pouet 2.0 bugs me beautifull
category: general [glöplog]
Quote:
This is demoscene
I thought this was pouet.
Re this fix me beautifull post: judging from the fact that https://www.pouet.net/content/screenshots/64484.gif is returning a 500 error while https://www.pouet.net/content/screenshots/omgwtfbbq.gif returns a plain 404, I'm guessing there's some Apache mod_rewrite gunk that's attempting to redirect the old screenshot URLs but failing.
here's my attempt at the relevant config (untested, so probably equally broken):
here's my attempt at the relevant config (untested, so probably equally broken):
Code:
RewriteRule /content/screenshots/(\d)\.(png|gif|jpg) /content/files/screenshots/00000/0000000$1.$2 [R=301]
RewriteRule /content/screenshots/(\d{2})\.(png|gif|jpg) /content/files/screenshots/00000/000000$1.$2 [R=301]
RewriteRule /content/screenshots/(\d{3})\.(png|gif|jpg) /content/files/screenshots/00000/00000$1.$2 [R=301]
RewriteRule /content/screenshots/(\d)(\d{3})\.(png|gif|jpg) /content/files/screenshots/0000$1/0000$1$2.$3 [R=301]
RewriteRule /content/screenshots/(\d{2})(\d{3})\.(png|gif|jpg) /content/files/screenshots/000$1/000$1$2.$3 [R=301]
RewriteRule /content/screenshots/(\d{3})(\d{3})\.(png|gif|jpg) /content/files/screenshots/00$1/00$1$2.$3 [R=301]
There's already some RewriteRules in place, the problem comes from the fact that the links werent pointing to content.pouet.net as they shouldve.
Show added groups thing throws an exception.
ninjafix
Just wanted to say thanks for adding the same links below reply as below first post, could be telepathy because I thought of asking for it yesterday :) And BB Code syntax checking alerts! Bonus :)
So the only thing left for me to mention is that a search box in footer or something on each page would save me a bunch of time (well, actually an exact browse speed increase of 100%! when I'm "spreading the word" and looking for stuff.
Would be most excellent sirs. :)
So the only thing left for me to mention is that a search box in footer or something on each page would save me a bunch of time (well, actually an exact browse speed increase of 100%! when I'm "spreading the word" and looking for stuff.
Would be most excellent sirs. :)
What would be nice is to quote comments on prods like it is to quote posts on bbs posts.
Hm. The occasional "where are you and where did you come from?" when posting. Being seasoned I copy before clicking, I go back, paste, submit, np.
The site is being hit by a bot running from a Linode service looking for exploits:
I set up a rule to block out that IP and both sent a mail to Linode and visited their support IRC, where I got the following great advice:
Code:
li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?order='%2bresponse.write(9512624*9773067)%2b'&page=12&platform%5b%5d=1&type%5b%5d=1 HTTP/1.1" 403 516 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?page=15&platform%5b%5d=1'%22()%26%25<ScRiPt%20>prompt(988739)</ScRiPt>&type%5b%5d=1 HTTP/1.1" 403 516 "http://www.pouet.net:80/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /search.php?page=4&type=user&what=WEB-INF/web.xml HTTP/1.1" 403 514 "http://www.pouet.net:80/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?page=29&platform%5b%5d=1&type%5b%5d=1 HTTP/1.1" 403 516 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"I set up a rule to block out that IP and both sent a mail to Linode and visited their support IRC, where I got the following great advice:
Code:
[17:06] <akerl> Gargaj: Welcome to the internetmaybe a few tweets about it will make them care to check it out
Their abuse department says they're on the case.
Quote:
Thank you for making us aware of this issue, I have gone ahead and relayed this complaint to our client. We will ensure that this matter is resolved.
...
They did respond, sure. The problem is that it takes 24h for them to deal with the case and it took 2-3h for whoever was running an exploit to run it. I wouldn't even have noticed if he wouldn't have hit the single-character-search bottleneck.
