EE PatronOct 30th 2013, 19:02:44
You also forgot about this incriminating string of posts to add to proof:
Mr. Copper
1. http://forums.earthempires.com/...z=um-boxcar-just-exploded
2. http://forums.earthempires.com/...7,%2019:50&z=wow-pang
Member
Posts: 78 Apr 14th 2013, 22:58:14
wow Pang. Your coding is just epic...
www-data with blank password for your DB calls huh? That's really smart.
Can you point me in the direction of your phpmyadmin login so I can view all of boxcar and possibly more?
Qzjul, get pang to fix this crap before your whole server gets compromised.
Mr. Copper
Member
Posts: 78 Apr 14th 2013, 22:59:02
PS it appears pang learned nothing about security from the TC/hanlong stuff...
Mr. Copper
Member
Posts: 78 Apr 14th 2013, 23:14:40
that can also happen if the DB is down LI. But yes I spoke to QZ and apparently pang's code makes random calls to this user but there is no www-data in the database.
Mr. Copper
Member
Posts: 78 Apr 16th 2013, 2:22:01
lol yep crying wolf. Mysql generates errors about www-data getting access denied when it gets in the mood right?
Pang if you'll sign a hold-harmless I'll show you EVERYTHING wrong with boxcar.
Put up or shutup.
[quote poster=discharged; 24089; 446111]Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/pangaea/boxcar/portal/lib/db_fns.php on line 11
[/quote]
As I said, mysql is known for making up fake authentication attempts. That's what I hear at atleast...
I can't believe you do this for a living, no wonder my job security is through the roof ha
PS pang, in case you were wondering the call to www-data@localhost is in the db_fns.php file on line 11...
No, you shutup ;)
PPS Hey Pang since you locked this so you wouldn't look bad I'll write here. I never stated that this was your user, I stated there was a call to this user in your code on line 11. McDonald's actually has quite a good information security department but I don't work there, sorry but good try ;). Your code is likely full of plenty of fun easter eggs like the one found above. That's probably why you don't want it tested...
http://forums.earthempires.com/...7,%2019:50&z=wow-pang
Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:07:51
Ok so lets clear the air.
1) I have brought issues up NUMEROUS times to pang and volunteered my time on numerous occasions to help make boxcar more secure and have been met with nothing but arrogance from Pang.
2) I have spoken with Qz on number of times and have worked with him to help test and remediate some other findings. These I have no reason to bring to light because Qz was very receptive and appreciate my help and feedback. I have also explained some of the issues with Boxcar to Qz and he shared with me his plans to try and move the application to a VM to mitigate the risks it brings to Earth Empires.
3) ninomachi, since you work in the field I'd be glad to share with you what I found and the areas of risk with in boxcar. Requiem, sorry it appears that I was trying to be a fluff but you don't know the while story. If you are interested in knowing more and want me to prove I'm not "full of fluff" find me on IRC or send me a PM.
Lastly, I did not start that thread, I merely posted in it and maybe I was a bit abrasive. I apologize for that but it is very frustrating that a site that this game relies on is so poorly coded and has an admin that is so arrogant and blindly confident in his application security that he won't even look at evidence that is put right in front of him.
iScode - Thanks man, I was going to let it go but I I completely agree with your statements on how he abused his power by closing a thread that he didn't want to have to answer.
Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:30:35
I don't know what you're referring to pang. I approached you numerous times as a volunteer.
What do you think I'm "streching"? You really still don't believe there are ANY issues with boxcar whatsoever?
This community in general? That's a pretty unsubstantiated statement.
archaic - shh, no one is talking to you. Go back to trolling requiem :)
Mr. Copper
1. http://forums.earthempires.com/...z=um-boxcar-just-exploded
2. http://forums.earthempires.com/...7,%2019:50&z=wow-pang
Member
Posts: 78 Apr 14th 2013, 22:58:14
wow Pang. Your coding is just epic...
www-data with blank password for your DB calls huh? That's really smart.
Can you point me in the direction of your phpmyadmin login so I can view all of boxcar and possibly more?
Qzjul, get pang to fix this crap before your whole server gets compromised.
Mr. Copper
Member
Posts: 78 Apr 14th 2013, 22:59:02
PS it appears pang learned nothing about security from the TC/hanlong stuff...
Mr. Copper
Member
Posts: 78 Apr 14th 2013, 23:14:40
that can also happen if the DB is down LI. But yes I spoke to QZ and apparently pang's code makes random calls to this user but there is no www-data in the database.
Mr. Copper
Member
Posts: 78 Apr 16th 2013, 2:22:01
lol yep crying wolf. Mysql generates errors about www-data getting access denied when it gets in the mood right?
Pang if you'll sign a hold-harmless I'll show you EVERYTHING wrong with boxcar.
Put up or shutup.
[quote poster=discharged; 24089; 446111]Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/pangaea/boxcar/portal/lib/db_fns.php on line 11
[/quote]
As I said, mysql is known for making up fake authentication attempts. That's what I hear at atleast...
I can't believe you do this for a living, no wonder my job security is through the roof ha
PS pang, in case you were wondering the call to www-data@localhost is in the db_fns.php file on line 11...
No, you shutup ;)
PPS Hey Pang since you locked this so you wouldn't look bad I'll write here. I never stated that this was your user, I stated there was a call to this user in your code on line 11. McDonald's actually has quite a good information security department but I don't work there, sorry but good try ;). Your code is likely full of plenty of fun easter eggs like the one found above. That's probably why you don't want it tested...
http://forums.earthempires.com/...7,%2019:50&z=wow-pang
Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:07:51
Ok so lets clear the air.
1) I have brought issues up NUMEROUS times to pang and volunteered my time on numerous occasions to help make boxcar more secure and have been met with nothing but arrogance from Pang.
2) I have spoken with Qz on number of times and have worked with him to help test and remediate some other findings. These I have no reason to bring to light because Qz was very receptive and appreciate my help and feedback. I have also explained some of the issues with Boxcar to Qz and he shared with me his plans to try and move the application to a VM to mitigate the risks it brings to Earth Empires.
3) ninomachi, since you work in the field I'd be glad to share with you what I found and the areas of risk with in boxcar. Requiem, sorry it appears that I was trying to be a fluff but you don't know the while story. If you are interested in knowing more and want me to prove I'm not "full of fluff" find me on IRC or send me a PM.
Lastly, I did not start that thread, I merely posted in it and maybe I was a bit abrasive. I apologize for that but it is very frustrating that a site that this game relies on is so poorly coded and has an admin that is so arrogant and blindly confident in his application security that he won't even look at evidence that is put right in front of him.
iScode - Thanks man, I was going to let it go but I I completely agree with your statements on how he abused his power by closing a thread that he didn't want to have to answer.
Mr. Copper
Member
Posts: 78 Apr 17th 2013, 1:30:35
I don't know what you're referring to pang. I approached you numerous times as a volunteer.
What do you think I'm "streching"? You really still don't believe there are ANY issues with boxcar whatsoever?
This community in general? That's a pretty unsubstantiated statement.
archaic - shh, no one is talking to you. Go back to trolling requiem :)