Jump to content

Kindly dont spoil my site but try to find flaws and report to me

om

By om
in Beta Test Your Stuff!

 Share

Recommended Posts

  • Replies 260
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

darkfreaks Advanced Member

darkfreaks

Posted
Posted

are you using this OM??? this will still leak injection and fluctuate.

<?php
$sp_dbcn = new sp_dbcon();
    $link = $sp_dbcn->sp_getConc();
    /* check connection */
    if(!($link)) {
       echo "Failed to connect to the server\n";
       // ... log the error properly
   } else {
  // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.
       if(get_magic_quotes_gpc()) {$item=stripslashes($item);
       }
       //escaping MYSQL/MYSQLI Injection
$item=mysqli_real_escape_string($link,$item)
//Escaping Cross Site Scripting(XSS)
$item=strip_tags(trim($item));
//Escaping Cross Site Scripting(XSS)
$item=htmlspecialchars($item,ENT_QUOTES);
$item=
   
   /* determine our thread id */
$thread_id = mysqli_thread_id($link);
/* Kill connection */
mysqli_kill($link, $thread_id);
/* close connection  $_SESSION[cnt_con]++;*/
mysqli_close($link); 
?>

 

 

Try using my functions which does everything.


<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
if (get_magic_quotes_gpc()) {
function clean_post_var($var){
	$var=mysql_real_escape_string(trim(strip_tags($var)));
	$var=htmlspecialchars($var,ENT_QUOTES);
	return htmlspecialchars($var); //PHP 4 Version
                 return filter_var($var,FILTER_SANITIZE_STRING);//PHP5 Version
               
}

$_POST = array_map('clean_post_var', $_POST);
    $_GET = array_map('clean_post_var', $_GET);
    $_COOKIE = array_map('clean_post_var', $_COOKIE);
    $_REQUEST = array_map('clean_post_var', $_REQUEST);
}
?>

om Newbie

om

Posted
  • Author
Posted

He's probably changing it as we speak...  type...

 

YES,

Now I(with gods grace) have cleaned, clean.

 

Now xss/SQL Inject my site[]http://www.ucy.in/cmb/

 

to find a ZERO PENETRATION.

 

THANKS ONCE AGAIN ALL.

 

DARKFREAKS i didnt use ur latest on page 14 I followed some of W. Jason Gilmore,  ur old code and a little bit of mine.

om Newbie

om

Posted
  • Author
Posted

OM: Big improvement on clean buddy! your down from 153 to NONE!!!!!

 

can you tell me what you changed???

 

These comments are very encouraging[ :-* :-* :-* :-* :-* :-* :-* :-* :-* :-* :-* :-* :-* :-*], I can see clearly, that you are changing into a good person, that's good.

 

Now, How is vampirefreaks related [/ created ] to you?

 

I will reveal only on my site, that too I need your consent[one my site, I have already mailed you the new group that i created for you and some others], so that I can post it on www.php.net, with real name of both of us,

WHAT DO YOU SAY?????????

om Newbie

om

Posted
  • Author
Posted

Still has 5 SQL Injection FAILURES.  You want me to list them om?

 

Certainly S please.

 

Now By gods Grace,  I have cleaned clean.

 

Now xss/sqlinject me and send the 5 failures report and as well the latest.

 

Thanks for all.

 

 

om Newbie

om

Posted
  • Author
Posted

LOL

 

BE little more in detail, so that i can understand.

 

LOL has many meanings.

 

Well my new cleaned clean also gave errors, after some random tests.

 

So, I decided to change my php validation logic, instead of relying on standard php functions.

 

I am going to almost_zero_db_class, so it may take some time, well mean while current version gave 0 errors will keep working.

 

I expect continuous support from all of you,

 

Thanks 2 all,

GBU.

 

 

 

om Newbie

om

Posted
  • Author
Posted

http://www.brains-n-brawn.com/default.aspx?vDir=aicaptcha

 

OM this is a perfect example that CAPTCHA is not hack proof.

Hey df, you r so logically innocent?

 

The simple fact that when xss/sql Inject me are able by pass the login screen and test so fast implies that capatcha is made bypass/use less.

 

If U have any technical clarification on what i said in the above paragraph, please quickly post it out here.

 

And I upgraded both clean and receiving logic php, script of

http://www.ucy.in/tcmb/login.php

So now Its 99.99999999% SQLINJ free.

try out and check for yourself,

Sql Injections are better avoided by logic of the application rather than escaping/filter techniques.

