Helpful Information
 
 
Category: Website Critiques
http://www.betachat.com/devshed.html

Got a challenge for all of you if you're up to it! Website is..
http://www.betachat.com/devshed.html

Main thing is, see if you can log into the chatroom with no username, blank.. Next, see if you can log into the chatroom with the username "Rick".. Then just see if you can spot any security holes.. Written in python. Let me know what you come up with.

can't login with "rick"..name is reserved.

can't login with "" ..."Invalid username."

can't login with anything else..."name is already in use"

don't know what else you would like to try. :(

only tried twice...

in firebird 0.6.1 on pc the first time it did something then came back to the first page.

the second time it said this:

JavaScript Error reported...

The Fort Gordon Policy clearly states that access to this site is prohibited.

For further information please read Fort Gordon Garrison Policy Letter #17.

---John Holmes...

Originally posted by Milo
can't login with "rick"..name is reserved.

can't login with "" ..."Invalid username."

can't login with anything else..."name is already in use"

don't know what else you would like to try. :(

I wanted to see if anyone could "crack" passed my reserved name.

Empty form will give that error, wanted to see if anyone found any holes in it to be able to login without a username, for instance alt+0160..

Name is already in use is strange..

Thanks for lookin'

Originally posted by lisajill
only tried twice...

in firebird 0.6.1 on pc the first time it did something then came back to the first page.

the second time it said this:

JavaScript Error reported...

When you press enter, or click submit, a new window will appear, you may want to try pressing "Ctrl" when hitting enter, or pressing submit.

Thanks for tryin'.

Originally posted by Sepodati
The Fort Gordon Policy clearly states that access to this site is prohibited.

For further information please read Fort Gordon Garrison Policy Letter #17.

---John Holmes...

You must be from Fort Gordon Garrison? I don't see why it's prohibited..

Thanks for tryin' anyway.

Originally posted by Sepodati
The Fort Gordon Policy clearly states that access to this site is prohibited.

For further information please read Fort Gordon Garrison Policy Letter #17.

---John Holmes...

Sep, what's this about being prohibited?

The requested URL /devshed.html was not found on this server.

Please contact the server administrator, rick@betachat.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

Please go back and try again.

Originally posted by a.koepke


Oops, deleted it. It's back up now.

All it ends up doing is redirecting me to Devshed.com

What is this meant to do?

Originally posted by a.koepke
All it ends up doing is redirecting me to Devshed.com

What is this meant to do?

Ah, I see. You have to click Chat, then immediately after, punch and hold the control key. It's a new pop up window. That's where the chat will be.

If someone has to do some crap like that to enter a chat room I think most people are not going to bother.

Why don't you come back when you have programmed things properly.

Originally posted by a.koepke
If someone has to do some crap like that to enter a chat room I think most people are not going to bother.

Why don't you come back when you have programmed things properly.

It is done properly. You have a popup stopper blocking the page from opening. The pop up is for a reason.

Well I have mozilla with popup blocking enabled.

Redirecting, displaying no message to the user and just expecting things to work is not doing things properly.

If you need to make it a popup you should redirect to a page with a javascript link that would say "If you do not see a popup chat window please click here" and that would then run the javascript to popup the window. Due to this being a user-initiated popup the popup blockers shouldnt block it.

Originally posted by a.koepke
Well I have mozilla with popup blocking enabled.

Redirecting, displaying no message to the user and just expecting things to work is not doing things properly.

If you need to make it a popup you should redirect to a page with a javascript link that would say "If you do not see a popup chat window please click here" and that would then run the javascript to popup the window. Due to this being a user-initiated popup the popup blockers shouldnt block it.

Okay, the login pops the window up. But now it shouldn't be blocked by popups. Have fun.

Originally posted by a.koepke
Well I have mozilla with popup blocking enabled.

Redirecting, displaying no message to the user and just expecting things to work is not doing things properly.

If you need to make it a popup you should redirect to a page with a javascript link that would say "If you do not see a popup chat window please click here" and that would then run the javascript to popup the window. Due to this being a user-initiated popup the popup blockers shouldnt block it.

I should point out that it was not a user initiated pop up. The popup was from the one page but it was done by the program. This new method is done upon user submit.. That's when the new window opens.










privacy (GDPR)