Printable View
Bug, free credits:
Go to Send Credits.
Type in your name and -1 for the amount.
Should then say you know have 1 credit.
Go back to Send Credits.
Put your name and -1000000000.
You then get a billion credits.
I stumbled across it when I wanted to see if you could remove their credits by doing this.
Fix:
Somewhere on the sendcred.php page ;)PHP Code:if($amount = "-"){ echo("omg no wai h4x0rr!!11"); exit; }
Oooh.
Didnt see that =]
Ty mate =P
+REP if i can.
EDIT: Cant :|
No problems.
Just used it to really annoy TeenHabbo owner.
Might wanna release a security fix fast.
Only teenhabbo have it atm, and i uploaded it directly onto their server, so it should be fixed now?
Thanks again :)
Yup, can no longer expliot.
Okay if I keep on looking for stuff?
EDIT: You can actually make it seem like someone else is sending PMs. The sentfrom shouldn't be in a hidden form value, it should really be something on ?mode=sendit like $_SESSION['username'] or something. If you get what I mean? Because I could pose as C-Storm and spam PM you and you'd have a go at him, nice.
Fix: (on ?mode=sendit)
Rather than using a hidden form input. ;)PHP Code:$sentfrom = $_SESSION['username'];
No offence but the buttons look a bit non-styled... :(
Oooh.
I should hire you as bug tester tbh :P
I'll update that now =]
+ Topps, You mean the submit buttons? And do you have any suggestions how to improve?
I've had a look at it; and its quite nice.
Will it be possible to integrate into iframes etc.
Yes, The System is open source, so its very easy to integrate into your site.
It comes with the layout it has on TeenHabbo and you can use that if you dont want it integrated into the site :)
+ Forum almost done :)
Ooer, =)
Gl, wouldnt it be easier just having a plug in lol?