 

My observation is that may be false errors are alarms are generated to induce a sense of fearness.

 

Because when we test with failure values, manually the failure are zero.

 

 

 

 

 

ILMV Member

ILMV

Posted
Posted

There are a lot of websites that offer free template downloads. You may want to check on out.

 

Your website looks like it came out of the 90's

 

Give me a break Dylan, at least the 80s :D

 

I have only ready the first page, so if I repeat someone, sue me...

 

The website looks truly horrible, sorry, but it does. For all the previously mentioned reasons...

 

Now I am not the best designer either, so rather than settling for a poor design, head over to www.styleshout.com and use one of theirs, all templates are CSS and XHTML valid out of the box, your job is to implement your website within the template, without breaking its validation!

 

Good luck :

Mchl Regular Member

Mchl

Posted
Posted

So now Its 99.99999999% SQLINJ free.

 

I can assure you it is not. The 'bad guys' out there are always trying to come up with new tricks. You might be now secured against most popular attacks, but you can never be sure 99.99999999% sure (I'd expect someone with your background to know, that a figure like 99.99999999% is useless, as it is virtually equal to 100%).

 

Anyways, congratulations on progress so far. If you could just come up with some more eye pleasing layout...

 

In a month they'll be buying it.

 

What do you mean by it?

 

Why a month, who you are considering to buy and what?

 

It was my comment on the fact, that despite your site was deemed as a hopeless case by most people here, they are still helping you.

om Newbie

om

Posted
  • Author
Posted

There are a lot of websites that offer free template downloads. You may want to check on out.

 

Your website looks like it came out of the 90's

 

Give me a break Dylan, at least the 80s :D

 

I have only ready the first page, so if I repeat someone, sue me...

 

The website looks truly horrible, sorry, but it does. For all the previously mentioned reasons...

 

Now I am not the best designer either, so rather than settling for a poor design, head over to www.styleshout.com and use one of theirs, all templates are CSS and XHTML valid out of the box, your job is to implement your website within the template, without breaking its validation!

 

Good luck :

 

Thanks, I did little color and very minute layout changes and applied to most of the pages,

 

darkfreaks and others can login to check out the new format and give feed back.

 

The problem with download templates is, i will be morally and ethically forced to include their site reference which may not be liked by my customers.

 

Hence I made it with a simple template provided buy justin in earlier pages, modified it to my own requirements.

 

So how is it?

om Newbie

om

Posted
  • Author
Posted

So now Its 99.99999999% SQLINJ free.

 

I can assure you it is not. The 'bad guys' out there are always trying to come up with new tricks. You might be now secured against most popular attacks, but you can never be sure 99.99999999% sure (I'd expect someone with your background to know, that a figure like 99.99999999% is useless, as it is virtually equal to 100%).

 

Anyways, congratulations on progress so far. If you could just come up with some more eye pleasing layout...

 

In a month they'll be buying it.

 

What do you mean by it?

 

Why a month, who you are considering to buy and what?

 

It was my comment on the fact, that despite your site was deemed as a hopeless case by most people here, they are still helping you.

 

Very true, In our country, especially my mom taught me one proverb "I one is there to hit a palm tree's head, there will be some one to hit that fellows head".

 

And you see now you are understanding GOD.

 

"IN LIFE THERE WILL BE UPS AND DOWNS TO MAKE A CYCLE".

 

om Newbie

om

Posted
  • Author
Posted

OM i have a question ???

 

everytime i scan it Fluctuates in terms of injection sometimes ill get 2 sometimes none sometimes 6????

 

bECAUSE  the intelligence may be built into the software which tries various combinations based on history of tests.

 

Login to the site and give your feed back, PLEASE ::) ::)::) ::)::):-* :-* :-* :-* :-* :-* :-*www.ucy.in/tcmb

aximbigfan Regular Member

aximbigfan

Posted
Posted

OM i have a question ???

 

everytime i scan it Fluctuates in terms of injection sometimes ill get 2 sometimes none sometimes 6????

 

bECAUSE  the intelligence may be built into the software which tries various combinations based on history of tests.

 

Login to the site and give your feed back, PLEASE ::) ::)::) ::)::):-* :-* :-* :-* :-* :-* :-*www.ucy.in/tcmb

 

Can you post the code to your "intelligence" deal?

 

Also, LOL!

Chris

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.