THEMES SHOP – REVENUE $1000+ Per Month-9028 Uniques-Site Sells Themes for Building Classifieds Sites

[​IMG]

Business Description

Our business is an online store that sells a digital product, ( a classifieds theme) which can be used to create a classifieds website similar to olx, gumtree etc…
Users browse our website and can check a demo of the product before ordering. everything is automated, users add the product required to the cart, and checkout using paypal or credit card, then…

THEMES SHOP – REVENUE $ 1000+ Per Month-9028 Uniques-Site Sells Themes for Building Classifieds Sites

Need help for integrating inventory management system with auction sites

Hi guys..

I am currently required to develop an inventory management system for used cars that posts and retrieves data from single/multiple auction sites. The inventory management system should be standalone and it can integrate with the existing auction sites like eBay etc. or for demonstration purposes, can be shown on a separate new auction site. Can you guys please help me as to where to start with this and if there are any ready-made scripts available that suit this purpose? Please help

Is there an impact of CRLF injection on static sites?

I found CRLF injection on a site but it doesn’t has any login, session or anything or that sort. I wonder if there’s any way to prove impact of CRLF injection here.

Something that I think can be done is, an attacker can craft the payload in such a way that it would respond with Location header and user would be redirected to a malicious site. This is called Response Splitting. But I’m not sure if the company would consider this as a vulnerability because user’s can only be redirected.

I asked myself if that’s the only thing an attacker can do? After sometime I realized XSS can also be perform with response splitting but what would attacker get with XSS as there is no session cookie or anything?

I can’t figure out how to show am impact of this, are you aware of any interesting header or anything, any help?

EDIT: I found a broken link to an external site on this same forum and checked for content on wayback.

It says.

Cross-User Defacement: An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the server. This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server. In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application. In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker.

But I don’t understand it properly, can anyone please explain it in simple words?

DB Design – Assigning users to multiple sites with different roles

I am working on a DB design that lets me manage roles and permissions for each user per site. These are my business rules:

  • A user can manage multiple sites
  • A user can only have one role per site
  • A site can have multiple users

I already have two designs that I came up with, I just need validation which one would work better against my business rules.

First is using a ternary table site_user_role that consists of a relationship between site, user and role table. But this already breaks the rule of a user having only one role per site because those 3 primary keys would be unique and I can create a combination of two roles for a user within 1 site. Any complications with this design?

enter image description here

The second idea is having two binary tables. The site_user and site_user_role table. This arrangement I am quite sure I will not duplicate a role for a user on a site. But Is it weird to have a primary key aside from the Foreign keys on the site_user binary table? Any complications with this design?

enter image description here

What sites or online options are there for finding an online Dungeons and Dragons party to play with? [duplicate]

This question already has an answer here:

  • Where can I find other RPG players? 16 answers
  • Where's a good place to play D&D online? [duplicate] 1 answer

I want to find an online group to play with during the week because everyone is on different schedules with my irl groups. Any suggestions?

Any Google Sites Alternatives?

Hi.
Is there any service out there similar to Google Sites? That lets you create the site and publish it free on their domain? I know wordpress does similar – but are there any other old or innovative platforms such as these that follow this concept? I would love to take advantage of any one that is legitimate of course and like I said, free. Thank you. They don't have to be pretty either. Just functional for what I need. Backlinks, content/site development, and promotion. (used to…

Any Google Sites Alternatives?