Jump to content

Kindly dont spoil my site but try to find flaws and report to me

om

By om
in Beta Test Your Stuff!

 Share

Recommended Posts

om Newbie

om

Posted
  • Author
Posted

bloop no wonder it is not working keep it to one variable.  ;)

 

<?php
include_once("sp_dbcon.php");
function clean($var) {
  
   $sp_dbcn = new sp_dbcon();
    $link = $sp_dbcn->sp_getConc();
$var=(strip_tags(trim($var)))
$var=mysql_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);

mysqli_close($link);
}

array_walk_recursive($_POST,'clean');


?>

 

 

PLEASE CAN YOU SEND OR SHOW SOME SCREEN SHOTS OF CHECKING SQL INJECTION ON MY SITE.

 

UPLOADED A NEW CLEAN, PLEASE  DONOT SPOIL THE SITEcHECK THE VULNERABILITY NOW

 

 

Link to comment
Share on other sites
  • Replies 260
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

darkfreaks Advanced Member

darkfreaks

Posted
Posted

 

Fix:

<?php
$sp_dbcn = new sp_dbcon();
    $link = $sp_dbcn->sp_getConc();
function clean($var,$link){
$var=strip_tags(trim($var));
$var=htmlspecialchars($var,ENT_QUOTES);
$var=mysqli_real_escape_string($link,$var);}
$hu_grp_id=clean($_POST['hu_grp_id']);
$hregcd=clean($_POST['hregcd']);
$hcuna=clean($_POST['hcuna']);
$huid=clean($_POST['huid']);
$htpwd=clean($_POST['htpwd']);
$htpwd1=clean($_POST['htpwd1']);
$ribtn=clean($_POST['ribtn']);
$cbe=clean($_POST['cbe']);
$jbs_reg=clean($_POST['jbs_reg']);
?>

Link to comment
Share on other sites
aximbigfan Regular Member

aximbigfan

Posted
Posted

"So, please check the vulnerability NOW 1810HRS iNDIAN STD. TIME."

 

Don't. Just Don't. The please here volunteer their time to help you. You are getting something for nothing here, don't push it.

 

I guess the site is for web hosting. First off, I don't think anyone is going to go for this. When someone's site goes down due to an HDD failure, I don't think they are going to be satisfied that it "was an act of god". I think you need to rethink this whole thing, and hire an experienced PHP/SQL programmer. To be honest, if a client told me he was going to use your hosting, I would laugh out loud and think it was some kind of sick joke.

 

BTW: What the jesus gently caress is this???

This programme is not meant for disabled[mentally]children*[for this category I will give counselling to parents on case to case basis. Don't expect results, as we are not ABOVE GOD.  But we can make an attempt [not more than 10 hrs per month]. Charges :

 

Chris

Link to comment
Share on other sites
Maq Prolific Member

Maq

Posted
Posted

I'm beginning to think this is some kind of sick joke myself.  Like a member of phpfreaks put this site together in 10 minutes and posted it in the critique section for shits 'n giggles.  Please tell me this is true!

Link to comment
Share on other sites
aximbigfan Regular Member

aximbigfan

Posted
Posted

I'm beginning to think this is some kind of sick joke myself.  Like a member of phpfreaks put this site together in 10 minutes and posted it in the critique section for shits 'n giggles.  Please tell me this is true!

I'm beginning to think this is some kind of sick joke myself.  Like a member of phpfreaks put this site together in 10 minutes and posted it in the critique section for shits 'n giggles.  Please tell me this is true!

 

 

You have to be right, but I mean.... It does _look_ like someone invested some time creating this horrific monster... I looked through the source, and didn't see any thing like <!-- HAHAHA! you probably fell for it!!! !-->

 

BTW: Who is going to spend all that money on something that has absolutely no guarantee?

 

I say the mods should keep this going. the comedy factor can only increase....

 

Chris

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

 

Hey oom, I wanted to buy an advertisement, but it was for pregger horse porn... Is that a noble cause under god??

 

THANKS FOR FEED BACK

 

mAY GOD BLESS YOU WITH GOOD MIND NOT TO USE THE WORDS YOU HAVE USED.

 

tHIS IS AN INTANGIBLE CURRENCY SUGGESTION ...

 

FOR A CHANGE, MY MOTHER TAUGHT ME ONE THING APPLY THE SENTENCE TO YOUR SELF BEFORE YOU LET IT OUT OF YOUR MIND.

