pouët.net

fix me beautifull

category: general [glöplog]
I've just detected a problem with network - ntw group . the official date for the group is on summer 1996, all previous C64 releases listed must be from another group.
added on the 2008-04-28 22:47:23 by winden winden
added on the 2008-04-28 23:01:15 by psenough psenough
Spice's release party is Gelloween 1994 and I'd guess there wasn't any Gelloween party in 2004.
added on the 2008-04-29 22:34:49 by zefyros zefyros
how do I add a youtube link to a prod ?
the prod: http://pouet.net/prod.php?which=50467
the youtube link: http://fr.youtube.com/watch?v=hweRZ0sFE9E
added on the 2008-04-29 23:36:25 by Orion_ Orion_
youtube for this prod thanks kisses
added on the 2008-04-30 00:55:50 by rmeht rmeht
added on the 2008-04-30 04:44:16 by psenough psenough
http://pouet.net/prod.php?which=50463

It's Overwiev#6, not #4.
added on the 2008-04-30 07:02:04 by kempy kempy
added on the 2008-04-30 07:10:18 by psenough psenough
http://pouet.net/prodlist.php?order=&page=1977&order=&x=18&y=12
Looks like there is a bug in the page list at the bottom... pages 1977 > 2080 are empty ???
The Real SVGA
100h mode "100h mode" is only a file name, not intro name.

The same intro released in 2 different archives. First one has fucked up screenshot and some retarded comments, second one has source included. I would remove first one, change second's name and upload better screenshot.
added on the 2008-05-01 20:02:03 by Pirx Pirx
8 Shades of Black has wrong YouTube links, and these last eight links should be moved to Crackers Demo 4 instead.
The real 8 Shades of Black are one and two.
added on the 2008-05-01 23:38:31 by Luca/FIRE Luca/FIRE
Aren't these three basically the same group?
PC
PC/Antitrax 2010
Antitrax 2010

At least one dupe (haven't checked it out myself, but it seems quite obvious):
dupe of in 80 days..

Thanks for fixing.
added on the 2008-05-02 18:17:42 by zefyros zefyros
System Of Sound #001 is actually released in the "Beach Party" DEMO Competition.

However results for this competition will not be in until mid-june.

Look out for more Beach Party Demo comp. releases in the next couple of weeks.
There's a youtube version available for:The Key To Success

and soundtracks as follows:

mp3 recording of Alice Copper

mp3 recording of Finnmark

mp3 recording of Psylteflesk

mp3 recording of Rapo Diablo
added on the 2008-05-03 17:53:19 by d0DgE d0DgE
for clearance sake, what happened with that password hack lately? do i\we have to worry about or not? tnx
added on the 2008-05-03 21:07:54 by rmeht rmeht
rmeht: There was a SQL injection hole in the SceneID authentication module (of the getUserInfo call, userID was not checked to be really a number - I did not check any other calls so there might be still dragons hidden in other calls) which would have allowed an advisory (an "outsider" like me *g*) to download a list of all password hashes (in fact, all data in that scene.org mysql database) or to log on as any of those users (by just knowing the password hash).

I did not download all the password hashes, just tried to logon some users until I found one who has access to the admin panel of scene.org and have a look at it (I did not change anything there). And I tried to crack analogues password (from the password hash I got first but who did not have enough privs for the admin panel) where I succeeded. I did not keep any of the data/hashes except what ended up in my browser cache and history of course.

Then I wrote that two oneliners that got the thing rolling (one from pouet.net with analogue's password and one from pouet.scene.org with the hijacked logon session).

Of course, you cannot be sure that I was the first guy finding that hole (I have no idea how old it is since dev.scene.org is not secured by sceneid but by htaccess), so if you want to be careful, better change your password.

I mainly did it out of curiosity how far I might come and was surprised myself when I succeeded. Might be also caused by the last email from analogue who told me that the last hole I reported has been fixed, but I just found the same hole in a "very similar" page the day after so I got the impression that scene.org admins (I did not know at that point that analogue was not one of them) do not really care about security. As pouet may not access passwords, it is indeed no real issue, but it can get one by exploiting the sceneid login thingy.


As far as I can see, the problem has been solved by disabling the sceneid "test" account (so that logon with just the hash and without password is no longer possible for "outsiders") and by deleting sessions (so that the "evil sessions" got logged out). I don't know if the real sql injection is still present but I think it isn't. If it was, anyone who operates a site authenticating against sceneid might still exploit it, but no outsiders any longer (as long as no one cracks one of the portal passwords which I did not find in the DB so they are possibly hardcoded in the code).

I want to say sorry to all of those affected by that; if I unintentionally caused any monetary damage, i will try to do my best to replace it. And I can promise you that I will not do something like this again.

mihi
added on the 2008-05-03 22:55:19 by mihi mihi
This one is a stand-alone MP3 and thus has little to do in Pouët (IMHO).
added on the 2008-05-04 01:20:26 by stage7 stage7
mihi: no harm done. thanks for the wake up call.
added on the 2008-05-04 12:41:16 by psenough psenough

login