Frowning on the patching challenges

I already beat them with prior discussions with Grindordie but the challenges move over from easy to extremely difficult. The fast paced life style PHP is going through, there are a bunch of different ways to patch 1 exploit. Using a script to check the answers is madness unless you have a php guru sitting on the other side knowing and coding in every single possibility.

Just my 2cents on the patching challenges. post wut u think.

I thought they were both very very easy. A bit tricky at first, getting used to line numbers, what the exact "exploit type" is. But, after that, you know how the game roles, and is easier to get. Well, this is from 1-2….there are only two, i'll just have to see how it continues on.

what we do is have an array of accepted answers.

so we've gone through and thought of ways it could be patched, and coded those into the answers. So its not just ONE set way to complete it, because agreeed that would be madness.

were working on various other patching challenges and we're tring to include as many different types and accepted answers.

These challenges are only in trail stages and are still being thought about and updated.

personally I love the recent patching challenges, that have taught me how to defend sites I make in the future and well, yeah…good work, v. handy

I think I know the security leak in one of the challenges but my patching method requires more than one line :(

Plus I think there's a syntax error in 3 ;)

well there is always gonna be many ways to patch each problem, it is really just accepting the most common and simple ways to fix each problem

yeah we usally accept the simplest and most efficent.

so no adding functions etc, just include a simple strip_tags command or something, and problem solved. very efficent and very simple :)

Finally some problems where you need to find the answer for! clapping in my hands!!! Keep up the good work! I love it :D (altough… finding names for the problems is prolly my biggest problem :D) it doesnt accept this: Exploit Type: DUMB ASS READING! ;) Can i find somewhere a list with possible exploits (like css,…)

css=Cascading Style Sheets xss=Cross Site Scripting

i i guess u ment xss in the last post, and btw see my thread about this very subject

http://hellboundhackers.org/fusion_forum/viewthread.php?forum_id=61&thread_id=3490

Mr_Cheese wrote: so no adding functions etc, just include a simple strip_tags command or something, and problem solved. very efficent and very simple :)

Damn, there goes my love for regexes :p

aenman123 wrote: css=Cascading Style Sheets xss=Cross Site Scripting

i i guess u ment xss in the last post, and btw see my thread about this very subject

http://hellboundhackers.org/fusion_forum/viewthread.php?forum_id=61&thread_id=3490 :) yes i ment xss thnx for correting :) and soz that i didnt saw the other topic :s

I think you should "addslashes(Text '\ ' To Remove 'Slashes')" Without quotes…cuz its really ******* me off,,,I know it should work with it in real life…anyway

Edit : Usage of addslashes :

<? echo addslashes(The text on which you want to add the slashes); ?>

What it do : Addslashes, like it name tell us, add slashes to a sentence.

Example : You ask for a username and the user enter : '"'MyName\"'\""' the patched username with addslashes would be : \'\"\'MyName\\\"\'\\\"\"\' and if you want to ''Echo'' it, this code would do it :

$username = addslashes($_POST['username']);
// Here you do what ever you want with the username, like checking few things with a sql table

echo "Welcome dear ";
echo stripslashes($username);
?>

I hope you'll add it :D