 

 

 

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

Failures: 153

Warnings:0

Unsafe variables:hregcd,hu_grp_id,hcuna,huid,htpwd,htpwd1,

ribtn,cbe,jbs_reg

 

Solution:strip_tags(),trim(),htmlspecialchars(),

mysqli_real_escape_string()

 

BY THE LIST OF VAR I CAN SEE IT THAT OF REGISTER MEMBER PAGE

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION OF MY SITE SO THAT I CAN DO IT MY SELF.

 

HERE IS THE CLEAN

$sp_dbcn = new sp_dbcon();

    $link = $sp_dbcn->sp_getConc();

    $item=strip_tags(trim($item));

    /* check connection */

    if(!($link)) {

      echo "Failed to connect to the server\n";

  $item=addcslashes(htmlspecialchars($item,ENT_NOQUOTES),'\'\"%_');

      // ... log the error properly

  } else {

  // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

      if(get_magic_quotes_gpc()) {$item=stripslashes($item);

      }

$item=htmlspecialchars(mysqli_real_escape_string($link,$item),ENT_QUOTES);

  /* determine our thread id */

$thread_id = mysqli_thread_id($link);

/* Kill connection */

mysqli_kill($link, $thread_id);

/* close connection  $_SESSION[cnt_con]++;*/

mysqli_close($link);

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

"So, please check the vulnerability NOW 1810HRS iNDIAN STD. TIME."

 

Don't. Just Don't. The please here volunteer their time to help you. You are getting something for nothing here, don't push it.

 

I guess the site is for web hosting. First off, I don't think anyone is going to go for this. When someone's site goes down due to an HDD failure, I don't think they are going to be satisfied that it "was an act of god". I think you need to rethink this whole thing, and hire an experienced PHP/SQL programmer. To be honest, if a client told me he was going to use your hosting, I would laugh out loud and think it was some kind of sick joke.

 

BTW: What the jesus gently caress is this???

This programme is not meant for disabled[mentally]children*[for this category I will give counselling to parents on case to case basis. Don't expect results, as we are not ABOVE GOD.  But we can make an attempt [not more than 10 hrs per month]. Charges :

 

Chris

 

tHANKS FOR VISITING MY OTHER SITES, HOPE YOU BENIFITTED.

 

 

wELL I AM FINANCIALLY POOR, THATS WHY I AM DOING IT MYSELF.

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Failures: 153

Warnings:0

Unsafe variables:hregcd,hu_grp_id,hcuna,huid,htpwd,htpwd1,

ribtn,cbe,jbs_reg

 

Solution:strip_tags(),trim(),htmlspecialchars(),

mysqli_real_escape_string()

 

BY THE LIST OF VAR I CAN SEE IT THAT OF REGISTER MEMBER PAGE

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION OF MY SITE SO THAT I CAN DO IT MY SELF.

 

HERE IS THE CLEAN

$sp_dbcn = new sp_dbcon();

    $link = $sp_dbcn->sp_getConc();

    $item=strip_tags(trim($item));

    /* check connection */

    if(!($link)) {

      echo "Failed to connect to the server\n";

  $item=addcslashes(htmlspecialchars($item,ENT_NOQUOTES),'\'\"%_');

      // ... log the error properly

  } else {

  // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

      if(get_magic_quotes_gpc()) {$item=stripslashes($item);

      }

$item=htmlspecialchars(mysqli_real_escape_string($link,$item),ENT_QUOTES);

  /* determine our thread id */

$thread_id = mysqli_thread_id($link);

/* Kill connection */

mysqli_kill($link, $thread_id);

/* close connection  $_SESSION[cnt_con]++;*/

mysqli_close($link);

 

 

after all of my advice you are still calling the function wrong. please go back and read.

Link to comment
Share on other sites
aximbigfan Regular Member

aximbigfan

Posted
Posted

 

Hey oom, I wanted to buy an advertisement, but it was for pregger horse porn... Is that a noble cause under god??

 

THANKS FOR FEED BACK

 

mAY GOD BLESS YOU WITH GOOD MIND NOT TO USE THE WORDS YOU HAVE USED.

 

tHIS IS AN INTANGIBLE CURRENCY SUGGESTION ...

