Page 2 of 2
Re: HTTPS for login page
Posted: Sun Mar 21, 2010 8:43 am
by Dracons
Lithium wrote:vby injection u can wipe a lot lol
the game doesnt have any kind of security is pure plain txt not protected as i see.
and when ppl say why bothering then how much is worth yr account?
mine si 400$
I prefer to give them the benefit of the doubt and assume they have some security. Like salt hashing our passwords and sterilizing input. It is just very, very difficult to make sure there are no gaps in security. That is one of the reasons they have a bug and suggestion section in their forums.
By and by, I have never heard of vby injection. Did you mean VB6 process injection?
Re: HTTPS for login page
Posted: Mon Mar 22, 2010 2:19 am
by CABAL
Dracons wrote:Lithium wrote:vby injection u can wipe a lot lol
the game doesnt have any kind of security is pure plain txt not protected as i see.
and when ppl say why bothering then how much is worth yr account?
mine si 400$
I prefer to give them the benefit of the doubt and assume they have some security. Like salt hashing our passwords and sterilizing input. It is just very, very difficult to make sure there are no gaps in security. That is one of the reasons they have a bug and suggestion section in their forums.
By and by, I have never heard of vby injection. Did you mean VB6 process injection?
Probably/
But still, using mysql_real_escape_string and html_special_chars on every input should work. But I'm pretty sure SGW only uses basic (and very weak) functions to strip slashes, quotations, and special chars.
As for hashing, well. imo, it's not really needed, as if someone has unauthorised access to the database, they can already do what the hell they want, why would they want to steal accounts, when they could make their own? But of course, that's assuming if they also have write permissions.