Skip Navigation

Login





Join! | Login troubles?

Online members

Guests:5
Members:0

Poll

What's your favorite scripting language for solving challenges?


python (12.6%)

perl (6.8%)

bash (2.9%)

ruby (1.9%)

php (35.0%)

javascript (10.7%)

I'm not convinced scripting saves time, I use a "proper" language for everything I do. (21.4%)

Scripting? Excel for the winners, man! (8.7%)


Total votes: 103
Date added: 2008-06-14

View news

LoD is looking for testers
Posted by ilias - Friday March 21 @ 23:10
Cat: ComputerBasTijs, the previous owner of net-force is currently developing a strategy browser-game called Land of Destiny.

The portal/community site just launched one week ago and the game is still in alpha phase but BasTijs is looking for active members who like to think out the game mechanics. BasTijs is also looking for people who would like to take a look at possible security exploits in the game or ways to cheat so it can be fixed before the game goes live.

Take a look at the new community site at: http://www.landofdestiny.com

For the people interested please state in your alpha motivation (after registering) that you're from NF, it's easier to select that way, once the server goes live.

» Comments


rhican on 22 March 2008 04:37

You have to be freaking kidding me,

pathetic.

http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='1
http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='2

en er zijn nog bugs, trust me.

BasTijs on 22 March 2008 10:02

Yep there are still plenty of bugs, why you think its called an alpha?

BasTijs on 22 March 2008 10:36

Thanks for finding these bugs btw, I didnt notice it because my localhost was running magic_quotes_gpc.

So what is nowadays the best method to escape this? I could filter each input for example $id = int($id); or turn magic_quotes_gpc on. But I think magic_quotes_gpc is only applied to post and get data?

neo-1 on 22 March 2008 12:00

with magic_quotes_gpc [on] you will get other bugs

why not using magic quotes
http://uk.php.net/manual/en/security.magicquotes.whynot.php

BasTijs on 22 March 2008 13:04

So its mainly a performance issue? Or are there tricks to bypass magic_quotes_gpc?

ilias on 22 March 2008 15:11

Apparently, yes, there are

rhican on 22 March 2008 15:33

there is a a difference between alfa, and sql injections in freaking get parameters.

The fact that you just magically relied on magic quotes, .. makes me fear the rest of the code base. Basically noticing the weakness vs knowing the inpact of your actions.

ilias on 22 March 2008 15:41

There have been final releases of rather big and popular php apps that suffered from that stuff.

I'm not saying that such a stupid mistake can be condoned, but.. meh, it's not the first time, nor the last time it will happen to someone, and at least BasTijs makes sure people are testing his apps before he lets them go live.

And no, don't think you were the first one to tell him that he should use stuff like intval and mysql_real_escape_string before querying it..

Although I have to admit that you're right in blaming him for relying on magic quotes.

rhican on 22 March 2008 15:49

dude if you don't have anything to say stfu

BasTijs on 22 March 2008 15:54

Ah well, at least there is some action on NF again :)

Soon when the alpha server launches I could use some people who know alot about exploits in ajax code, because im using alot of ajax that is not tested properly yet.

rhican on 22 March 2008 16:18

I could use a lot of money.

BasTijs on 22 March 2008 16:26

For the people interested please state in your alpha motivation (after registering) that your from NF, is easier selecting once the server goes live.

ilias on 22 March 2008 16:29

Added that to the post ^

kraiser on 26 March 2008 16:32

Quote:
Smile, your on candid camera! (this has been logged.)
I tought we were meant to find exploits?

kraiser on 26 March 2008 16:34

I found a variant on that:

Quote:
hi you just got logged - smile :)

BasTijs on 26 March 2008 18:22

hehe dont worry, im just putting it for kiddies who use google to find things like index.php?page= ;)

ilias on 26 March 2008 23:53

Heh, if those 2 messages are really on there: "your on candid camera" should read "you're".. ;)

ratattack on 27 March 2008 08:50

i like to add meself in finding cheats/making trainers for it :)

ilias on 27 March 2008 13:40

That wasn't really the point of it, but I suppose nobody can stop you from trying to make a trainer for it, or from trying to find cheats. However, I don't really think BasTijs is planning on coding cheats in the game. Usually, they don't make the game more fun, really ;)

BasTijs on 29 March 2008 09:33

There is a new ajax/php/mysql chat online which has to be tested, also with a netforce channel (/join netforce)

BasTijs on 4 April 2008 22:55

We are currently testing an improved version of the main site, so post on our forums if you are interested. The site is running on a new framework coded by Peck, he's also in charge of the test.


» Add a comment

Login if you want to comment on this item.