 

FOR A CHANGE, MY MOTHER TAUGHT ME ONE THING APPLY THE SENTENCE TO YOUR SELF BEFORE YOU LET IT OUT OF YOUR MIND.

 

 

 

 

If this is real:

* Quit typing all caps. Some members may be dyslexic, and may not be able to read caps as easily.

* Quit telling people they have time limits

* Quit modifying people's functions

* DO learn proper PHP syntax

* DO learn about proper web design

* Quit it with the loving iframes

* Do learn about SQL injection

* Quit asking to be spoon fed.

 

You sites are impossible to read, really, I couldn't get a piece of information on any one of them. Look at a website like digg.com, or this very site, and compare it to your own. NO BODY will pay to use a site like this. It is too confusing for me to even fathom how to use, and I'm sure that your average Bob will look at it for 5 secs and then go to a different site. If you need to, use a free template. There are tons out there Google is your friend.

 

Chris

 

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

Failures: 153

Warnings:0

Unsafe variables:hregcd,hu_grp_id,hcuna,huid,htpwd,htpwd1,

ribtn,cbe,jbs_reg

 

Solution:strip_tags(),trim(),htmlspecialchars(),

mysqli_real_escape_string()

 

BY THE LIST OF VAR I CAN SEE IT THAT OF REGISTER MEMBER PAGE

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION OF MY SITE SO THAT I CAN DO IT MY SELF.

 

HERE IS THE CLEAN

$sp_dbcn = new sp_dbcon();

    $link = $sp_dbcn->sp_getConc();

    $item=strip_tags(trim($item));

    /* check connection */

    if(!($link)) {

      echo "Failed to connect to the server\n";

  $item=addcslashes(htmlspecialchars($item,ENT_NOQUOTES),'\'\"%_');

      // ... log the error properly

  } else {

  // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

      if(get_magic_quotes_gpc()) {$item=stripslashes($item);

      }

$item=htmlspecialchars(mysqli_real_escape_string($link,$item),ENT_QUOTES);

  /* determine our thread id */

$thread_id = mysqli_thread_id($link);

/* Kill connection */

mysqli_kill($link, $thread_id);

/* close connection  $_SESSION[cnt_con]++;*/

mysqli_close($link);

 

 

after all of my advice you are still calling the function wrong. please go back and read.

 

 

BY THE LIST OF VAR I CAN SEE IT THAT OF REGISTER MEMBER PAGE

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION USING FIREFOX OF MY SITE  SO THAT I CAN DO IT MY SELF.

 

i TESTED my FUNCTION ON MY POSTING MESSAGES INSIDE MY LOGGED IN  PAGES, WITH FOLLOWING SQL INJECTION

' OR ''=''; Update xxxxxx set password = "xxxx", Xcd = "xxxxx" where BID = "xx@ucy.in" and BGid = "xxxx"; --

 

and exactly posted the same, safely into the table, NOW DO YOU THING ABOVE SQL INJECTION WAS WRONG

 

SO THAT I CAN LEARN AND BELIEVE YOUR TESTING

 

 

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

 

Hey oom, I wanted to buy an advertisement, but it was for pregger horse porn... Is that a noble cause under god??

 

THANKS FOR FEED BACK

 

mAY GOD BLESS YOU WITH GOOD MIND NOT TO USE THE WORDS YOU HAVE USED.

 

tHIS IS AN INTANGIBLE CURRENCY SUGGESTION ...

 

FOR A CHANGE, MY MOTHER TAUGHT ME ONE THING APPLY THE SENTENCE TO YOUR SELF BEFORE YOU LET IT OUT OF YOUR MIND.

 

 

 

 

If this is real:

* Quit typing all caps. Some members may be dyslexic, and may not be able to read caps as easily.

* Quit telling people they have time limits

* Quit modifying people's functions

* DO learn proper PHP syntax

* DO learn about proper web design

* Quit it with the loving iframes

* Do learn about SQL injection

* Quit asking to be spoon fed.

 

You sites are impossible to read, really, I couldn't get a piece of information on any one of them. Look at a website like digg.com, or this very site, and compare it to your own. NO BODY will pay to use a site like this. It is too confusing for me to even fathom how to use, and I'm sure that your average Bob will look at it for 5 secs and then go to a different site. If you need to, use a free template. There are tons out there Google is your friend.

 

Chris

 

Baby need to  be spoon fed.

