amineurin, and what is on "User" tab?
Is it workin or not?
Is it workin or not?
PWI - Catshop Sniper
05/07/2012 08:17
altivex#31
05/07/2012 14:18
amineurin#32
user tab is a test function for me i use on my local xampp server only.Quote:
amineurin, and what is on "User" tab?
Is it workin or not?
i can log in, define a amount of items and set a max. price i want to pay.
if any of this matches found, i get a mail notification.
a coming feature im testing, maybe next weekend i finish it for public use.
05/11/2012 19:02
amineurin#33
Latest Update:
Move Mouse over a Itemname in Buy/Sell list or the Search results, to show Item Description like Sockets, Refining and more...
Looks like this:
[Only registered and activated users can see links. Click Here To Register...]
Enjoy :)
Move Mouse over a Itemname in Buy/Sell list or the Search results, to show Item Description like Sockets, Refining and more...
Looks like this:
[Only registered and activated users can see links. Click Here To Register...]
Enjoy :)
05/11/2012 19:26
Interest07#34
That looks much better :)
Good work, had to laugh at the red stat requisites lol
Good work, had to laugh at the red stat requisites lol
05/11/2012 23:46
xsh#35
@amineurin:
You should fix the $_GET[] / $_POST[] stuff on your site. It could be exploited (SQL injection wise).
Use this instead:
You should fix the $_GET[] / $_POST[] stuff on your site. It could be exploited (SQL injection wise).
Use this instead:
Code:
[Sanitizes For] | [Type] | [Engine] | [Example] ------------------------------------------------------- XSS, SQL Injection | String | Any | $var = htmlentities($_GET['var'],ENT_QUOTES); SQL Injection | String | MySQL | $var = mysql_real_escape_string($_GET['var']); SQL Injection | String | PostgreSQL | $var = pg_escape_string($_GET['var']); XSS, SQL Injection | Integer | Any | $var = (int)$_GET['var'];
05/12/2012 05:49
amineurin#36
@Interest07:
thanks, i maybe swap the red color to a white one ;)
also i will insert the itenname from description to the list, for easy finding.
@xsh:
thanks a lot for the hints, i dont think of any security while doing this fun project.
had this first on my local server only and start thinking of giving the community something back, so i publish it.
so i start fixing it today, leaving another function update for the future :o
thanks, i maybe swap the red color to a white one ;)
also i will insert the itenname from description to the list, for easy finding.
@xsh:
thanks a lot for the hints, i dont think of any security while doing this fun project.
had this first on my local server only and start thinking of giving the community something back, so i publish it.
so i start fixing it today, leaving another function update for the future :o
05/12/2012 09:38
Interest07#37
Use prepared statements and parameterized queries for your sql to be safe from injection.
edit: some example explanations [Only registered and activated users can see links. Click Here To Register...]
edit: some example explanations [Only registered and activated users can see links. Click Here To Register...]
05/12/2012 23:21
amineurin#38
thanks for the tipps :)
should be more safe now, as acunetix web vulnerability scanner told me:
[Only registered and activated users can see links. Click Here To Register...]
the 4 alerts are from the hoster :o
should be more safe now, as acunetix web vulnerability scanner told me:
[Only registered and activated users can see links. Click Here To Register...]
the 4 alerts are from the hoster :o
05/13/2012 02:37
Sᴡoosh#39
That scanner can't check your php backend though. That's what interest was refering to.
05/13/2012 14:03
amineurin#40
i fixed the stuff xsh and interest07 wrote.
to the scanner, as i read on the website, the scanner check for xss, sql Injection ways.
to the scanner, as i read on the website, the scanner check for xss, sql Injection ways.
but if any one knows a better way to check, im open for it.Quote:
Acunetix Web Vulnerability Scanner includes many innovative features:
AcuSensor Technology
An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
Industries' most advanced and in-depth SQL injection and Cross site scripting testing
Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas easy
Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms
Extensive reporting facilities including VISA PCI compliance reports
Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
Intelligent crawler detects web server type and application language
Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
Port scans a web server and runs security checks against network services running on the server
05/13/2012 14:42
Sᴡoosh#41
I am a idiot with web stuff (I find it bland and boring), but I don't understand how they can possibly check PHP functions?! I mean, they probably check JS/AJAX - but not PHP. That's impossible.
Don't listen to me though, like I said I hate web dev.
Don't listen to me though, like I said I hate web dev.
05/13/2012 23:12
amineurin#42
they scan the website source code for get/post, php stuff and more.Quote:
then trying to inject known ways or blind injections and showing the results.
same like a attacker would do, for what i understand.
thats how your website look to the scanner:
05/13/2012 23:35
Sᴡoosh#43
Looks nice indeed, i'll give it a roll later on :)
05/20/2012 17:51
boredsauce#44
Acunetix is ok, checks your site for exploits in its databases. It can determine the software your site is running on and attempt to find/exploit known bugs (SQL injections, XSS, RFI/LFI, etc.)
But no, it can't actually check the php functions directly. That would require access to the php files themselves.Quote:
Don't listen to me though, like I said I hate web dev.
05/23/2012 23:23
amineurin#45
latest update:
Adjust Bot with new Offsets for todays PWI-Imperial Fury Update.
Enjoy
Adjust Bot with new Offsets for todays PWI-Imperial Fury Update.
Enjoy