This is the worst site
-
The host sent me the code (it was on GitHub, but was taken down by the author within an hour). Of note are things like
extract($GLOBALS);
and$pg = explode('/',$_GET['p']);
$tmp_u = mysql_query("SELECT user FROM mbasic WHERE user ='{$pg[0]}' LIMIT 1");
-
Admin validation:
if(substr($_COOKIE['xsauth'],16) != base64_encode('alan')) {
No comment:
while($cf = readdir($d)) { $x = strtolower(substr(strrchr($cf,'.'),1)); if(in_array($x,$ax)) $rf[ ] = $cf; }
-
I think the forum took a bite out of your second post...
-
@henke37 said:
I think the forum took a bite out of your second post...
Yeah, Community Server is TRWTF.
-
-
-
At least their registration page has a user friendly error message?
[URL=http://imgur.com/Fp6r7][/URL]
-
@rad131304 said:
At least their registration page has a user friendly error message?
Were you blocked from the site after that? Seems more like over-eager IP blocking code (if they detect an SQL injection attempt or something) than an error. I'm basing that entirely on the message though, so maybe it is just a badly worded error.
-
@lethalronin27 said:
@rad131304 said:
At least their registration page has a user friendly error message?
Were you blocked from the site after that? Seems more like over-eager IP blocking code (if they detect an SQL injection attempt or something) than an error. I'm basing that entirely on the message though, so maybe it is just a badly worded error.
I partially filled out their registration form - mostly because I wanted to see if it would recognize an February 31 as an invalid date