But then, I'm guessing the dude wasn't just running it on Pouet - if they were aiming at Pouet all they would've needed is to look at the source.
clicking the button to vote for the logos, and then logging in on the form I'm presented with leads me back to the front page instead of back to the logo-voting page.
yeah, looks like typical "clueless" scanning for vulnerabilities (not exploits). Even if you don't know that the source code is available, using typical vulnerability patterns for OGNL (or classic ASP?) and for Java Webapps is usually quite pointless if most URLs end with .php :)
scanning for reflected XSS may make some sense, but as it will exploit the users and not the server, I think it will require manual intervention to make a nice spam post from it.
I assume the guy ran Nikto (or similiar) on a list of URLs it got from crawling the web before, without really looking at what he was scanning - and probably he won't have been able to understand the results anyway.
Probably (if his scanning was deterministic enough or he tried often enough) it might have been hilarious to add some code to the page to handle that first OGNL pattern (i. e. write the result of the multiplication somewhere inside the page) - without actually evaluating the code, just check for regexp and parse out the two factors - and observe what happens (if it automatically tries something more evil, like a real exploit, or if it is really just plain Nikto or similar which will list the OGNL vuln (if it was that) in its report and that's it).
scanning for reflected XSS may make some sense, but as it will exploit the users and not the server, I think it will require manual intervention to make a nice spam post from it.
I assume the guy ran Nikto (or similiar) on a list of URLs it got from crawling the web before, without really looking at what he was scanning - and probably he won't have been able to understand the results anyway.
Probably (if his scanning was deterministic enough or he tried often enough) it might have been hilarious to add some code to the page to handle that first OGNL pattern (i. e. write the result of the multiplication somewhere inside the page) - without actually evaluating the code, just check for regexp and parse out the two factors - and observe what happens (if it automatically tries something more evil, like a real exploit, or if it is really just plain Nikto or similar which will list the OGNL vuln (if it was that) in its report and that's it).
An url like this:
Generates an odd space in the preview. I can't seem find out why, and it isn't allways the case. The example didn't pop up when I replaced the "-" with an "=" for example.
I ran into it when I posted this url : http://petapixel.com/2015/01/01/projector-brought-forest-turns-nature-glowing-wonderland/ in this prod http://www.pouet.net/prod.php?which=59107. I noticed the space in the word 'wonderland', right after the "o".
Here you can see the space, as seen in Chrome on a 64 bit windows:
Code:
[ url=- ]--------------------------------------------------------------------------------------------[ /url ]Generates an odd space in the preview. I can't seem find out why, and it isn't allways the case. The example didn't pop up when I replaced the "-" with an "=" for example.
I ran into it when I posted this url : http://petapixel.com/2015/01/01/projector-brought-forest-turns-nature-glowing-wonderland/ in this prod http://www.pouet.net/prod.php?which=59107. I noticed the space in the word 'wonderland', right after the "o".
Here you can see the space, as seen in Chrome on a 64 bit windows:
2 gifts for NY was born holywars, including insults:
http://www.pouet.net/prod.php?which=64839#c713658
is possible to add "Enhanced Spectrum" platform category or ban AloneCoder as provoker?
http://www.pouet.net/prod.php?which=64839#c713658
is possible to add "Enhanced Spectrum" platform category or ban AloneCoder as provoker?
I can fix Pouet. I can't fix people.
imho preventive fix would help.
Indeed, gifts has been created not for glops, only to congrats Scene.
Indeed, gifts has been created not for glops, only to congrats Scene.
I'm working on a solution but as you can imagine it's not as easy as it sounds.
anyway subdividing is a way to begin flamewar.
a person banned for provocations at zx.pk.ru.seems he is improving skill...
a person banned for provocations at zx.pk.ru.seems he is improving skill...
Quote:
subdividing is a way to begin flamewar.
Whut?
Quote:
Whut?
2 comments from AlCo:
http://www.pouet.net/prod.php?which=64839#c713511
http://www.pouet.net/prod.php?which=64770#c712928