Finally got it working my way [message #183569] |
Fri, 01 November 2013 11:50  |
Mr Oldies
Messages: 241 Registered: October 2013
Karma: 0
|
Senior Member |
|
|
www.mroldies.net
Don't bitch to me about the gawd awful mess of javascript.
thats the way it came in the package.
I don't care. It works.
|
|
|
|
Re: Finally got it working my way [message #183583 is a reply to message #183570] |
Fri, 01 November 2013 16:33   |
Denis McMahon
Messages: 634 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 01 Nov 2013 07:54:35 -0400, richard wrote:
> On Fri, 1 Nov 2013 07:50:58 -0400, richard wrote:
>
>> www.mroldies.net
>>
>> Don't bitch to me about the gawd awful mess of javascript.
>> thats the way it came in the package.
>> I don't care. It works.
>
> I'll be damned.
> the messy thing actually frickin validates.
You're failing to validate your user input to ensure it complies with
expected values and handle out of range values suitably:
Could not successfully run query (SELECT id,
atitle,btitle,artist,label,avid FROM A1972 WHERE id<101) from DB: Table
'richbull_top100.A1972' doesn't exist
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
Re: Finally got it working my way [message #183587 is a reply to message #183583] |
Fri, 01 November 2013 17:01   |
Mr Oldies
Messages: 241 Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 1 Nov 2013 16:33:55 +0000 (UTC), Denis McMahon wrote:
> On Fri, 01 Nov 2013 07:54:35 -0400, richard wrote:
>
>> On Fri, 1 Nov 2013 07:50:58 -0400, richard wrote:
>>
>>> www.mroldies.net
>>>
>>> Don't bitch to me about the gawd awful mess of javascript.
>>> thats the way it came in the package.
>>> I don't care. It works.
>>
>> I'll be damned.
>> the messy thing actually frickin validates.
>
> You're failing to validate your user input to ensure it complies with
> expected values and handle out of range values suitably:
>
> Could not successfully run query (SELECT id,
> atitle,btitle,artist,label,avid FROM A1972 WHERE id<101) from DB: Table
> 'richbull_top100.A1972' doesn't exist
no shit sherlock.
furthermore, that code does not even exist on that page.
show me the exact page you used.
|
|
|
Re: Finally got it working my way [message #183588 is a reply to message #183583] |
Fri, 01 November 2013 17:04   |
Mr Oldies
Messages: 241 Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 1 Nov 2013 16:33:55 +0000 (UTC), Denis McMahon wrote:
> On Fri, 01 Nov 2013 07:54:35 -0400, richard wrote:
>
>> On Fri, 1 Nov 2013 07:50:58 -0400, richard wrote:
>>
>>> www.mroldies.net
>>>
>>> Don't bitch to me about the gawd awful mess of javascript.
>>> thats the way it came in the package.
>>> I don't care. It works.
>>
>> I'll be damned.
>> the messy thing actually frickin validates.
>
> You're failing to validate your user input to ensure it complies with
> expected values and handle out of range values suitably:
>
> Could not successfully run query (SELECT id,
> atitle,btitle,artist,label,avid FROM A1972 WHERE id<101) from DB: Table
> 'richbull_top100.A1972' doesn't exist
PS:
I also understand you are showing me that, that is a possibility.
|
|
|
Re: Finally got it working my way [message #183591 is a reply to message #183587] |
Fri, 01 November 2013 19:07   |
Denis McMahon
Messages: 634 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 01 Nov 2013 13:01:48 -0400, richard wrote:
> On Fri, 1 Nov 2013 16:33:55 +0000 (UTC), Denis McMahon wrote:
>
>> On Fri, 01 Nov 2013 07:54:35 -0400, richard wrote:
>>
>>> On Fri, 1 Nov 2013 07:50:58 -0400, richard wrote:
>>>
>>>> www.mroldies.net
>>>>
>>>> Don't bitch to me about the gawd awful mess of javascript.
