My site

Hey,

I am looking on some feedback for my site, www.nickscomputing.com. The idea behind it is that you select what type of computer user you are, and you will get articles that would be most useful to you.

Thanks

watch your back with those encrypters …. you need a strip_tags() in em….

thanks, i just patched it anyway but how would that be exploitable?

im not quite sure, but i think someone could do this (im guessing this is close to your code)

<?php
$hash = $_POST("hash");
$output = md5($hash);
echo $output;
?>

exploit:

<?php
$output = md5("hello");
echo "<anything they wanted>";
somefunction(something bad);
echo $output;

where they would have typed in markup"hello"); echo "<anything they wanted>"; somefunction(something bad and used your parentheses as the end of any statement ending in );

even after all that i dont know how much could actually be done, but all you have to remember is strip_tags() takes out not only html but php too. I hope ive been helpful.

overall, tho once the site has somemore features it should be pretty nice.

I like it… hopefully when everythings up to date (i.e, more code, downloads, articles, etc.) it seems that it will have a lot of potential. Great job :)

thanks… any suggestions/ features u wanna see?

I like it alot ^_^ good job, but don't stop here… keep working on it and adding to it…

Its really well laid out site. I like it alot, some reason ur "banner" thing takes forever to load though, even though i think its plain

I found on the downloads, the links dont work. I think they are suppose to be links to another website. Well whatever they are, none of them work. Still nice design, i sent a article in also. :)

ignore atrcomb thats bollocks what he just typed.

thanks, i just patched it anyway but how would that be exploitable?

Do the Web Patching Challenges. They'll help you a lot!

I just escaped the filter in the hex hash gen,by encoding my jscript,which wont really do much,but just thought i'd let u know

ok i fixed the downloads section… a-hack can u please explain? thanks

p.s. i encourage the hacking of my site, please just report all exploits to me

umm, bignick, I browsed your robots and found your admin password, haha. I don't know if that's the real one or anythign, but I'd fix that.

ummm its a joke lol if you unencrypt it it comes out to fuck off or something like that

haha, yea, I figured it wouldn't be something left out in the open like that. That's sic. Some loser comes up, ooooo, this kid left his password wide in the open, let's just decrypt it and we get……. What!? FOILED AGAIN!

But yea, besides that, nice, I like it.

@ willieH, i did not type bollocks, maybe what i said might be taking it a bit far but someone might still be able to do something similar. As i said, i was not sure that could work but its still better to be safe.

@bigggnick as i said before the sites nicely designed and when finished im sure it will be very good.

I like the site, but I found that, depending on which links you click on, your navigation panel thingy changes, and that can get really confusing… you might want to change that, but that's just my opinion. Secondly, I went to Basic > Articles and got a 404, not good. You might want to have a quick look at that too. Also, on this page: http://www.nickscomputing.com/basic/basindex.php several of the links in the navigation panel thingy aren't links, they're just text, I didn't know if that was what you meant to do or not, just bringing your attention to the matter. ^_^

Despite these few small, easy-to-fix problems, the site is very well done and nicely layed out. I think that once you spend a little more time on it, it will be great! :D

Hey, I think your site could use a better look. No offense or anything, but it's pretty basic. If you need a template, I have created one that might work well with your black/red theme. Check it out at http://www.thisisasite.net/templates.php

yea no offence but i agree with placebo i like you site but the style is very plain, good site though :)

i know, the basic section is still under construction and i haven't had a lot of time to work on it. im focusing more on the advanced part cuz most of the advertising im doing is on sites like this, so not a lot of basic users. i want a simple, easy to use theme and im working on changing the forum colors

Well, keep in mind that there is a template for you at http://www.thisisasite.net if you like it and want to use it. Otherwise, good luck with the site and I hope you can find more time to work on it.

http://www.nickscomputing.com/advanced/advarticles/advprograming/advphp.php

A couple problems in your tutorial.

<?php
$d=date("D");
if ($d=="Fri")
echo "Yes, it's friday!";
else
echo "Its not friday!";
?>

Should be…

<?php
$d=date("D");
if ($d=="Fri") {
echo "Yes, it's friday!";
} else {
echo "Its not friday!";
}
?>

and…

<?php
$pass=$_POST['password'];
//this will get the password from an HTML text box labeled password
if ($pass=="nick")
echo "Welcome, Nick";
else
echo "You are not Nick. Go away";
?>

Should be…

<?php
$pass=$_POST['password'];
//this will get the password from an HTML text box labeled password
if ($pass=="nick") {
echo "Welcome, Nick";
} else {
echo "You are not Nick. Go away";
}
?>

P.S. I got your password, decrypted the binary, decrypted the morse code, and brute forced the MD5 encryption and yep, it says "fuckyou"

thanks, keep the comments comin'

i've been working on it a little lately, some new features include: Links (if you want to be added, just ask!) Fixed downloads Product reviews More encrypt options

Things soon to come: More reviews/articles/codes More members (hopefully)

HardHackz comment is actually wrong, "{" and "}" aren't necessary if the code for it is one command long. So you can keep the first way if you prefer it.

Well HardHackz's code isn't wrong, its just that both of their codes do the same thing, just one is more efficient taking up less space / lines.

for example you could reduce 4 of the lines to 1 line like so

echo if($pass == "nick") ? "Welcome, Nick" : "You are not Nick. Go away";

cool, didnt know you could do if…else in that way

atrcomb wrote: im not quite sure, but i think someone could do this (im guessing this is close to your code)

<?php
$hash = $_POST("hash");
$output = md5($hash);
echo $output;
?>

exploit:

<?php
$output = md5("hello");
echo "<anything they wanted>";
somefunction(something bad);
echo $output;

where they would have typed in markup"hello"); echo "<anything they wanted>"; somefunction(something bad and used your parentheses as the end of any statement ending in );

even after all that i dont know how much could actually be done, but all you have to remember is strip_tags() takes out not only html but php too. I hope ive been helpful.

overall, tho once the site has somemore features it should be pretty nice.

you cant escape PHP, its server-side. you cant exploit this.

@mr noob

ok it seems like i am being attacked for writing that, i just want everyone to know it was only in response to only.samurai's post telling him a strip_tags() was needed. I said i wasnt sure it would work but was just giving him a suggestion as to the possibilities of exploits.

im not attacking you, im simply informing you that it cannot be done. the previous replies were flames.

Well…the layout is terrible…and the top image isn't that good…I suggest do what placebo suggested..

mr noob wrote: im not attacking you, im simply informing you that it cannot be done. the previous replies were flames.

kk

Ok a few suggestions the layout is boring but you know you may not be a designer but a coder like me, second i have always hated when someone uses tables and that table is not set to go all the way across the desktop screen, or if it doesn't it is left aligned. may i suggest using: markup<div aiign-"center"> or for just the table adding the maroon colored text to the table tag markup<table align="center">

also if you want a more exciting looking website i suggest going to a template website charge or no charge and look at ideas from templates. last but not least a good template that i have seen has been the darkness template form elated here is a link to it and its free http://elated.com/pagekits/

don't forget, content keeps a site at its best so don't get outdated or slack on quality

Adams

thanks again for all the replys, if anyone wants to be an admin just pm me. I dont mind if your not great at php, etc. im not either so we could learn togather.

yay, my forums are actually somewhat active now

got some more articles, a sig request thing, new links (thanks to the new flea), more encrypters (thanks to hardhackz), and some other new things.

Check it out!

when i register the verification image doesnt show

crap… ill fix it

Ok, its fixed…

turbocharged… i tried an expariment and manualy created u an accound, just to see what would happen.. i will pm the password to you but it should have been emailed to admin@arabian-outlaw.com