Στις 11/11/2013 11:36 πμ, ο/η Νίκος Αλεξόπουλος έγραψε:
Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε:
Okey let the hacker try again to mess with my database!!!
He is done it twice, lets see if he will make it again!
I'am waiting!
I can't believe your ignorance. You're actually telling a huge group of
developers from all over the globe that your site is impenetrable. Do
you know how ridiculous you sound? Have you stopped and thought that
maybe people have better things to do than try to hack your stupid circa
1990 website? My three year old could have modified your database. It
doesn't take a pro to take down your 'security'. Have you not read up on
anything these people have suggested? Cross Site Scripting? SQL
Injection? Digital Piracy? Private User Information? No.. you haven't.
That's why your code is starting to look like this:
if not '..' in page and not page == '/etc/passwd' and
os.path.isfile(page) and os.path.exists('/cgi-bin' + page) and cookieID
== 'some_secret' and host == 'superhost.gr' and
hacker_is_not_being_mean_today:
load_site()
load_private_user_phone_numbers_and_then_post_a_screenshot_for_everyone_to_see()
else:
play_pre_millenium_music_and_load_lots_of_gifs()
wait___go_back_and_load_pirated_music_and_gifs_from_1995_anyway(extra_sauce=True)
You can't sue me for posting the code to your site, there was no copyright.
I guess my whole point is, if someone really cared I'm sure they could
get into your site. They could get into a lot of sites that were created
by people way smarter than you. Ever heard of apache exploits? cpanel
exploits? for that matter..python exploits? Some of this is beyond your
control. Actually, all of this is beyond your personal control, you lack
the capability. What I meant to say is that you could not possibly fix
all of this even if you were a better python programmer. Be glad 'she'
wasn't mean.
======================================
Somebody this morning sent me an email as nikos.su...@gmail.com sayign
the above.
My code is not like you provided you ignorant.
# is it a python file or an html template?
if page and page in os.listdir( cgi_path ):
pyvalid = True
elif os.path.isfile( file ):
page = file.replace( path, '' )
htmlvalid = True
else:
file = 'forbidden'
....
....
if 'forbidden' in file:
print( '''<h2><font color=red>Δεν επιτρέπεται η απευθείας πρόσβαση
στο script παρά μόνον μέσω της αρχικής σελίδας! Ανακατεύθυνση σε
5...''' )
print( '''<meta http-equiv="REFRESH"
content="5;URL=http://superhost.gr";>''' )
sys.exit(0)
....
....
if cookieID != 'wont_say' and ( htmlvalid or pyvalid ) and re.search(
r'(amazon|google|proxy|cloud|reverse|fetch|msn|who|spider|crawl|ping)',
host ) is None:
# do database insertion here
Tell the mighty female hacker to polish her nails, do her hair and fix a
good meal.
She is incompetent just like yourself.
These all is just an excuse of not being able to mess with my script
again, because is she could she would.
Numerous attempts so far but no break through and database mess 2 days now.
Okey i think its safe to say that manipulation of databases through my
script's variables cannot happen again.
--
https://mail.python.org/mailman/listinfo/python-list
