Latest Announcemnent
New thread
Status
Not open for further replies.
Anybody not using php 5 is crazy.. infact anyone still using php4 is very crazy...

But yes i klnow you have your own ddl script, i was more refering to the pthers but a bit of advice here and there from somebody with experience never hurts.

I personally intend to use this for a while and make a few mods, so i am all up for helping in anyway i can as it will benefit me too. I have already made a couple of small mods, one seriously improves performace. Just need to find a skinner and i am set.
 
Well darn :(

Ok @ deviance on some servers i have it compiled with php4 + php5 and enhanced the security on both of them :)

The reason as to why i think it is blocking it is because of mycrypt i dont fully understand it yet but by the looks of it it looks like its checking bytes by 29 and 36 or 30 if you run a script and it doesnt compare to those it does not execute

by using ../../../../ it will block it but if we encode you can try and use

%20/% followed by the /etc/passwd


Thats just a theory if we take a look at how the transversial is even executing we can look here

If we tried to inject this code onto ?wwwRoot it would not work why? beacuse wwwRoot is basically a addon to the variables to config.php killthread.php and basedir so if executing a load o f include functions of config / killthread was not found

But in the variable baseDir it connects all the variables together making it the big guy

Code: 
$baseDir = substr($wwwRoot, 0, ##BASEDIR##);
    require($baseDir . 'funcs.inc');
    require($baseDir . 'config.php');


Any other ideas can be great i will be testing this script for javascript injection and other stuff later on today
 
Keep in mind, you are all testing the first release of this script, which was appropriately called a "beta" release.

Also, my reply states, and I quote again

Code: 
"This exploit for misconfigured servers 
has been removed in the latest release of this script."

so I admitted that the script indeed had an exploit for misconfigured servers, but was already addressed prior to this post, and fixed. Why then, JmZ, do you keep harping about it? Go away man, seriously.

JmZ said:
I love it when I get quoted so many times.
Click to expand...
I love quoting you JmZ because you only make yourself out to look like a damn fool with each reply, and, it re-iterates your lack of respect, lack of dignity, and especially your shameless arrogance, as pointed out by this last quote. I'm sure you will reply again, this time with love and respect and genuine heart-felt assistance (yeah right)... hey JmZ, do me a favour again and hover your mouse cursor over this smiley <_<
 
I'm simply pointing out facts, it is you who tries to turn it personal (and doesn't succeed, ever).

Maybe one day you should listen to my posts and notice that it really does contain quite a few exploits. If you understand that and recognise it as a fact, you can have your coder(s) check the code.
 
JmZ said:
I'm simply pointing out facts, it is you who tries to turn it personal (and doesn't succeed, ever).

Maybe one day you should listen to my posts and notice that it really does contain quite a few exploits. If you understand that and recognise it as a fact, you can have your coder(s) check the code.
Click to expand...

Here, let me repeat myself the third time, and perhaps I should use the big, colour coded letters, because it seems you keep missing it.

Code: 
Keep in mind, you are all testing the first release of 
this script, which was appropriately called a "beta" 
release.
 
Also, my reply states, and I quote again
 
Code:
"This exploit for misconfigured servers has been removed 
in the latest release of this script."
so I admitted that the script indeed had an exploit for 
misconfigured servers, but was already addressed prior to 
this post, and fixed. Why then, JmZ, do you keep harping 
about it? Go away man, seriously.

Hey JmZ, here's an idea, bring it up again, how the first release has exploits and harp your ass off about it all over again, I'm sure you planned on it as usual. Hey Jmz do me a favour again and hover your mouse cursor over this smiley <_<
 
Yes I see, it's a beta. But is it not true that the reason in having a beta is to fix bugs and vulnerabilities? Yet you seem to completely ignore my "tips" to you.
 
Well he's not the coder so that wouldn't be very useful lol.

Anyway, I made my point, he can take the hint or not. All im saying is the script contains exploits. Yes it's a beta but the point in that is to learn where the vulns are, so go do that.
 
