LOST-Chall
http://lost-chall.org/forum/

Bug? status:fixed
http://lost-chall.org/forum/viewtopic.php?f=14&t=128
Page 1 of 1
Author:  criple_ripper [ Sat May 31, 2008 3:31 pm ]
Post subject:  Bug? status:fixed

hi i'm not sure if i should post this here i'm not even sure it's a bug but it's kind weird...so in any of the challenges if you remove the .php ending from the address bar you still get the chall.but if you remove the .php and add a slash you get a black box where the chall should be...and if you enter a value in the input box and submit it you get a "directory" with the name of the chall which i don't think that exists...so is this supposed to happen?
Author:  sabretooth [ Sat May 31, 2008 4:51 pm ]
Post subject: 

Thank you for bringing this to our attention.

We have removed your original post until we are sure that this info cannot be used to exploit the site.

We will be looking into this as soon as possible.

Thank you again

sabretooth

EDIT - we have fixed this problem for challenge 1 'the-crash' but it is a very awkward fix. We will try and sort this out an easier way but if not the current fix will have to do.
Thanks ;)
Author:  criple_ripper [ Sun Jun 01, 2008 2:07 am ]
Post subject: 

yes i wasn't sure if this was exploitable too...but in case it was and i was curious enough to find it i thought i should report it...also i have the belif that besides completing challenges this communities help us being curious,search and question everything...so doing all these, if anybody find something wrong why not report it? if we "attack" the same people that help us learn something more than what we already know it's bad for them and ourselves too...

but that's my opinion and who cares about what i think?

that's all...sorry but i had to say this because it was in me so long watching people destroying "exploitable" communities like this one just for fun...

keep up the good work...

criple_ripper
Author:  Bregi [ Sun Jun 01, 2008 7:56 am ]
Post subject: 

Thanks a lot criple_ripper, exactly my opinion =)

Bregi
Author:  sabretooth [ Mon Jun 02, 2008 11:07 am ]
Post subject: 

Ok I have analysed this and I believe this cannot be exploited. all it does is call the challengepage.php without the images purely because if in another directory the path /pics/image.jpg obviously doesnt exist.

I am aware that no-one except criple-ripper and Bregi know what I'm talking about at the moment but the original post may be reinstated soon.

fixes to come shortly ;)


thanks again


sabre
Author:  krueger [ Mon Jun 02, 2008 9:24 pm ]
Post subject: 

sabretooth wrote:Ok I have analysed this and I believe this cannot be exploited. all it does is call the challengepage.php without the images purely because if in another directory the path /pics/image.jpg obviously doesnt exist.

I am aware that no-one except criple-ripper and Bregi know what I'm talking about at the moment but the original post may be reinstated soon.

fixes to come shortly ;)


thanks again


sabre

There are some people who read the first post before you deleted it, you know ;)
Author:  sabretooth [ Mon Jun 02, 2008 9:34 pm ]
Post subject: 

I am aware of that, but I am talking on the grand scale of things. At an estimate 95% of users will not have seen the original message ;)

sabre
Author:  Bregi [ Wed Jun 04, 2008 4:02 pm ]
Post subject: 

Fixed now all in season 1, but it's not a work who makes fun so I wait some time (hours) until I do the next season :P
Author:  sabretooth [ Mon Jul 28, 2008 2:54 pm ]
Post subject: 

ok fixed it. Well...made it inaccessible at least :P

Maybe another option will appear to us in future, but for now this works.


criple_ripper, I reinstated your original post ;)

regards

sabretooth
Author:  sabretooth [ Wed Jul 21, 2010 12:37 pm ]
Post subject: 

Bregi - I have now coded a script to deal with this issue without having to create folders and have applied it to my site revolution elite.
If you wish you can have the script for lost-chall

Regards,

Ian
Page 1 of 1 All times are UTC