Site
News About Search FAQ Rules Contact Us
Community
Message Board Worklogs Chat Room (6) Competitions Members
Content
Games
Full Games WIP Games Demo Games
Links Submit Stuff
Controls
Register Login

Message Board

Search

Message Board > Site bugs/ideas > Bugs!

January 15, 2008, 15:56
OScoder
None
1338 posts
Glad to see that those aren't too bad problems then!

Btw, you didn't comment on the sql injection point I found! Not sure you can do anything with it though...

edit:
I *think* I managed to upload a php file through the content submission (I'm getting an internal server error now, instead of a 404). Check this:
http://www.booleansoup.com/dow … es/bad_juju.php

[Edited on January 15, 2008 by OScoder]
____________
om
#
January 15, 2008, 17:21
Fiona
games are terrible
-9616558 posts

Sorry, which SQL injection point? How exactly did you upload a file with a .php extension? (Frim - I thought the gallery checked extensions and only accepted a certain few?)

[edit]

Oh I see, that's interesting. Apache seems to be catching it though and just panicking. That's not very good though, have to keep that in mind for the future, thanks OSCoder.

[Edited on January 15, 2008 by Fiona]
____________
laffo
#
January 15, 2008, 18:31
OScoder
None
1338 posts
Quote:
Sorry, which SQL injection point? How exactly did you upload a file with a .php extension? (Frim - I thought the gallery checked extensions and only accepted a certain few?)

The trick was to modify the http request sent by my browser with a null character: it sent '... filename="bad_juju.php"' and I changed this to '... filename="bad_juju.php/x00.zip'. Its a shame I couldn't change the directory it was uploaded to! My apologies to whoever validates game submissions btw - I'm afraid I uploaded quite a few tests in order to discover this!

The injection point was here:
http://www.booleansoup.com/ind … mp;pl=0&dt=
____________
om
#
January 15, 2008, 19:45
Fiona
games are terrible
-9616558 posts

Oh. Not my code. The site is more than likely littered with them though.
Amateur code all the way through I'm afraid.
____________
laffo
#
January 15, 2008, 20:23
Htbaa
Perl
368 posts

You aren't very supportive towards Frimkron now are you?
____________
blog.htbaa.com
#
January 15, 2008, 20:26
Frimkron
Frustrated Megalomaniac
703 posts

Ho ho ho.

Yes its my code. Good find, OS Coder.
____________
#

Page 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15


Message Board > Site bugs/ideas > Bugs!

Quick reply


You must log in or register to post.
Copyright © 2005 Booleansoup.com
Questions? Comments? Bug reports? Contact us!