Test (I was wondering if that worked)
A test of what you could do without being killed?
Somewhat. Anyway I was testing if IRC color codes worked in topic titles because on Omnimaga they did so the post bot showed them :trollface:
But obviously it needs to not fall under the wrong hands <_<
you should move it to savehacen so newbies dont find out about this... :P
(http://img.codewalr.us/permban.png)
Yeah the title is passed straight through to IRC by the bot. I don't think it's something worth bothering with. :P
Heh, I hadn't thought of it being possible to stick control characters in topics. With ^A, it may be possible to fool a bot into making arbitrary CTCPs (or mess up the CTCP /me's it's already trying to send). :P
testing for security leak
I remember back when Omni post bot was a SMF mod and had that exploit allowing me to post THE GAMEvia the bot <_<
SMF strips new lines so it should be pretty safe considering we prefix the title with some text.
Actually, the exploit I am talking about was basically this: The post notification was sent by running a PHP file with URL parameters. Anyone who knew the URL and required arguments could send any text from the post notifier at will by opening the file URL in their browser. That was somewhere in 2011, hence why I was a bit against making CW bot a PHP script at first. But as an admin, it was fun while it lasted :trollface: .
Lol, this is pretty aswome xD Reminds me of when Commisar Snektron was experimenting with sending colour codes via Minecraft chat. (Which didn't work)
I think they would only have worked on IRC and perhaps Omnom/WIRC. :P
Also, I remember having fun with ASCII art using background colors. I was posting Mario sprites, but then someone posted goatse of Homer Simpson in ASCII-art form (oh and don't google it if you're under 18 x.x)
was searching for "goatse of Homer Simpson" just out of curiosity (didnt know what I should expect so I just tried it).
Half of the results is stuff carved into pumpkins... O.O
I guess I misunderstood something as it's not my mother language ^^
That was my favorite one: :3
[spoiler](http://weknowmemes.com/wp-content/uploads/2011/10/pedobear-pumpkin-carving2.jpg)[/spoiler]
Quote from: DJ Omnimaga on October 21, 2016, 09:48:18 PM
Actually, the exploit I am talking about was basically this: The post notification was sent by running a PHP file with URL parameters. Anyone who knew the URL and required arguments could send any text from the post notifier at will by opening the file URL in their browser. That was somewhere in 2011, hence why I was a bit against making CW bot a PHP script at first. But as an admin, it was fun while it lasted :trollface: .
Technically that's what the bot does, but it only accepts connections from localhost. I sometimes make it say the game. :P
Quote from: Streetwalrus on October 23, 2016, 06:42:03 PM
Quote from: DJ Omnimaga on October 21, 2016, 09:48:18 PM
Actually, the exploit I am talking about was basically this: The post notification was sent by running a PHP file with URL parameters. Anyone who knew the URL and required arguments could send any text from the post notifier at will by opening the file URL in their browser. That was somewhere in 2011, hence why I was a bit against making CW bot a PHP script at first. But as an admin, it was fun while it lasted :trollface: .
Technically that's what the bot does, but it only accepts connections from localhost. I sometimes make it say the game. :P
Ah I see. At least it's kinda secure at least. And yes you made me lose often with it <_<
Quote from: p2 on October 23, 2016, 05:55:16 PM
was searching for "goatse of Homer Simpson" just out of curiosity (didnt know what I should expect so I just tried it).
Half of the results is stuff carved into pumpkins... O.O
I guess I misunderstood something as it's not my mother language ^^
That was my favorite one: :3
[spoiler](http://weknowmemes.com/wp-content/uploads/2011/10/pedobear-pumpkin-carving2.jpg)[/spoiler]
That is scary O.O. I guess it's a good thing, though, because what the shock site was is truly NSFW and 18+ content that is somewhat gruesome as well O.O
Quote from: Streetwalrus on October 23, 2016, 06:42:03 PM
Quote from: DJ Omnimaga on October 21, 2016, 09:48:18 PM
Actually, the exploit I am talking about was basically this: The post notification was sent by running a PHP file with URL parameters. Anyone who knew the URL and required arguments could send any text from the post notifier at will by opening the file URL in their browser. That was somewhere in 2011, hence why I was a bit against making CW bot a PHP script at first. But as an admin, it was fun while it lasted :trollface: .
Technically that's what the bot does, but it only accepts connections from localhost. I sometimes make it say the game. :P
Yeah, basically the exploit is there, the bot itself does not check who sent stuff to it, but it only accepts connections from localhost. So, basically, you'd need to be either have access to the server or abuse another exploit that would probably result in a CVE number being assigned to it.