|
07-05-2018, 12:23 PM
|
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Agreed
|
07-05-2018, 12:23 PM
|
#51
|
Guest
Voted:
0 audio / 0 text
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Agreed
|
|
|
07-05-2018, 12:29 PM
|
Join Date: May 2011
Posts: 6,087
Mentioned: 3616 Post(s)
Tagged: 76 Thread(s)
Ranked Audio Record 4 Won / 0 Lost
Ranked Text Record 30 Won / 8 Lost
Exclusive Text Record 1 Won / 1 Lost
|
There's currently a character limit, but there's also a line limit so when you press [ENTER] it counts it as a new line. There simply needs to be a character limit without a line limit-- which would give one the option of having a line by line presentation without typing less material. The only reason filling in the box evolved is because of the line limitation and people want to include as much material as possible.
|
07-05-2018, 12:29 PM
|
#52
|
Ranked Audio Record 4 Won / 0 Lost
Ranked Text Record 30 Won / 8 Lost
Exclusive Text Record 1 Won / 1 Lost
Join Date: May 2011
Voted:
407
audio / 1061
text
Posts: 6,087
Mentioned: 3616 Post(s)
Tagged: 76 Thread(s)
|
There's currently a character limit, but there's also a line limit so when you press [ENTER] it counts it as a new line. There simply needs to be a character limit without a line limit-- which would give one the option of having a line by line presentation without typing less material. The only reason filling in the box evolved is because of the line limitation and people want to include as much material as possible.
|
Offline
|
|
07-05-2018, 12:36 PM
|
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Quote:
Originally Posted by NOBLE
There's currently a character limit, but there's also a line limit so when you press [ENTER] it counts it as a new line. There simply needs to be a character limit without a line limit-- which would give one the option of having a line by line presentation without typing less material. The only reason filling in the box evolved is because of the line limitation and people want to include as much material as possible.
|
Yeah this. No one ever presses enter unless they are new and instantly get told to "fill the box".
Also want to point out that I wrote "tolled" instead of "told" a minute ago.
|
07-05-2018, 12:36 PM
|
#53
|
Guest
Voted:
0 audio / 0 text
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Quote:
Originally Posted by NOBLE
There's currently a character limit, but there's also a line limit so when you press [ENTER] it counts it as a new line. There simply needs to be a character limit without a line limit-- which would give one the option of having a line by line presentation without typing less material. The only reason filling in the box evolved is because of the line limitation and people want to include as much material as possible.
|
Yeah this. No one ever presses enter unless they are new and instantly get told to "fill the box".
Also want to point out that I wrote "tolled" instead of "told" a minute ago.
|
|
|
07-05-2018, 01:51 PM
|
Join Date: Aug 2005
Posts: 1,363
Mentioned: 41 Post(s)
Tagged: 41 Thread(s)
|
Thanks for all the feedback, there are no planned changes at this time.
|
07-05-2018, 01:51 PM
|
#54
|
The Boss
Join Date: Aug 2005
Voted:
148
audio / 43
text
Posts: 1,363
Mentioned: 41 Post(s)
Tagged: 41 Thread(s)
|
Thanks for all the feedback, there are no planned changes at this time.
|
Offline
|
|
07-05-2018, 02:04 PM
|
Join Date: Jan 2014
Posts: 2,962
Mentioned: 1225 Post(s)
Tagged: 61 Thread(s)
Ranked Audio Record 2 Won / 4 Lost
Ranked Text Record 111 Won / 71 Lost
Exclusive Text Record 3 Won / 6 Lost
|
Quote:
Originally Posted by UnEtH1CaL
Pick up some SQL. I did it very briefly and noticed a few errors on LB which were very simple database issues. I expect that 99.9% of LB is SQL based.
|
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
__________________
I'm retired from LetsBeef.
|
07-05-2018, 02:04 PM
|
#55
|
Ranked Audio Record 2 Won / 4 Lost
Ranked Text Record 111 Won / 71 Lost
Exclusive Text Record 3 Won / 6 Lost
Join Date: Jan 2014
Voted:
35
audio / 1022
text
Posts: 2,962
Mentioned: 1225 Post(s)
Tagged: 61 Thread(s)
|
Quote:
Originally Posted by UnEtH1CaL
Pick up some SQL. I did it very briefly and noticed a few errors on LB which were very simple database issues. I expect that 99.9% of LB is SQL based.
|
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
__________________
I'm retired from LetsBeef.
|
Offline
|
|
10-08-2019, 05:50 AM
|
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Glad this didn't change.
|
10-08-2019, 05:50 AM
|
#56
|
Guest
Voted:
0 audio / 0 text
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
|
Glad this didn't change.
|
|
|
10-08-2019, 06:08 AM
|
Join Date: Sep 2008
Posts: 2,454
Mentioned: 303 Post(s)
Tagged: 16 Thread(s)
Ranked Audio Record 1 Won / 0 Lost
Ranked Text Record 8 Won / 4 Lost
|
Quote:
Originally Posted by Shodan
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
|
You think I'd never tried to SQL Inject LB on day 1?
Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.
I think it'd go:-
Username: EtH" OR User_Id = 1
This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"
Off the top can't remember how you handle the password though.
__________________
@mcg#3451
|
10-08-2019, 06:08 AM
|
#57
|
Ranked Audio Record 1 Won / 0 Lost
Ranked Text Record 8 Won / 4 Lost
Join Date: Sep 2008
Voted:
5
audio / 65
text
Posts: 2,454
Mentioned: 303 Post(s)
Tagged: 16 Thread(s)
|
Quote:
Originally Posted by Shodan
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
|
You think I'd never tried to SQL Inject LB on day 1?
Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.
I think it'd go:-
Username: EtH" OR User_Id = 1
This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"
Off the top can't remember how you handle the password though.
__________________
@mcg#3451
|
Offline
|
|
10-08-2019, 11:36 PM
|
Join Date: Sep 2010
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
Ranked Text Record 41 Won / 37 Lost
|
Quote:
Originally Posted by Dave
You think I'd never tried to SQL Inject LB on day 1?
Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.
I think it'd go:-
Username: EtH" OR User_Id = 1
This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"
Off the top can't remember how you handle the password though.
|
SQL injections are ridiculously easy to prevent, was only a significant problem yearsss ago
__________________
Pack of Wolves, gayest crew on the site.
|
10-08-2019, 11:36 PM
|
#58
|
Ranked Text Record 41 Won / 37 Lost
Join Date: Sep 2010
Voted:
44
audio / 258
text
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
|
Quote:
Originally Posted by Dave
You think I'd never tried to SQL Inject LB on day 1?
Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.
I think it'd go:-
Username: EtH" OR User_Id = 1
This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"
Off the top can't remember how you handle the password though.
|
SQL injections are ridiculously easy to prevent, was only a significant problem yearsss ago
__________________
Pack of Wolves, gayest crew on the site.
|
Offline
|
|
10-08-2019, 11:41 PM
|
Join Date: Aug 2005
Posts: 1,363
Mentioned: 41 Post(s)
Tagged: 41 Thread(s)
|
Even if you got the passwords, they are encrypted. Props to @ Pseudo Nim for LB security
|
10-08-2019, 11:41 PM
|
#59
|
The Boss
Join Date: Aug 2005
Voted:
148
audio / 43
text
Posts: 1,363
Mentioned: 41 Post(s)
Tagged: 41 Thread(s)
|
Even if you got the passwords, they are encrypted. Props to @ Pseudo Nim for LB security
|
Offline
|
|
10-08-2019, 11:52 PM
|
Join Date: Sep 2010
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
Ranked Text Record 41 Won / 37 Lost
|
Quote:
Originally Posted by X
Even if you got the passwords, they are encrypted. Props to @ Pseudo Nim for LB security
|
I mean that’s just basic knowledge anyone with a degree should know, not to store passwords in plain text in the db. When you enter your password it goes through a one way hash function, probably md5 since this site is old unless it has been updated , which is what it is stored in the db as.
Also, if it is md5 most large companies with stuff worth protecting don’t use it anymore since it’s vulnerable now due to the speed of modern computers, fine for LB tho..
And the usual path of the SQL injection is to bypass the login process, not actually get the password.
__________________
Pack of Wolves, gayest crew on the site.
Last edited by Subreal; 10-08-2019 at 11:54 PM.
|
10-08-2019, 11:52 PM
|
#60
|
Ranked Text Record 41 Won / 37 Lost
Join Date: Sep 2010
Voted:
44
audio / 258
text
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
|
Quote:
Originally Posted by X
Even if you got the passwords, they are encrypted. Props to @ Pseudo Nim for LB security
|
I mean that’s just basic knowledge anyone with a degree should know, not to store passwords in plain text in the db. When you enter your password it goes through a one way hash function, probably md5 since this site is old unless it has been updated , which is what it is stored in the db as.
Also, if it is md5 most large companies with stuff worth protecting don’t use it anymore since it’s vulnerable now due to the speed of modern computers, fine for LB tho..
And the usual path of the SQL injection is to bypass the login process, not actually get the password.
Last edited by Subreal; 10-08-2019 at 11:54 PM.
|
Offline
|
|
Thread Tools |
|
Display |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 08:12 PM.
|
|
|