home
products
contribute
download
documentation
forum
Home
Forums
New posts
Search forums
What's new
New posts
All posts
Latest activity
Members
Registered members
Current visitors
Donate
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Search titles only
By:
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
MediaPortal 1
MediaPortal 1 Plugins
Popular Plugins
Moving Pictures
Moving Pictures Social [Double Secret Beta]
Contact us
RSS
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="FreakyJ" data-source="post: 684382" data-attributes="member: 106003"><p><strong>AW: Moving Pictures Social [Double Secret Beta]</strong></p><p></p><p>I think I found another bug in your site, but I'm not sure...</p><p>got to this site: <a href="http://social.moving-pictures.tv/ajax/usersearch" target="_blank">http://social.moving-pictures.tv/ajax/usersearch</a></p><p>you will get a mysqlError message concerning the LIMIT statement...</p><p></p><p>The error should be in this file: trunk/site/framework/application/models/usermodel.php : searchUsersByUsername() line 253</p><p></p><p>I tried to manipulate the header from the AjaxScript (containing the post vars), but you were clever enough to build in a nice tool which catches the modified header and throws an error (I never saw something like that before^^). I figured out that it works with cookies (and some binary data), but didn't take a deeper look on that. And I also didn't tried what happens if I would send a request directly to the site mentioned above.</p><p></p><p>Maybe you can check if the $page var is:</p><p>1. Integer</p><p>2. not below zero</p><p></p><p>Maybe you will say: Yeah it is just an mysql error, but such an error could be the entrance to the database. I'm not very good in sql injections so I can't tell you how high the risk of this error is, but as far as I can see it shouldn't be so high <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite2" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /> (the line "$offset = ($page - 1) * $pageSize;" would throw an error if it would be text and not int and that's the reason why I'm posting everything here.. if it would be a bigger issue I wouldn't do that on this way)</p></blockquote><p></p>
[QUOTE="FreakyJ, post: 684382, member: 106003"] [b]AW: Moving Pictures Social [Double Secret Beta][/b] I think I found another bug in your site, but I'm not sure... got to this site: [url]http://social.moving-pictures.tv/ajax/usersearch[/url] you will get a mysqlError message concerning the LIMIT statement... The error should be in this file: trunk/site/framework/application/models/usermodel.php : searchUsersByUsername() line 253 I tried to manipulate the header from the AjaxScript (containing the post vars), but you were clever enough to build in a nice tool which catches the modified header and throws an error (I never saw something like that before^^). I figured out that it works with cookies (and some binary data), but didn't take a deeper look on that. And I also didn't tried what happens if I would send a request directly to the site mentioned above. Maybe you can check if the $page var is: 1. Integer 2. not below zero Maybe you will say: Yeah it is just an mysql error, but such an error could be the entrance to the database. I'm not very good in sql injections so I can't tell you how high the risk of this error is, but as far as I can see it shouldn't be so high ;) (the line "$offset = ($page - 1) * $pageSize;" would throw an error if it would be text and not int and that's the reason why I'm posting everything here.. if it would be a bigger issue I wouldn't do that on this way) [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
MediaPortal 1
MediaPortal 1 Plugins
Popular Plugins
Moving Pictures
Moving Pictures Social [Double Secret Beta]
Contact us
RSS
Top
Bottom