JmZ said:
Well he's not the coder so that wouldn't be very useful lol.

Anyway, I made my point, he can take the hint or not. All im saying is the script contains exploits. Yes it's a beta but the point in that is to learn where the vulns are, so go do that.
Click to expand...

JmZ said:
Yes I see, it's a beta. But is it not true that the reason in having a beta is to fix bugs and vulnerabilities? Yet you seem to completely ignore my "tips" to you.
Click to expand...

God damn. How many times are you going to keep bringing up the same stupid crap. What an idiot. Get this through you thick, ignorant skull:

The exploit in the beta version has been addressed and fixed, prior to the report, so there is no vulnerability or exploit in the new release.

I made the letters big enough, JmZ, because you didn't catch it the first 5 times I REPEATED myself, so maybe this time, you will see it and read it and comprehend it (somehow, I doubt it though).
 
Could we keep the JmZ - Little Dragon skirmished out of these topics. They are getting boring now and you're only going in circles.

How about you guys both ignore each other (pretend the other person doesn't exist).
 
Exploits.

Meaning you fixed one of many. Anyway im done i dont want to turn this into a posting spree.

To everyone else, I apologise if it seems like im trying to stir things up here but im not. Just trying to point things out.
 
Going right off topic now.....

Anyway personally i think propz for this script... I been out the warez scene for a couple of years and last time i tried to build a ddl site (around 2007) there was NOTHING, just that crappy pack of 24 ddl shit site coded by some monkey POS style scripts.

In the end i found a old 0-day beta script that had not been completed, didn't even have a submit page.. and turned it into the script some of you may know as EViLDDL 1.0.3 (www.hotscripts.com/listing/evilddl-top-site/) which i gave up on after the forums were hacked (i wonder why) and had other things to do, but the script was a POS but was then better than the competition as there was NONE and the script got a lot of interest and done well on hotscripts etc... the domain i used for the support forums (evilddl.info) got to PR2 in a month. But back then i didn't really understand the DDL scene and the script was going in the wrong direction anyway, i should of made it compatible with the generic ddl methods.

Then i came back this year after doing a lot of legit work and getting some funds again, i tried WCDDL and no offence JmZ but was not impressed, its totally un-user friendly, comes with a shit style that i find hard to mod as i am crap with html/css/ps, and it may be secure but IMO thats cos there is only a few small pages to secure??? I would probably create more holes than little dragon if i was to try and get it to the level of DDL CMS, so i am not gonna bother. If i was good and fast enough at php and html/css to mod your script up, phuk it i would just make my own instead and be completely unique.

But yeah, i have a few years of php experience and would love to see a n00bie do anything decent with WCDDL. And i honestly don't have time... I just wanna set up site (done), fill it with 10,000+ downloads (done), and get a nice custom skin (pending). You make a script that has as many features and is as user friendly as DDL CMS, but is as tight and secure as WCDDL and you will win me over, until then.... YOU FAiL.

I am not trying to argue these are just my honest views on the ddl script scene.
 
JmZ said:
Anyway im done
Click to expand...
Finally! Good riddance!

JmZ said:
i dont want to turn this into a posting spree.
Click to expand...
Yeah, ok, too late for that one. But thanks for pointing out that it was a "posting spree".

@ Yais: I can't exactly ignore him when he keeps saying the same thing over and over again, which makes my script (DDLCMS) look bad, which is obviously his only intent. He keeps coming back to shoot his mouth off to bash DDLCMS, it's my duty to keep coming back and clear up the fact that the exploit from the initial release (which was only a problem for incorrectly configured servers), was fixed. I can't be any clearer.

JmZ said:
Exploits.

Meaning you fixed one of many....

To everyone else, I apologise if it seems like im trying to stir things up here but im not. Just trying to point things out.
Click to expand...

