Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

- - - - -

I need your help! Ascii Bin

ascii

  • Please log in to reply
97 replies to this topic

#25 ArekBulski

ArekBulski

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 480 posts

Posted 13 April 2009 - 02:19 PM

Jordan, your present password at AsciiBin wont work for you anymore. I changed it. Hah. :P

You might call it a security issue or so. Anyone can reset your password without asking you. If I will keep resetting your password 10 times a day, everyday, then you will surely give up.

I think it would be better to be able to retrive your password, not reset it.

Now, security analysis posted. Gimme rep please. :)

Edited by ArekBulski, 13 April 2009 - 06:31 PM.

  • 1

#26 ArekBulski

ArekBulski

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 480 posts

Posted 13 April 2009 - 02:23 PM

I wont even mention that I cannot register a user. Tried name "ironislaw" with some password and "ironek7@gmail.com" in case you wanna know.

Attached Thumbnails

  • sshot-1.jpg

  • 0

#27 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 13 April 2009 - 06:30 PM

haha, now that is funny. Email is disabled for the whole project as well so I have no idea what it changed the PW as. I'll give you +rep for catching that - thanks.

As for your registration problem, I'll have to do some digging for that. There is no apparent reason for it not to work.
  • 0

#28 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 14 April 2009 - 01:21 AM

i have to say, I LOOOOOOOOOOOOOOOOOVE the layout, can i steal it
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#29 Termana

Termana

    CC Devotee

  • Just Joined
  • PipPipPipPipPipPip
  • 971 posts

Posted 14 April 2009 - 05:49 AM

Generally, most places use a MD5 hash to store a password, and check against it upon login. Since the MD5 hash cannot be reversed, the password has to be reset in order for the user to be able to use their account again. If not done in a hash, md5 or otherwise, the passwords of users will have to be stored in plain text in the database or use encryption instead, which can be reversed - both pose a security risk.
  • 0

Interested in participating in community events?
Want to harness your programming skill and turn it into absolute prowess?
Come join our programming events!


#30 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 14 April 2009 - 05:51 AM

btw anyone can try any random three characters and open a bin of some user who has his credit-card number in the bin
http://cid-3a21c96ba...rtner=Messenger
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#31 Termana

Termana

    CC Devotee

  • Just Joined
  • PipPipPipPipPipPip
  • 971 posts

Posted 14 April 2009 - 06:00 AM


Bradley / Termana says:

love has arrived



i wann hold you so much



at long last love has arrived



and i thank god im alive



cant take my eyes off you 



i love you baby



trust me when i say



oh pretty baby now that i found you stay



let me love you baby let me love youuuuuuuuuu 

home-sick, wierd, retarded, depressed alien says:

omg thats my filthy secret bin

home-sick, wierd, retarded, depressed alien says:

you l33t h4ker

Bradley / Termana says:

lol

Bradley / Termana says:

to answer your question - yes

Bradley / Termana says:

but whotf would put their credit card info on a pastebin website?

home-sick, wierd, retarded, depressed alien says:

well you have to predict anything a user do

home-sick, wierd, retarded, depressed alien says:

theres crazy people out-there

home-sick, wierd, retarded, depressed alien says:

do you know this song btw?

Bradley / Termana says:

Thats why you put warnings on the site - and if they are stupid enough to ignore the warnings then they deserve to have their credit card info stolen


  • 0

Interested in participating in community events?
Want to harness your programming skill and turn it into absolute prowess?
Come join our programming events!


#32 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 14 April 2009 - 06:05 AM

lol
i should have predicted this
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#33 Termana

Termana

    CC Devotee

  • Just Joined
  • PipPipPipPipPipPip
  • 971 posts

Posted 14 April 2009 - 06:06 AM

i thought it was better to paste the convo, since that whole piece says what I wanted it to say. Maybe I should of used asciibin to paste it? :P
  • 0

Interested in participating in community events?
Want to harness your programming skill and turn it into absolute prowess?
Come join our programming events!


#34 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 14 April 2009 - 06:09 AM

i have to say, I LOOOOOOOOOOOOOOOOOVE the layout, can i steal it


Sure, not the first theme stolen I've used (see John's weblog and call him a **). Link back to me though :).

Generally, most places use a MD5 hash to store a password, and check against it upon login. Since the MD5 hash cannot be reversed, the password has to be reset in order for the user to be able to use their account again. If not done in a hash, md5 or otherwise, the passwords of users will have to be stored in plain text in the database or use encryption instead, which can be reversed - both pose a security risk.


The password is in MD5'd before entry into the DB. His suggestion was to send an email to the user account first saying "Hey, do you really want to change your password? If so, click this verification link". Upon clicking a random password would be made and emailed to the user. Right now it just blindly changes the password.

btw anyone can try any random three characters and open a bin of some user who has his credit-card number in the bin
http://cid-3a21c96ba...rtner=Messenger


Yup, that is the way it should be.

Bradley / Termana says:
love has arrived

i wann hold you so much

at long last love has arrived

and i thank god im alive

cant take my eyes off you 

i love you baby

trust me when i say

oh pretty baby now that i found you stay

let me love you baby let me love youuuuuuuuuu 
home-sick, wierd, retarded, depressed alien says:
omg thats my filthy secret bin
home-sick, wierd, retarded, depressed alien says:
you l33t h4ker
Bradley / Termana says:
lol
Bradley / Termana says:
to answer your question - yes
Bradley / Termana says:
but whotf would put their credit card info on a pastebin website?
home-sick, wierd, retarded, depressed alien says:
well you have to predict anything a user do
home-sick, wierd, retarded, depressed alien says:
theres crazy people out-there
home-sick, wierd, retarded, depressed alien says:
do you know this song btw?
Bradley / Termana says:
Thats why you put warnings on the site - and if they are stupid enough to ignore the warnings then they deserve to have their credit card info stolen


If they post their CC then what are they thinking? I'll put a "report this" link on there so it can be reported. Users can also delete their own bins if they are pretty stupid.
  • 0

#35 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 14 April 2009 - 06:11 AM

Users can also delete their own bins if they are pretty stupid.

ahm ahm, im still here.
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#36 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 14 April 2009 - 06:16 AM

lol, I didn't mean you. I meant... eh... errrr. Stupid people - they are everywhere and don't even know they are stupid.

What would be the difference between this and tweeter though? Doesn't tweeter allow you to post anything or do they moderate as well?
  • 0





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download