fix me beautifull
category: general [glöplog]
soundtrack for this
I've just detected a problem with network - ntw group . the official date for the group is on summer 1996, all previous C64 releases listed must be from another group.
Spice's release party is Gelloween 1994 and I'd guess there wasn't any Gelloween party in 2004.
how do I add a youtube link to a prod ?
the prod: http://pouet.net/prod.php?which=50467
the youtube link: http://fr.youtube.com/watch?v=hweRZ0sFE9E
the prod: http://pouet.net/prod.php?which=50467
the youtube link: http://fr.youtube.com/watch?v=hweRZ0sFE9E
prod http://www.pouet.net/prod.php?which=9663
correct link http://scene.org/file.php?file=%2Fmags%2Fberet%2Fberet_4.lha
prod http://www.pouet.net/prod.php?which=5937
correct link http://scene.org/file.php?file=%2Fmags%2Fberet%2Fberet1.lha
please scrap old screenshots, i will add better ones.
correct link http://scene.org/file.php?file=%2Fmags%2Fberet%2Fberet_4.lha
prod http://www.pouet.net/prod.php?which=5937
correct link http://scene.org/file.php?file=%2Fmags%2Fberet%2Fberet1.lha
please scrap old screenshots, i will add better ones.
http://pouet.net/prodlist.php?order=&page=1977&order=&x=18&y=12
Looks like there is a bug in the page list at the bottom... pages 1977 > 2080 are empty ???
Looks like there is a bug in the page list at the bottom... pages 1977 > 2080 are empty ???
The Real SVGA
100h mode "100h mode" is only a file name, not intro name.
The same intro released in 2 different archives. First one has fucked up screenshot and some retarded comments, second one has source included. I would remove first one, change second's name and upload better screenshot.
100h mode "100h mode" is only a file name, not intro name.
The same intro released in 2 different archives. First one has fucked up screenshot and some retarded comments, second one has source included. I would remove first one, change second's name and upload better screenshot.
8 Shades of Black has wrong YouTube links, and these last eight links should be moved to Crackers Demo 4 instead.
The real 8 Shades of Black are one and two.
The real 8 Shades of Black are one and two.
Aren't these three basically the same group?
PC
PC/Antitrax 2010
Antitrax 2010
At least one dupe (haven't checked it out myself, but it seems quite obvious):
dupe of in 80 days..
Thanks for fixing.
PC
PC/Antitrax 2010
Antitrax 2010
At least one dupe (haven't checked it out myself, but it seems quite obvious):
dupe of in 80 days..
Thanks for fixing.
System Of Sound #001 is actually released in the "Beach Party" DEMO Competition.
However results for this competition will not be in until mid-june.
Look out for more Beach Party Demo comp. releases in the next couple of weeks.
However results for this competition will not be in until mid-june.
Look out for more Beach Party Demo comp. releases in the next couple of weeks.
There's a youtube version available for:The Key To Success
and soundtracks as follows:
mp3 recording of Alice Copper
mp3 recording of Finnmark
mp3 recording of Psylteflesk
mp3 recording of Rapo Diablo
and soundtracks as follows:
mp3 recording of Alice Copper
mp3 recording of Finnmark
mp3 recording of Psylteflesk
mp3 recording of Rapo Diablo
for clearance sake, what happened with that password hack lately? do i\we have to worry about or not? tnx
rmeht: There was a SQL injection hole in the SceneID authentication module (of the getUserInfo call, userID was not checked to be really a number - I did not check any other calls so there might be still dragons hidden in other calls) which would have allowed an advisory (an "outsider" like me *g*) to download a list of all password hashes (in fact, all data in that scene.org mysql database) or to log on as any of those users (by just knowing the password hash).
I did not download all the password hashes, just tried to logon some users until I found one who has access to the admin panel of scene.org and have a look at it (I did not change anything there). And I tried to crack analogues password (from the password hash I got first but who did not have enough privs for the admin panel) where I succeeded. I did not keep any of the data/hashes except what ended up in my browser cache and history of course.
Then I wrote that two oneliners that got the thing rolling (one from pouet.net with analogue's password and one from pouet.scene.org with the hijacked logon session).
Of course, you cannot be sure that I was the first guy finding that hole (I have no idea how old it is since dev.scene.org is not secured by sceneid but by htaccess), so if you want to be careful, better change your password.
I mainly did it out of curiosity how far I might come and was surprised myself when I succeeded. Might be also caused by the last email from analogue who told me that the last hole I reported has been fixed, but I just found the same hole in a "very similar" page the day after so I got the impression that scene.org admins (I did not know at that point that analogue was not one of them) do not really care about security. As pouet may not access passwords, it is indeed no real issue, but it can get one by exploiting the sceneid login thingy.
As far as I can see, the problem has been solved by disabling the sceneid "test" account (so that logon with just the hash and without password is no longer possible for "outsiders") and by deleting sessions (so that the "evil sessions" got logged out). I don't know if the real sql injection is still present but I think it isn't. If it was, anyone who operates a site authenticating against sceneid might still exploit it, but no outsiders any longer (as long as no one cracks one of the portal passwords which I did not find in the DB so they are possibly hardcoded in the code).
I want to say sorry to all of those affected by that; if I unintentionally caused any monetary damage, i will try to do my best to replace it. And I can promise you that I will not do something like this again.
mihi
I did not download all the password hashes, just tried to logon some users until I found one who has access to the admin panel of scene.org and have a look at it (I did not change anything there). And I tried to crack analogues password (from the password hash I got first but who did not have enough privs for the admin panel) where I succeeded. I did not keep any of the data/hashes except what ended up in my browser cache and history of course.
Then I wrote that two oneliners that got the thing rolling (one from pouet.net with analogue's password and one from pouet.scene.org with the hijacked logon session).
Of course, you cannot be sure that I was the first guy finding that hole (I have no idea how old it is since dev.scene.org is not secured by sceneid but by htaccess), so if you want to be careful, better change your password.
I mainly did it out of curiosity how far I might come and was surprised myself when I succeeded. Might be also caused by the last email from analogue who told me that the last hole I reported has been fixed, but I just found the same hole in a "very similar" page the day after so I got the impression that scene.org admins (I did not know at that point that analogue was not one of them) do not really care about security. As pouet may not access passwords, it is indeed no real issue, but it can get one by exploiting the sceneid login thingy.
As far as I can see, the problem has been solved by disabling the sceneid "test" account (so that logon with just the hash and without password is no longer possible for "outsiders") and by deleting sessions (so that the "evil sessions" got logged out). I don't know if the real sql injection is still present but I think it isn't. If it was, anyone who operates a site authenticating against sceneid might still exploit it, but no outsiders any longer (as long as no one cracks one of the portal passwords which I did not find in the DB so they are possibly hardcoded in the code).
I want to say sorry to all of those affected by that; if I unintentionally caused any monetary damage, i will try to do my best to replace it. And I can promise you that I will not do something like this again.
mihi
This one is a stand-alone MP3 and thus has little to do in Pouët (IMHO).
mihi: no harm done. thanks for the wake up call.