Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12

    http://www.betachat.com/devshed.html


    Got a challenge for all of you if you're up to it! Website is..
    http://www.betachat.com/devshed.html

    Main thing is, see if you can log into the chatroom with no username, blank.. Next, see if you can log into the chatroom with the username "Rick".. Then just see if you can spot any security holes.. Written in python. Let me know what you come up with.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  2. #2
  3. Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Minneapolis, MN
    Posts
    14
    Rep Power
    0
    can't login with "rick"..name is reserved.

    can't login with "" ..."Invalid username."

    can't login with anything else..."name is already in use"

    don't know what else you would like to try.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    152
    Rep Power
    12
    only tried twice...

    in firebird 0.6.1 on pc the first time it did something then came back to the first page.

    the second time it said this:

    JavaScript Error reported...
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,648
    Rep Power
    4493
    The Fort Gordon Policy clearly states that access to this site is prohibited.

    For further information please read Fort Gordon Garrison Policy Letter #17.


    ---John Holmes...
    -- Cigars, whiskey and wild, wild women. --
  8. #5
  9. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by Milo
    can't login with "rick"..name is reserved.

    can't login with "" ..."Invalid username."

    can't login with anything else..."name is already in use"

    don't know what else you would like to try.
    I wanted to see if anyone could "crack" passed my reserved name.

    Empty form will give that error, wanted to see if anyone found any holes in it to be able to login without a username, for instance alt+0160..

    Name is already in use is strange..

    Thanks for lookin'
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  10. #6
  11. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by lisajill
    only tried twice...

    in firebird 0.6.1 on pc the first time it did something then came back to the first page.

    the second time it said this:

    JavaScript Error reported...
    When you press enter, or click submit, a new window will appear, you may want to try pressing "Ctrl" when hitting enter, or pressing submit.

    Thanks for tryin'.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  12. #7
  13. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by Sepodati
    The Fort Gordon Policy clearly states that access to this site is prohibited.

    For further information please read Fort Gordon Garrison Policy Letter #17.


    ---John Holmes...
    You must be from Fort Gordon Garrison? I don't see why it's prohibited..

    Thanks for tryin' anyway.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  14. #8
  15. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by Sepodati
    The Fort Gordon Policy clearly states that access to this site is prohibited.

    For further information please read Fort Gordon Garrison Policy Letter #17.


    ---John Holmes...
    Sep, what's this about being prohibited?
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  16. #9
  17. Second highest poster :p
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2001
    Posts
    7,322
    Rep Power
    33
    The requested URL /devshed.html was not found on this server.

    Please contact the server administrator, rick@betachat.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    Please go back and try again.
  18. #10
  19. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by a.koepke
    Oops, deleted it. It's back up now.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  20. #11
  21. Second highest poster :p
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2001
    Posts
    7,322
    Rep Power
    33
    All it ends up doing is redirecting me to Devshed.com

    What is this meant to do?
  22. #12
  23. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by a.koepke
    All it ends up doing is redirecting me to Devshed.com

    What is this meant to do?
    Ah, I see. You have to click Chat, then immediately after, punch and hold the control key. It's a new pop up window. That's where the chat will be.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  24. #13
  25. Second highest poster :p
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2001
    Posts
    7,322
    Rep Power
    33
    If someone has to do some crap like that to enter a chat room I think most people are not going to bother.

    Why don't you come back when you have programmed things properly.
  26. #14
  27. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    12
    Originally posted by a.koepke
    If someone has to do some crap like that to enter a chat room I think most people are not going to bother.

    Why don't you come back when you have programmed things properly.
    It is done properly. You have a popup stopper blocking the page from opening. The pop up is for a reason.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  28. #15
  29. Second highest poster :p
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2001
    Posts
    7,322
    Rep Power
    33
    Well I have mozilla with popup blocking enabled.

    Redirecting, displaying no message to the user and just expecting things to work is not doing things properly.

    If you need to make it a popup you should redirect to a page with a javascript link that would say "If you do not see a popup chat window please click here" and that would then run the javascript to popup the window. Due to this being a user-initiated popup the popup blockers shouldnt block it.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo