View news
LoD is looking for testers |
|---|
|
Posted by ilias - Friday March 21 @ 23:10  BasTijs, the previous owner of net-force is currently developing a strategy browser-game called Land of Destiny.The portal/community site just launched one week ago and the game is still in alpha phase but BasTijs is looking for active members who like to think out the game mechanics. BasTijs is also looking for people who would like to take a look at possible security exploits in the game or ways to cheat so it can be fixed before the game goes live. Take a look at the new community site at: http://www.landofdestiny.com For the people interested please state in your alpha motivation (after registering) that you're from NF, it's easier to select that way, once the server goes live. |
» Comments
You have to be freaking kidding me,
pathetic.
http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='1
http://www.landofdestiny.com/index.php?page=forum.php&show=3'%20and%20'1'='2
en er zijn nog bugs, trust me.
Yep there are still plenty of bugs, why you think its called an alpha?
Thanks for finding these bugs btw, I didnt notice it because my localhost was running magic_quotes_gpc.
So what is nowadays the best method to escape this? I could filter each input for example $id = int($id); or turn magic_quotes_gpc on. But I think magic_quotes_gpc is only applied to post and get data?
with magic_quotes_gpc [on] you will get other bugs
why not using magic quotes
http://uk.php.net/manual/en/security.magicquotes.whynot.php
So its mainly a performance issue? Or are there tricks to bypass magic_quotes_gpc?
there is a a difference between alfa, and sql injections in freaking get parameters.
The fact that you just magically relied on magic quotes, .. makes me fear the rest of the code base. Basically noticing the weakness vs knowing the inpact of your actions.
There have been final releases of rather big and popular php apps that suffered from that stuff.
I'm not saying that such a stupid mistake can be condoned, but.. meh, it's not the first time, nor the last time it will happen to someone, and at least BasTijs makes sure people are testing his apps before he lets them go live.
And no, don't think you were the first one to tell him that he should use stuff like intval and mysql_real_escape_string before querying it..
Although I have to admit that you're right in blaming him for relying on magic quotes.
dude if you don't have anything to say stfu
Ah well, at least there is some action on NF again :)
Soon when the alpha server launches I could use some people who know alot about exploits in ajax code, because im using alot of ajax that is not tested properly yet.
I could use a lot of money.
For the people interested please state in your alpha motivation (after registering) that your from NF, is easier selecting once the server goes live.
Added that to the post ^
Quote:I tought we were meant to find exploits?Smile, your on candid camera! (this has been logged.)
I found a variant on that:
Quote:hi you just got logged - smile :)
hehe dont worry, im just putting it for kiddies who use google to find things like index.php?page= ;)
Heh, if those 2 messages are really on there: "your on candid camera" should read "you're".. ;)
i like to add meself in finding cheats/making trainers for it :)
That wasn't really the point of it, but I suppose nobody can stop you from trying to make a trainer for it, or from trying to find cheats. However, I don't really think BasTijs is planning on coding cheats in the game. Usually, they don't make the game more fun, really ;)
There is a new ajax/php/mysql chat online which has to be tested, also with a netforce channel (/join netforce)
We are currently testing an improved version of the main site, so post on our forums if you are interested. The site is running on a new framework coded by Peck, he's also in charge of the test.
» Add a comment
Login if you want to comment on this item.