pouët.net

the so complete pouët.net oneliner

• 2007-06-27
• 21:11 wtfkrabob: http://www.ugcs.caltech.edu/~wnoise/base2.html and http://www.jjj.de/bitwizardry/bitwizardrypage.html
• 2008-03-26
• 00:43 only lamers use dl managers that cannot resume a dl when the file is renamed on teh serv0r *g*
• 00:59 sparcus: yeah that would be interesting if that was possible - I don't know enough about zip to know if prefix(zipped(prefix(file))) is prefix(zipped(file)) for some nontrivial prefix :)
• 2008-04-12
• 13:55 Pouetry is for jazz musicians?
• 2008-05-02
• 22:54 fun with sql injection here: http://pouet.net/bbses.php?which=148%20and%201=0%20union%20select%200,version(), user(),0,0,database(),(select%20count(*)%20from%20users),char(0x72,0x75,0x6e),245 70 (added on the run by me)
• 23:04 el topo: the one you should not click was cross-site scripting, not sql injection (which is for spying on the pouet db)
• 2008-05-03
• 16:57 I did send an email to analogue, yes. Before "hacking" the site :)
• 17:20 Gargaj: sorry about that, did not know. the last one (to webmaster at pouet.net) was answered by analogue.
• 19:24 kb_: for the bug fix idea: just use intval before you pass an int verbatim into a sql query and you will be fine. and perhaps double-check scripts that use a full permission sql logon... changing the pwd of sql@localhost to something more secure might be
• 20:08 jftr: the only pwd i tried to bruteforce (by rainbow tables) was analogue's one (with success oops) but i told him already. no idea whoelse used the same hole before.
• 20:37 no. he may do it if he wants to, but i won't. (6 chars only lowercase+digits is just too weak nowadays)
• 21:07 you can still put md5(login+md5(pwd)) into the db if you want to as long as everyone authenticates via that sceneid.php
• 22:01 Gargaj: sure. But can you be sure that the hash is inaccessible (by what kind of adversary)?
• 23:00 gargaj: IBTD. The advisory might be privileged (e. g. he can walk into the datacenter and steal a hard disk, or get hold of an old backup tape). Or phpmyadmin behind htaccess.
• 23:02 http://thedailywtf.com/Articles/The-Super-Hacker.aspx
• 2008-05-13
• 22:08 class dismissed : public annoyance {} http://www.gnu.org/fun/jokes/declarations.html
• 2008-05-23
• 21:49 you cannot continue since you don't get a message if you type too much, and rob gets jarig if you try to "double-post"
• 2008-05-28
• 21:58 demos don't have pixels, they usually have triangles :)
• 2008-06-24
• 21:42 ‼
• 22:00 For some people, Unicode is everything that is not latin-1
• 2008-06-25
• 00:32 Joel on Unicode: http://www.joelonsoftware.com/articles/Unicode.html
• 2008-07-13
• 16:53 http://www.decodeunicode.org/en/u+534D/properties yes it is :)
• 2009-01-19
• 18:47 ### logo, people voting ###
• 2011-03-13
• 20:39 Captain: The world may now not make songs or people dancing to Unicode or BBCode in the onliner.
• 2011-06-14
• 20:26 http://www.maa.org/devlin/LockhartsLament.pdf