry if thats a spoiler I have no clue lol

Re: Extended Basic 7

PostPosted: Fri Jan 30, 2009 9:30 am
by Eth3real
I'm having a hard time figuring this one out.
From what I can tell, it has nothing to do with the method, and it involves XSS.
If that's true, I'm not sure what the bug is, just the vuln. They are on the same line, right?
I think I have the sanitization part right.
Thanks!

Re: Extended Basic 7

PostPosted: Mon Feb 02, 2009 9:38 am
by yuri20071
side note: you should only submit 1 line of code