PhpPETITION
-
If you wanna have a good laugh take a look at the code of phpPETITION
(if you find the link to download it, actually)contains cool stuff like
<font face="courier new,courier">if ((isset($_GET['ADMIN'])) && ($_GET['ADMIN'] = "On"))</font>
and also
<font face="courier new,courier">do { } while()</font>
to do database lookups
Additionally, files are case sensitive
OMG is there no better free software for this purpose?
-
@jmroth said:
If you wanna have a good laugh take a look at the code of phpPETITION
(if you find the link to download it, actually)I spent a solid five minutes trying to find the download link. What a horrible site.
P.S. - I'm a spoil-sport: http://petitionscript.net/phpPETITION2/phpPETITION.zip
-
-
@hallo.amt said:
@jmroth said:
OMG is there no better free software for this purpose?
Comminity Server ?
I meant something small and simple. And secure.
Oh I was forgetting of course there comes no captcha or anything with that soft.
-
Hmm, how professional can they be:
*cough*
<!-- DW6 -->
<head>
<!-- Copyright 2005 Macromedia, Inc. All rights reserved. -->*cough*
But the code looks like far too much of a mess for me to actually read through it
-
TRWTF is by the way that he does
<font face="courier new,courier">$_GET['ADMIN'] = "On"</font>
and not the "correct"
<font face="courier new,courier">$_GET['ADMIN'] == "On"</font>
OMG !!!
-
I love their CAPTCHA!
-
@rbowes said:
I love their CAPTCHA!
WTF is that? My grandma could code a OCR to beat that "captcha" !
Just convert the image to black and white at the right threshold and you got perfectly well separated characters to feed into your OCR engine. Easy as cake
-
@jmroth said:
<font face="courier new,courier">if ((isset($_GET['ADMIN'])) && ($_GET['ADMIN'] = "On"))</font>
Wow, not only a WTF but a huge bug + sercurity hole. Unless the OP missed entered the code. I tried to dl the code but after takeing 10 minutes to figure out you have to click the support link and then become a forum member, pita.
-
@topspin said:
@rbowes said:
I love their CAPTCHA!
WTF is that? My grandma could code a OCR to beat that "captcha" !
Just convert the image to black and white at the right threshold and you got perfectly well separated characters to feed into your OCR engine. Easy as cake
That too, but I just liked making it giant
-
@rbowes said:
I love their CAPTCHA! <url snipped>
Indeed: http://petitionscript.net/phpPETITION2/Referral/CaptchaSecurityImages.php?width=20&height=20&characters=99999999Fatal error: Maximum execution time of 30 seconds exceeded in C:\Inetpub\vhosts\petitionscript.net\httpdocs\phpPETITION2\Referral\CaptchaSecurityImages.php on line 36
Should you really be giving out such descriptive error messages on what I can only assume is a production system? (I tried a negative number of characters, but he seems to be checking for that.)
-
@PJH said:
Should you really be giving out such descriptive error messages on what I can only assume is a production system?
But... but... PHP is a perfect language. It's un-possible to make mistakes in it. It's un-possible to have events generate warnings. So therefore it's un-necessary to disable warnings in production mode. I mean, sheesh... really... disabling warnings is bad! You'd never know if something was going right with the PHP code if you couldn't detect the absence of warnings. Or parse the output for warning strings...
-
@PJH said:
Fatal error: Maximum execution time of 30 seconds exceeded in C:\Inetpub\vhosts\petitionscript.net\httpdocs\phpPETITION2\Referral\CaptchaSecurityImages.php on line 36
Should you really be giving out such descriptive error messages on what I can only assume is a production system? (I tried a negative number of characters, but he seems to be checking for that.)
Oh so nice. Now everyone knows he's using IIS, in Windows, and on a virtual host. Which means he's waiting to be 0wned!
-
@danixdefcon5 said:
Oh so nice. Now everyone knows he's using IIS, in Windows, and on a virtual host. Which means he's waiting to be 0wned!
Too bad he's not running Apache on Linux so that he could be 0wned even faster.
-
@morbiuswilters said:
Are you kidding? This never would have happened if he were running Linux on an XBox.@danixdefcon5 said:
Oh so nice. Now everyone knows he's using IIS, in Windows, and on a virtual host. Which means he's waiting to be 0wned!
Too bad he's not running Apache on Linux so that he could be 0wned even faster.
-
@bstorer said:
@morbiuswilters said:
Are you kidding? This never would have happened if he were running Linux on an XBox.@danixdefcon5 said:
Oh so nice. Now everyone knows he's using IIS, in Windows, and on a virtual host. Which means he's waiting to be 0wned!
Too bad he's not running Apache on Linux so that he could be 0wned even faster.
I nominate that to be the new all-solving OS/Hardware combination.
-
Really nice of him too, to provide us with soo much information
Or that one
And what would that script be without some nice SQL injection possibilities
Admin/UserUpdates.php: $query_UserUpdate = "SELECT * FROM security where ID=".$_GET['ID'];
-
Hey this is cool! It can take 'characters' as the number in words as well as in digits
http://petitionscript.net/phpPETITION2/Referral/CaptchaSecurityImages.php?width=400&height=40&characters=six
-
It's even cooler - it can solve mathemathical equations
http://petitionscript.net/phpPETITION2/Referral/CaptchaSecurityImages.php?width=400&height=40&characters=√(3³+3²)
-
@m0ffx said:
Hey this is cool! It can take 'characters' as the number in words as well as in digits
@julmu said:It's even cooler - it can solve mathemathical equations
No it can't. Any unexpected value is discarded, and 6 is used in it's place. Also, any number lower than 6 is discarded in favour of 6.
-
@Kyanar said:
Any unexpected value is discarded, and 6 is used in it's place. Also, any number lower than 6 is discarded in favour of 6.
I take it those comments weren't orange enough for you?Or are you one of those people that insist on ruining jokes by explaining them in explicit detail?</rhetorical>
-
@Kyanar said:
@m0ffx said:
Joke #1
@julmu said:
Joke #2
No it can't. Any unexpected value is discarded, and 6 is used in it's place. Also, any number lower than 6 is discarded in favour of 6.
That's right. Kill those lame jokes...
-
What I especially like in the PHPetition (yes, pity that they didn't leave out that extra 'p', the name could have been so much cooler) is the palm trees on http://petitionscript.net/phpPETITION2/index.php. Somehow that makes me trust their software even more.
And it's available in ColdFusion!!!!!!!!!!!!!!! http://petitionscript.net/CFpetition/default.cfm?ID=NEW
-
@PJH said:
@Kyanar said:
Any unexpected value is discarded, and 6 is used in it's place. Also, any number lower than 6 is discarded in favour of 6.
I take it those comments weren't orange enough for you?Or are you one of those people that insist on ruining jokes by explaining them in explicit detail?</rhetorical>
Sorry, I didn't recognise it as a joke because it wasn't funny.
-
@Kyanar said:
Sorry, I didn't recognise it as a joke because it wasn't funny.
Ahh yet another person who feels it necessary to kill any joke and just use the excuse "Well it wasn't funny."
Right, we understand you didn't think it was funny. You didn't get the joke. That is obvious.
But no one cares that you didn't find it funny. Perhaps the rest of us did enjoy the joke...
-
Those were very good jokes, the best in a few weeks around here.