>>>> thats the way it came in the package.
>>>> I don't care. It works.
>>>
>>> I'll be damned.
>>> the messy thing actually frickin validates.
>>
>> You're failing to validate your user input to ensure it complies with
>> expected values and handle out of range values suitably:
>>
>> Could not successfully run query (SELECT id,
>> atitle,btitle,artist,label,avid FROM A1972 WHERE id<101) from DB: Table
>> 'richbull_top100.A1972' doesn't exist
>
> no shit sherlock.
> furthermore, that code does not even exist on that page. show me the
> exact page you used.
I took one of the links on your page and hand edited it. This is the sort
of thing people will do to try and exploit any code errors in your
website.
If you understood the code you were using you should be able to tell from
looking at the error message I posted what I did and why it failed.
The lesson is this: Any data that your script receives as part of the
http request is susceptible to having been manipulated by external
parties with the malicious intent of exploiting bugs in the underlying
server software (php, apache, mysql) to hack your website. If you do not
perform suitable verification and validation of such data, your website
will eventually be hacked, and will then be subverted by criminals in
support of their criminal activities.
If I was an attacker, I would now know that the person who coded this
website did not properly validate and verify the request inputs. I
probably also know that there's php code and a mysql database behind the
website, and possibly that the coder used the deprecated php mysql_*
functions (that error message may be mysql_query specific). This could
mark the website as one that was worthy of further specific attacks aimed
at exploiting known bugs in either php or mysql.
This is how websites get hacked. We've been telling you this for years.
You've been ignoring us for years. We don't expect anything to change.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
Re: Finally got it working my way [message #183602 is a reply to message #183588] |
Sat, 02 November 2013 01:32   |
Scott Johnson
Messages: 196 Registered: January 2012
Karma: 0
|
Senior Member |
|
|
On 11/1/2013 10:04 AM, richard wrote:
> On Fri, 1 Nov 2013 16:33:55 +0000 (UTC), Denis McMahon wrote:
>
>> On Fri, 01 Nov 2013 07:54:35 -0400, richard wrote:
>>
>>> On Fri, 1 Nov 2013 07:50:58 -0400, richard wrote:
>>>
>>>> www.mroldies.net
>>>>
>>>> Don't bitch to me about the gawd awful mess of javascript.
>>>> thats the way it came in the package.
>>>> I don't care. It works.
>>>
>>> I'll be damned.
>>> the messy thing actually frickin validates.
>>
>> You're failing to validate your user input to ensure it complies with
>> expected values and handle out of range values suitably:
>>
>> Could not successfully run query (SELECT id,
>> atitle,btitle,artist,label,avid FROM A1972 WHERE id<101) from DB: Table
>> 'richbull_top100.A1972' doesn't exist
>
> PS:
> I also understand you are showing me that, that is a possibility.
>
The why be a jackass about it 3 minutes earlier?
Scotty
|
|
|
|
|
|
|
|
|
|
Re: Finally got it working my way [message #183619 is a reply to message #183618] |
Sat, 02 November 2013 22:57   |
Tim Streater
Messages: 328 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <fob03bcyiwuo$(dot)1ec0fisdr8i7q(dot)dlg(at)40tude(dot)net>, richard
<noreply(at)example(dot)com> wrote:
> On Sat, 02 Nov 2013 17:34:35 -0400, Norman Peelman wrote:
>
>> On 11/02/2013 11:39 AM, richard wrote:
>>> On Sat, 02 Nov 2013 08:27:22 -0400, Norman Peelman wrote:
>>>
>>>> On 11/01/2013 07:50 AM, richard wrote:
>>>> > www.mroldies.net
>>>> >
>>>> > Don't bitch to me about the gawd awful mess of javascript.
>>>> > thats the way it came in the package.
>>>> > I don't care. It works.
>>>> >
>>>>
>>>> What works? It doesn't play the song I'm choosing from the list...
>>>
>>> which one?
>>> what browser?
