Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Yuna Scatari Edition (YSE)
Closed Thread
  #11  
Old 30th July 2009, 12:38
BoLaMN BoLaMN is offline
Senior Member
 
Join Date: Jan 2008
Australia
Posts: 93
Default Dont Mind Him!
dont mind kp380lv he will release his Nehalem and everyone will complain about bugs in that lol..

Hey AlaminT are u still working on pre7 or is it dead code to you?
would love to see if i can help at any stage.

Regards BoLaMN
  #12  
Old 30th July 2009, 19:58
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Default lol
BoLaMN

You don't know NOTHING about Nehalem...so keep your mouth...*****.

Bigjoos no offence but you ask questions like kid..in my opinion safer is better and thats all..

In simpaty.php is XSS..

PHP Code:
$type $_GET['type']; 
better..

PHP Code:
$type htmlentities($_GET['type']); 
users.php
PHP Code:
$search trim($_GET['search']); 
better should be..

PHP Code:
$search htmlentities(trim($_GET['search'])); 
XSS possibility having moderator rights...so it's NOT safe source CODE!


UPDATE:

message.php

PHP Code:
$from_is unesc($_POST['pmees']); 
should change to:

PHP Code:
$from_is mysql_real_escape_string(unesc($_POST['pmees'])); 
This also in message.php

PHP Code:
$n_pms $_POST['n_pms'];
$comment $_POST['comment']; 
Change to:

PHP Code:

$n_pms 
= (int) $_POST['n_pms'];
$comment = (string) $_POST['comment']; 
XSS + SQL injection...
  #13  
Old 30th July 2009, 20:52
AlaminT's Avatar
AlaminT AlaminT is offline
Senior Member
 
Join Date: Jul 2008
Ukraine
Posts: 39
Default
agree - 0 + ... vs (int) = nothing cos those path expousure - is shitty just talk, NOTHING serious

USERS.PHP

print("Поиск: <input type=\"text\" size=\"30\" name=\"search\" value=\"".htmlspecialchars($search)."\">\n");

YOU ARE BLIND

simpaty.php, message.php

yes, agree
__________________
Yes, I am Yuna.

Don't ask questions, go straight for my forum!

Last edited by AlaminT; 30th July 2009 at 21:15.
  #14  
Old 30th July 2009, 20:54
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Default
AlaminT

Lol then print vs echo also "has no difference":D
  #15  
Old 30th July 2009, 21:18
AlaminT's Avatar
AlaminT AlaminT is offline
Senior Member
 
Join Date: Jul 2008
Ukraine
Posts: 39
Default
practicaly - no difference, except print is a function and returns TRUE, and echo params like <?php echo $var1, $var2, $var3; ?> works faster than <?php echo $var1 . $var2 . $var3; ?>
__________________
Yes, I am Yuna.

Don't ask questions, go straight for my forum!
  #16  
Old 30th July 2009, 21:53
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Default
AlaminT - So please include theese updates into next version..
  #17  
Old 30th July 2009, 22:12
AlaminT's Avatar
AlaminT AlaminT is offline
Senior Member
 
Join Date: Jul 2008
Ukraine
Posts: 39
Default
if i will not forget...
__________________
Yes, I am Yuna.

Don't ask questions, go straight for my forum!
  #18  
Old 10th August 2009, 10:21
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Exclamation
Also don't forget this fix in testport.php in next YSE version - There is a XSS

PHP Code:
$port $_POST["port"];
   else
      
$port $_GET['port']; 
replace with this..

PHP Code:
$port = (int)$_POST["port"];
   else
      
$port = (int)$_GET['port']; 
  #19  
Old 11th September 2009, 17:25
Moh.ElBaz's Avatar
Moh.ElBaz Moh.ElBaz is offline
Senior Member
 
Join Date: Jul 2008
Egypt
Posts: 145
Default
That's great kp380lv

I think we can be away from disputes and to take it as a discussion to know holes and bugs and fix it.
Closed Thread

Tags
pre6 , v20 , yse , yuna scatari pre6

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
YSE PRE6 - Modded by kp380lv kp380lv Yuna Scatari Edition (YSE) 75 6th September 2014 19:33
YSE v2.1.5 PRE6 kp380lv Yuna Scatari Edition (YSE) 2 1st November 2009 06:46
YSE v2.1.3 PRE6 Ashur Yuna Scatari Edition (YSE) 7 8th October 2009 22:41
YSE v2.0 PRE6 Fynnon Yuna Scatari Edition (YSE) 19 20th July 2009 17:24
Need YSE PRE6 cache mod kp380lv Yuna Scatari Edition (YSE) 1 25th December 2008 20:38



All times are GMT +2. The time now is 16:40. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.