What's with this guy? Stop trying to "point things out" -- as you've over-done it, like 20 times too many. Stop wasting mine and everyone elses time. I don't like your script -- you don't see me gong on your threads, hijacking them, acting like a damn fool and pretending to be "pointing things out" repeatedly, do you? No, because I understand that in life, and to all you come into contact with, the most important thing is respect (something you have none of). <_<

DEViANCE, thanks for the words, I pretty much went through the same situation as yourself, almost the exact same. Since nothing was available that was good enough, I started this project.

To all who have given me comments, suggestions, feature requests, and bug reports, I thank you, and as I've said before, all of those feature reqeusts have been implemeted into the new release, which will totally rock. It's a script that has taken into account what DDL webmasters have wanted and asked for, and even more to boot (like the katz and phaze friendly submit pages) ;)

It's gonna turn out great and I owe a lot to this community here! Thanks to all!
 
DEViANCE, thanks for the words, I pretty much went through the same situation as yourself, almost the exact same. Since nothing was available that was good enough, I started this project.

To all who have given me comments, suggestions, feature requests, and bug reports, I thank you, and as I've said before, all of those feature reqeusts have been implemeted into the new release, which will totally rock. It's a script that has taken into account what DDL webmasters have wanted and asked for, and even more to boot (like the katz and phaze friendly submit pages) ;)

It's gonna turn out great and I owe a lot to this community here! Thanks to all!
Click to expand...
I will be here till the bitter end, making the odd mod and using the script, and repoorting a LOT of bugs, small or not, but also will help fixing them... there is no point me contuing with EViLDDL SCRIPT, despite that fact i deface (http://bigtitlibrary.com/) every site using it once a month for fun and any idiot could do the same, its rubbish and was a quick fix for my urge to build a site like hellddl.. this script has all i need and only small things to fix, the html is phucked i have spent hours already adding quotes you missed and other stuff to try and get it closer to valididity but its gonna be a lot of work...

The reason i mention this is cos having valid pages and css really makes a difference when it comes to seo.. maybe not with smaller search engines but with google for sure....

I am more interested in organic traffic as ddl sites and toplists just seem to send leechers that would probably steal your handbag let alone buy a subscription to sharing zone LOL :)
 
DEViANCE said:
Then i came back this year after doing a lot of legit work and getting some funds again, i tried WCDDL and no offence JmZ but was not impressed, its totally un-user friendly, comes with a shit style that i find hard to mod as i am crap with html/css/ps, and it may be secure but IMO thats cos there is only a few small pages to secure??? I would probably create more holes than little dragon if i was to try and get it to the level of DDL CMS, so i am not gonna bother. If i was good and fast enough at php and html/css to mod your script up, phuk it i would just make my own instead and be completely unique.
Click to expand...

just want to point out this is the point of his script, he doesn't want everyone and their brother using the script just to have a ddl site

now not saying ddlcms is bad in anyway :)
 
Ahhhh i get it.... selfish.

Well you will get nowhere with that attitude.. whats the problem with loads of ddl sites, the better ones will be great and the others who don't add even more mods and uniqueness will FAiL.

Why should we start modding from such a simple base, when we casn start modding from a feature packed basae.. im speaking from my own webmaster point of view here.. this is what went through my mind... at this rate WCDDL is goona fail or end up like some strange cult following where only brainwashed people follow it hahahahahahah *giggles*

more sites = more sites to exchange with = more linkbacks = more traffic = more money = :)
 
DEViANCE said:
Ahhhh i get it.... selfish.

Well you will get nowhere with that attitude.. whats the problem with loads of ddl sites, the better ones will be great and the others who don't add even more mods and uniqueness will FAiL.

Why should we start modding from such a simple base, when we casn start modding from a feature packed basae.. im speaking from my own webmaster point of view here.. this is what went through my mind... at this rate WCDDL is goona fail or end up like some strange cult following where only brainwashed people follow it hahahahahahah *giggles*

more sites = more sites to exchange with = more linkbacks = more traffic = more money = :)
Click to expand...
You need to realise that not everyone has the same opinion. Also, guys for love of god, stop arguing. If you like DDLCMS, use DDLCMS, if you like WCDDL, use WCDDL. Solved.
 
Status
Not open for further replies.
Back
Top