Leaky two gigas, or how Hindus implement TK in Chinese
The whole 2012 is declared the year of DropBox, and events with the latter take place a little less often than rallies in Moscow. Perhaps it is somehow connected, who knows. But here is the next distribution of freebies that our Habrovians have found. At one in the morning, 20 thousand red-haired Habravchan climbed up to see who and how distributes the cloud in chunks of 2 gigabytes each. What a sin to conceal - I also climbed. Curiosity, however.
What dug - under a habrokat.
Naturally, the first thing I discovered was the usual input field for mail. With a small standard character check. And the check was only on the client side. In addition to the field with mail and submission form did not transmit anything. In addition, the results of the form processing turned out to be a regular page, without a redirect. What a noob, I thought, and pressed F5 . A second promo code arrived at the post office. Slightly ofigev, and having estimated that it would be quickly covered up, he shook the desired button a little more and it was useful to look at what happened to the codes. All codes consist of 12 characters. It is practically impossible to select them by search, although the people try. They say rolls.
The war with the Chinese began at 4-5 in the morning. To begin with, they asked the Indians to check that the field in which the telephone number is indicated is not empty. Reference /3DropBox/3DropBox_Registration.do?lang=eng&Mobile= which the topstarter prepared in advance, stopped giving the promotional code. But like everything written by Hindus, it was completely broken, and it was solved with one quotation mark . Naroliv a couple of codes on the link with a quotation mark, I hid and waited. The search of telephone numbers through the substitution of digits into the request was postponed by a small script for a couple of hours.
')
At this time, most of the people came across an impassable defense of the Indians and flowed into the chat, the link to which was still kindly provided by the top-starter.
In the chat codes scattered like hot cakes, the real struggle unfolded in which the fastest won. After some time, the codes began to be slightly encoded before the stuffing, it even reached small quests ...
At this time, the Indians propose to limit the traffic to the script only by Chinese IPs, and (hurray) they pin a normal check on the phone number. But, unfortunately, the form processing script still accepts as much as you like many times the correct request, and sends you a bunch of promotional codes. Having already distributed a decent amount of them in the chat, I share my catch with Habravchana and urge not to make such elementary mistakes.
1. Do not allow your scripts to process the same form twice. (the simplest captcha will be enough)
2. Do not forget to make an elementary redirect page immediately after processing the data.
3. Always remember that the Russians are ready to give any money just to get freebies.
And in order not to turn the topic into a warehouse, a couple more of the catch. I will slowly throw up the remnants of the chat gill. Here lichku not available.
sm6r-x9yk-ii8e
u8hq-jzed-wt5y
Have a nice day everyone!
What dug - under a habrokat.
bldt0.cfwiu2.8.
Naturally, the first thing I discovered was the usual input field for mail. With a small standard character check. And the check was only on the client side. In addition to the field with mail and submission form did not transmit anything. In addition, the results of the form processing turned out to be a regular page, without a redirect. What a noob, I thought, and pressed F5 . A second promo code arrived at the post office. Slightly ofigev, and having estimated that it would be quickly covered up, he shook the desired button a little more and it was useful to look at what happened to the codes. All codes consist of 12 characters. It is practically impossible to select them by search, although the people try. They say rolls.
c_6_t_d_h_m_g_o_n_4_i_s
The war with the Chinese began at 4-5 in the morning. To begin with, they asked the Indians to check that the field in which the telephone number is indicated is not empty. Reference /3DropBox/3DropBox_Registration.do?lang=eng&Mobile= which the topstarter prepared in advance, stopped giving the promotional code. But like everything written by Hindus, it was completely broken, and it was solved with one quotation mark . Naroliv a couple of codes on the link with a quotation mark, I hid and waited. The search of telephone numbers through the substitution of digits into the request was postponed by a small script for a couple of hours.
')
jsk 8 zzk 6 6 zux
At this time, most of the people came across an impassable defense of the Indians and flowed into the chat, the link to which was still kindly provided by the top-starter.
swh-3-2-2-mm-1-1-e-3-
In the chat codes scattered like hot cakes, the real struggle unfolded in which the fastest won. After some time, the codes began to be slightly encoded before the stuffing, it even reached small quests ...
_b13_z10_v9d_ip3_
At this time, the Indians propose to limit the traffic to the script only by Chinese IPs, and (hurray) they pin a normal check on the phone number. But, unfortunately, the form processing script still accepts as much as you like many times the correct request, and sends you a bunch of promotional codes. Having already distributed a decent amount of them in the chat, I share my catch with Habravchana and urge not to make such elementary mistakes.
1. Do not allow your scripts to process the same form twice. (the simplest captcha will be enough)
2. Do not forget to make an elementary redirect page immediately after processing the data.
3. Always remember that the Russians are ready to give any money just to get freebies.
And in order not to turn the topic into a warehouse, a couple more of the catch. I will slowly throw up the remnants of the chat gill. Here lichku not available.
sm6r-x9yk-ii8e
u8hq-jzed-wt5y
Have a nice day everyone!
Source: https://habr.com/ru/post/138362/
All Articles