[devicenull]

Quote:

Originally Posted by SoGeek Hello Devicenull, Thanks for this informations, 1) You're wrong about the XSS Attacks, this is not critical, but i'm gonna fixe that.

XSS attacks are pretty critical. I'm not sure why you think otherwise.

Quote:

About the registre_global, only the user can change the value of the include.

Huh? You use extract($_GET);, despite the PHP manual explicitly telling you not to do that. Anyone can use that to change variables that aren't otherwise initialized (hint: that's how my XSS demo link works!)

Quote:

4) Yes the plugin send IP and EMAIL informations on our databases, this is for statistic, and newsletter if there is an critical update for this plugin.

Do you tell the user about this? Why do you need their IP address?

Quote:

5) You're right again, this isn't encrypt with md5, but this is encrypt with hash (do you want a screenshot ?).

I'd love to see a screenshot of this.

[SoGeek]

Ok,

1) Yes in fact, XSS attacks are pretty critical, but in this php page, you can only display a message (like your xss attack) not more, at worst the XSS issue only attack the page of the 'hacker' not of ALL the users.

2) Extract $_GET is pretty usefull, and in this plugin, it's not dangerous, you can insert 500 GET value, the page will not change, because i don't use the 500 values in the page.
So in the next update, everything will be fixed about the XSS Attack, you'll see. (i'll remove the $_GET Extract just for you)

3) In the database, i don't insert the user's IP but the server's IP.

4) http://img851.**************/img851/3359/sanfsre.jpg

Cordially,
SoGeek.

[devicenull]

Quote:

Originally Posted by SoGeek Ok, 1) Yes in fact, XSS attacks are pretty critical, but in this php page, you can only display a message (like your xss attack) not more, at worst the XSS issue only attack the page of the 'hacker' not of ALL the users.

Sooo, what if I give someone a link to a page containing an XSS attack?

Quote:

2) Extract $_GET is pretty usefull, and in this plugin, it's not dangerous, you can insert 500 GET value, the page will not change, because i don't use the 500 values in the page. So in the next update, everything will be fixed about the XSS Attack, you'll see. (i'll remove the $_GET Extract just for you)

I'm so glad you know better then the PHP developers, and everyone who says register_globals/extract (both are identical in this case) are bad.

You rely on PHP defaulting variables to 0 in a lot of cases, it's possible for an attacker to just change the defaults to whatever he wants via your extract call. For example, the GET variable I use to do the XSS. By default (with no attack) you never set it before constructing links with it, so PHP defaults it to ''. When I added it to the URL it was defaulted to my attack string, and your code never removed it.

Quote:

4) http://img851.**************/img851/3359/sanfsre.jpg

What the fuck is that? It's not md5, nor is it sha1. Where is that screenshot from? What "hash" is that?

[SoGeek]

It's a home cryptage , i tried to make a cryptage similar to hash or sha1.

Ok, try the future update at this page :

(timeout = 10, styles.css, script who's require www.team-skyzen.fr, and EXTRACT($_GET) has been removed)

http://team-skyzen.verygames.net/buy.php

Is there somes XSS issues ?

[rtk]

I came back to see if there was any progress and indeed there is, www.team-skyzen.fr has been hacked already!
Its time to start building my own vip system...

[asherkin]

To protect the safety of our members, I'm removing this (again!) and banning any further versions to be released here without stringent security checks.

The disregard for basic security practices is appalling.

SoGeek, feel free to PM me regarding this.