Page 1 of 2

Extbasic 7

PostPosted: Wed Apr 23, 2008 10:10 am
by Nyteblade
Ok... I've noticed that the code on extbasic 7 changed again. Is this the final revision of that mission? I'm trying to complete it but if it keeps changing it's going to make it more difficult to figure it out :D LoL

Re: Extbasic 7

PostPosted: Wed Apr 23, 2008 2:59 pm
by -Pein-God-
Yea...I'm stuck on this ExtB.7 too ....i know what is the wrong LINE but i don't know what too change

Re: Extbasic 7

PostPosted: Wed Apr 23, 2008 3:46 pm
by sharpskater69
There must be at least a few other ways to patch it besides the function I'm trying, so try other ways I guess.

Re: Extbasic 7

PostPosted: Wed Apr 23, 2008 7:19 pm
by max_1250
There's an error in your script...

<?php
if (!empty($_POST['data']))
{
$data = mysql_real_escape_string($_POST['data']);
mysql_query("INSERT INTO tbl_data (data) VALUES '$data'");
}

?>
<form name="grezvahfvfnjuvavatovgpu" action="<?=$_SERVER['PHP_SELF']?>" method="get">
<input type="textbox" name="data" />
<input type="submit" />
</form>



you wrote $_POST at 2 places but in the form it's "get" method... $_GET[ ...

Re: Extbasic 7

PostPosted: Wed Apr 23, 2008 7:27 pm
by max_1250
By the way, I guess this 'mission' is broken... I know the right answer(s), nothing works... can any admin or moderator PM me so I can show you my answer?Thanksss

Re: Extbasic 7

PostPosted: Thu Apr 24, 2008 4:07 am
by I-MrKnox-I
lol, I see multiple flaws in this script, guys...

Re: Extbasic 7

PostPosted: Thu Apr 24, 2008 7:57 am
by Nyteblade
At one time they had $_GET['data'] in their script. 1st is was $_POST['data'].. then $_GET['data'].. now it's $_POST['data'] again.

Has anyone gotten this recently? I know there's a bunch out there that have completed it but I'm asking about anyone who's completed it within the ... oh say... last month?

EDIT: Well, they changed it again. Now it shows a POST method.

Re: Extbasic 7

PostPosted: Thu Apr 24, 2008 11:25 am
by nights_shadow
Alright, do I want to take out the vulnerable piece or somehow make it work while using that same vulnerable piece?

Also, if I do have to take out that vulnerable piece, how exact do I want to make it? Like is specifying a charset to be submitted going too far?

Re: Extbasic 7

PostPosted: Thu Apr 24, 2008 5:13 pm
by TheMindRapist
You need to fix the vulnerable piece so it is no longer vulnerable.
It will still be one line of code.
Or at least when I did it 2 days ago it was.

Re: Extbasic 7

PostPosted: Thu Apr 24, 2008 10:51 pm
by nights_shadow
It seems I made my question get an answer that didn't exactly help.
I'm going to be more straightforward, someone can modify it if needed.

Do I need to modify the vulnerable function to make it work or do I need to use a better function, like I want to do?

Now, if I do use the better function, how specific do I want to make it. Is setting a charset going too far?