View news
LoD is looking for testers |
|---|
|
Posted by ilias - Friday March 21 @ 23:10  BasTijs, the previous owner of net-force is currently developing a strategy browser-game called Land of Destiny.The portal/community site just launched one week ago and the game is still in alpha phase but BasTijs is looking for active members who like to think out the game mechanics. BasTijs is also looking for people who would like to take a look at possible security exploits in the game or ways to cheat so it can be fixed before the game goes live. Take a look at the new community site at: http://www.landofdestiny.com For the people interested please state in your alpha motivation (after registering) that you're from NF, it's easier to select that way, once the server goes live. |
» Comments
You have to be freaking kidding me,
pathetic.
http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='1
http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='2
en er zijn nog bugs, trust me.
Yep there are still plenty of bugs, why you think its called an alpha?
Thanks for finding these bugs btw, I didnt notice it because my localhost was running magic_quotes_gpc.
So what is nowadays the best method to escape this? I could filter each input for example $id = int($id); or turn magic_quotes_gpc on. But I think magic_quotes_gpc is only applied to post and get data?
with magic_quotes_gpc [on] you will get other bugs
why not using magic quotes
http://uk.php.net/manual/en/security.magicquotes.whynot.php
So its mainly a performance issue? Or are there tricks to bypass magic_quotes_gpc?
there is a a difference between alfa, and sql injections in freaking get parameters.
The fact that you just magically relied on magic quotes, .. makes me fear the rest of the code base. Basically noticing the weakness vs knowing the inpact of your actions.
There have been final releases of rather big and popular php apps that suffered from that stuff.
I'm not saying that such a stupid mistake can be condoned, but.. meh, it's not the first time, nor the last time it will happen to someone, and at least BasTijs makes sure people are testing his apps before he lets them go live.
And no, don't think you were the first one to tell him that he should use stuff like intval and mysql_real_escape_string before querying it..
Although I have to admit that you're right in blaming him for relying on magic quotes.
dude if you don't have anything to say stfu
Ah well, at least there is some action on NF again :)
Soon when the alpha server launches I could use some people who know alot about exploits in ajax code, because im using alot of ajax that is not tested properly yet.
I could use a lot of money.
For the people interested please state in your alpha motivation (after registering) that your from NF, is easier selecting once the server goes live.
Added that to the post ^
Quote:I tought we were meant to find exploits?Smile, your on candid camera! (this has been logged.)
I found a variant on that:
Quote:hi you just got logged - smile :)
hehe dont worry, im just putting it for kiddies who use google to find things like index.php?page= ;)
Heh, if those 2 messages are really on there: "your on candid camera" should read "you're".. ;)
i like to add meself in finding cheats/making trainers for it :)
That wasn't really the point of it, but I suppose nobody can stop you from trying to make a trainer for it, or from trying to find cheats. However, I don't really think BasTijs is planning on coding cheats in the game. Usually, they don't make the game more fun, really ;)
There is a new ajax/php/mysql chat online which has to be tested, also with a netforce channel (/join netforce)
We are currently testing an improved version of the main site, so post on our forums if you are interested. The site is running on a new framework coded by Peck, he's also in charge of the test.
designs which you don't have difficulty obtaining a set of two items too as prom attire and ball gowns and formal brief The ladies generally decide on each the colour black gown but that doesn't suggest you don't choose a distinct colour to distinguish it from several ladies in the occasion christian louboutin pumps You'll find other approaches which you possess a standard gown into some thing that's definitely ready to find the money for It is possible to do a whole lot of particulars to create your gown stick out dillian pump like incorporating a blade having a smaller print or additional lengthy scarf inside a contrasting colour that may be pulled more than each shoulders inside a miniature practice black pumps with red heels Also don't neglect your dancing footwear make as much as look at the hair and jewellery red bottom heels Positive <img src="http://www.varyshoes.com/images/uploads/sandals/CSHOE006.jpg" ] you are able to use the proper equipment to flip your night gown into some thing much more
mesh Picture to follow And here the picture Thanks for holding the "magic number" Chascomm! thanks I am still fieldtesting the Lyndon with the Liaoning auto presumed 21800 bph movement (my rubber ball wouldn't open mine up replica watch so I don't know and I can't even take a photoof the insides) Ah but the outsides I'm putting on my A581 today! It would be an embarrassment to divulge what I'm currently carrying for my rough work around the house watch!! It's a best watch brands er replica Breitling cheap fake rolex well its a Zeiger Today I am putting on a small (well for nowadays it's only 40mm) Parnis watch I like though somewhat modeled after PP breguet watch good watch it's original looks and textured dial Interesting about the sunmoon complication I don't have any others to compare so I never really noticed how well thought out it was my Shanghai Tie Dye alpha watches Sergio watches My Liaoning powered Canadian watch
» Add a comment
Login if you want to comment on this item.