 

* Do learn about SQL injection

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION USING FIREFOX OF MY SITE  SO THAT I CAN DO IT MY SELF.

 

 

iN INDIA MOST PEOPLE DONT USE LATEST BROWSERS, SO MOST OF CSS WONT WORK AND HENCE I USED I FRAMES.

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

* Quit modifying people's functions

 

Adding and testing for more security is a normal standard of open source movement.

 

I have slightly changed my header visit now and see the SO called and perceived the old MONSTER, and post the feed back.

 

check out www.ucy.in/tcmb

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION USING FIREFOX OF MY SITE  SO THAT I CAN DO IT MY SELF.

 

I hope you understand

 

GBU

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION USING FIREFOX OF MY SITE  SO THAT I CAN DO IT MY SELF.

 

it is a firefox addon...look it up yourself.

 

i posted a few links for sql injection.  read up and then post please...

 

 

i know, i have hacker bar on my firefox, there is post check box,

 

But now is is not appearing, it was there when i downloaded3.0.4

But simply i am very new to it and facing difficulty of how to use it

 

Please help me with Scrn SHOTS

 

Now i brought down errors on

Validation Output:  19 Errors

 

And made it more appealing so visit the site once again you will

definetly understand & feel better

 

Link to comment
Share on other sites
aximbigfan Regular Member

aximbigfan

Posted
Posted

 

Hey oom, I wanted to buy an advertisement, but it was for pregger horse porn... Is that a noble cause under god??

 

THANKS FOR FEED BACK

 

mAY GOD BLESS YOU WITH GOOD MIND NOT TO USE THE WORDS YOU HAVE USED.

 

tHIS IS AN INTANGIBLE CURRENCY SUGGESTION ...

 

FOR A CHANGE, MY MOTHER TAUGHT ME ONE THING APPLY THE SENTENCE TO YOUR SELF BEFORE YOU LET IT OUT OF YOUR MIND.

 

 

 

 

If this is real:

* Quit typing all caps. Some members may be dyslexic, and may not be able to read caps as easily.

* Quit telling people they have time limits

* Quit modifying people's functions

* DO learn proper PHP syntax

* DO learn about proper web design

* Quit it with the loving iframes

* Do learn about SQL injection

* Quit asking to be spoon fed.

 

You sites are impossible to read, really, I couldn't get a piece of information on any one of them. Look at a website like digg.com, or this very site, and compare it to your own. NO BODY will pay to use a site like this. It is too confusing for me to even fathom how to use, and I'm sure that your average Bob will look at it for 5 secs and then go to a different site. If you need to, use a free template. There are tons out there Google is your friend.

 

Chris

 

Baby need to  be spoon fed.

 

* Do learn about SQL injection

 

PLEASE SEND ME / POST HERE THE SCREEN SHOTS OF SQL INJECTION USING FIREFOX OF MY SITE  SO THAT I CAN DO IT MY SELF.

 

 

iN INDIA MOST PEOPLE DONT USE LATEST BROWSERS, SO MOST OF CSS WONT WORK AND HENCE I USED I FRAMES.

 

 

Doesn't matter. Not having a proper CSS parser is NO EXCUSE! You could use tables, etc to get the same general effect.

 

And no, baby doesn't need to be spoonfed IT NEEDS TO USE LOVING GOOGLE AND QUIT IT WITH THE CAPS!!!!

 

Chris

Link to comment
Share on other sites
aximbigfan Regular Member

aximbigfan

Posted
Posted

Look, OOm,

 

Make a general layout. Then use that for ALL your sites.

 

Make it look like this

 

+-------------------+

|                          |

+--+---------------+

|  |                      |

|  |                      |

|  |                      |

+--+---------------+

 

You could do that with only tables easily.

 

Is this you?

http://www.ucy.in/spr_c/sp/

 

Chris

Link to comment
Share on other sites
om Newbie

om

Posted
  • Author
Posted

Look, OOm,

 

Make a general layout. Then use that for ALL your sites.

 

Make it look like this

 

+-------------------+

|                          |

+--+---------------+

|  |                      |

|  |                      |

|  |                      |

+--+---------------+

 

You could do that with only tables easily.

 

Is this you?

http://www.ucy.in/spr_c/sp/

 

Chris

 

Certainly yes, the photograph is about 3 yrs old, now I am more slimmer like the layouts you like,

 

So, when you people will open up???????????

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.