Overclock.net - An Overclocking Community - View Single Post - Did programming change the way you think?

View Single Post
post #55 of (permalink) Old 07-15-2008, 09:33 AM
Coma
New to Overclock.net
 
Coma's Avatar
 
Join Date: Jun 2007
Posts: 11,272
Rep: 760 (Unique: 559)
It caused me to think more analytically in general, and when looking at anything that has to do with programming I think about how it could be improved, and sometimes, I think whether this script has potential for an exploit.

I've actually found real exploits like this - for example, some WoW private servers use a system that reward voting on websites like xtremetop100.com.

You pick an item from a dropdown list, enter your character name, press a button - you're redirected to the voting website and the item is mailed to you.

The thing is that the person who wrote this script was trying to make it "flexible", so the item IDs are entered in the HTML form...

I looked up the PHP source just to make sure it really does it that way (just to save myself time in case it didn't), and woo. I'm surprised nobody's made the exploit public, since it's so simple.

You can get item IDs from websites like Thottbot and then just replace the IDs in the HTML form, and voila. You can even get GM items if you know one of the custom IDs.

When asking for help: state the goal, not the step.

Coma is offline