>>>
>>
>> When the page loads, the player loads the song at the top of the
>> list. I can play that song. If I choose another song from the list it
>> reloads the page with a new (different list) and loads the top (#1) song
>> (whatever it may be) into the player.
>
> What browser?
> There is nothing in the javascript that causes a reload.
> or you could have your browser set to open ALL links in a new page or
> something.
I'm not getting the reload (Safari 6.1), but how do I access anything
but the initial list that's there. If I select a year, that changes the
list in the bottom half of the page, but none of those is playable.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
Re: Finally got it working my way [message #183622 is a reply to message #183618] |
Sun, 03 November 2013 02:57   |
Norman Peelman
Messages: 126 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11/02/2013 06:45 PM, richard wrote:
> On Sat, 02 Nov 2013 17:34:35 -0400, Norman Peelman wrote:
>
>> On 11/02/2013 11:39 AM, richard wrote:
>>> On Sat, 02 Nov 2013 08:27:22 -0400, Norman Peelman wrote:
>>>
>>>> On 11/01/2013 07:50 AM, richard wrote:
>>>> > www.mroldies.net
>>>> >
>>>> > Don't bitch to me about the gawd awful mess of javascript.
>>>> > thats the way it came in the package.
>>>> > I don't care. It works.
>>>> >
>>>>
>>>> What works? It doesn't play the song I'm choosing from the list...
>>>
>>> which one?
>>> what browser?
>>>
>>
>> When the page loads, the player loads the song at the top of the
>> list. I can play that song. If I choose another song from the list it
>> reloads the page with a new (different list) and loads the top (#1) song
>> (whatever it may be) into the player.
>
> What browser?
> There is nothing in the javascript that causes a reload.
> or you could have your browser set to open ALL links in a new page or
> something.
>
Thunderbrowse (MOZILLA/Gecko), works in FF and Chrome though.
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|
Re: Finally got it working my way [message #183623 is a reply to message #183619] |
Sun, 03 November 2013 06:03  |
Mr Oldies
Messages: 241 Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Sat, 02 Nov 2013 22:57:21 +0000, Tim Streater wrote:
> In article <fob03bcyiwuo$(dot)1ec0fisdr8i7q(dot)dlg(at)40tude(dot)net>, richard
> <noreply(at)example(dot)com> wrote:
>
>> On Sat, 02 Nov 2013 17:34:35 -0400, Norman Peelman wrote:
>>
>>> On 11/02/2013 11:39 AM, richard wrote:
>>>> On Sat, 02 Nov 2013 08:27:22 -0400, Norman Peelman wrote:
>>>>
>>>> > On 11/01/2013 07:50 AM, richard wrote:
>>>> >> www.mroldies.net
>>>> >>
>>>> >> Don't bitch to me about the gawd awful mess of javascript.
>>>> >> thats the way it came in the package.
>>>> >> I don't care. It works.
>>>> >>
>>>> >
>>>> > What works? It doesn't play the song I'm choosing from the list...
>>>>
>>>> which one?
>>>> what browser?
>>>>
>>>
>>> When the page loads, the player loads the song at the top of the
>>> list. I can play that song. If I choose another song from the list it
>>> reloads the page with a new (different list) and loads the top (#1) song
>>> (whatever it may be) into the player.
>>
>> What browser?
>> There is nothing in the javascript that causes a reload.
>> or you could have your browser set to open ALL links in a new page or
>> something.
>
> I'm not getting the reload (Safari 6.1), but how do I access anything
> but the initial list that's there. If I select a year, that changes the
> list in the bottom half of the page, but none of those is playable.
That is correct.
I need to seperate the lists better.
If you take the initial list in the top section, note the year and number
of the first song.
Now click on that year in the lower part and you should find it listed in
the top 20 of that year.
That is how I based my play list. I took the top 20 songs for each year.
Search for "Billboard Magazine Top 100" and you should find hundreds of
sites with the same list.
|
|
|