| LOST-Chall http://lost-chall.wechall.net/forum/ |
|
| Bug? status:fixed http://lost-chall.wechall.net/forum/viewtopic.php?f=14&t=128 |
Page 1 of 1 |
| Author: | criple_ripper [ Sat May 31, 2008 3:31 pm ] |
| Post subject: | Bug? status:fixed |
hi i'm not sure if i should post this here i'm not even sure it's a bug but it's kind weird...so in any of the challenges if you remove the .php ending from the address bar you still get the chall.but if you remove the .php and add a slash you get a black box where the chall should be...and if you enter a value in the input box and submit it you get a "directory" with the name of the chall which i don't think that exists...so is this supposed to happen? |
|
| Author: | sabretooth [ Sat May 31, 2008 4:51 pm ] |
| Post subject: | |
Thank you for bringing this to our attention. We have removed your original post until we are sure that this info cannot be used to exploit the site. We will be looking into this as soon as possible. Thank you again sabretooth EDIT - we have fixed this problem for challenge 1 'the-crash' but it is a very awkward fix. We will try and sort this out an easier way but if not the current fix will have to do. Thanks 
|
|
| Author: | criple_ripper [ Sun Jun 01, 2008 2:07 am ] |
| Post subject: | |
yes i wasn't sure if this was exploitable too...but in case it was and i was curious enough to find it i thought i should report it...also i have the belif that besides completing challenges this communities help us being curious,search and question everything...so doing all these, if anybody find something wrong why not report it? if we "attack" the same people that help us learn something more than what we already know it's bad for them and ourselves too... but that's my opinion and who cares about what i think? that's all...sorry but i had to say this because it was in me so long watching people destroying "exploitable" communities like this one just for fun... keep up the good work... criple_ripper |
|
| Author: | Bregi [ Sun Jun 01, 2008 7:56 am ] |
| Post subject: | |
Thanks a lot criple_ripper, exactly my opinion =) Bregi |
|
| Author: | sabretooth [ Mon Jun 02, 2008 11:07 am ] |
| Post subject: | |
Ok I have analysed this and I believe this cannot be exploited. all it does is call the challengepage.php without the images purely because if in another directory the path /pics/image.jpg obviously doesnt exist. I am aware that no-one except criple-ripper and Bregi know what I'm talking about at the moment but the original post may be reinstated soon. fixes to come shortly
thanks again sabre |
|
| Author: | krueger [ Mon Jun 02, 2008 9:24 pm ] |
| Post subject: | |
There are some people who read the first post before you deleted it, you know
|
|
| Author: | sabretooth [ Mon Jun 02, 2008 9:34 pm ] |
| Post subject: | |
I am aware of that, but I am talking on the grand scale of things. At an estimate 95% of users will not have seen the original message
sabre |
|
| Author: | Bregi [ Wed Jun 04, 2008 4:02 pm ] |
| Post subject: | |
Fixed now all in season 1, but it's not a work who makes fun so I wait some time (hours) until I do the next season 
|
|
| Author: | sabretooth [ Mon Jul 28, 2008 2:54 pm ] |
| Post subject: | |
ok fixed it. Well...made it inaccessible at least
Maybe another option will appear to us in future, but for now this works. criple_ripper, I reinstated your original post
regards sabretooth |
|
| Author: | sabretooth [ Wed Jul 21, 2010 12:37 pm ] |
| Post subject: | |
Bregi - I have now coded a script to deal with this issue without having to create folders and have applied it to my site revolution elite. If you wish you can have the script for lost-chall Regards, Ian |
|
| Page 1 of 1 | All times are UTC |
|
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/ |
|