Lamez Posted December 18, 2008 Share Posted December 18, 2008 I have made a website for a client. I was only paid to create the design, not the content. Anyways, I would like for you guys to find any exploits that are in it. here is a link: http://yorkielicious.com/index.php Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/ Share on other sites More sharing options...
Lamez Posted December 18, 2008 Author Share Posted December 18, 2008 The website uses text files, that are in a folder. When the text file is not found, it uses the default, home. so if exist: ?page=warranty, then finds the file that is named warranty and displays it, if it does not it uses the home file. If you add, &pf=yes, then it removes the style for a print friendly version. Now, I want to know if the site is vulnerable. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-718996 Share on other sites More sharing options...
darkfreaks Posted December 18, 2008 Share Posted December 18, 2008 Contact Us= XSS Secure,SQL Injection Failures Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719022 Share on other sites More sharing options...
Lamez Posted December 18, 2008 Author Share Posted December 18, 2008 so I guess that means it is good? Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719175 Share on other sites More sharing options...
Maq Posted December 18, 2008 Share Posted December 18, 2008 No, use SQL Inject Me. Says you failed 68 injection tests. Well that's only on your contact us page... Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719214 Share on other sites More sharing options...
Lamez Posted December 18, 2008 Author Share Posted December 18, 2008 Thats funny, I do not have a database attached to this website at all. Its all on text files. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719241 Share on other sites More sharing options...
Maq Posted December 18, 2008 Share Posted December 18, 2008 I guess it assumes you use a DB. Anyway it basically checks to see if it can input various entries to each of your fields and whatnot. It's still good to clean your fields... Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719242 Share on other sites More sharing options...
Lamez Posted December 18, 2008 Author Share Posted December 18, 2008 I guess, but I am not going to stress over it. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719248 Share on other sites More sharing options...
Lamez Posted December 19, 2008 Author Share Posted December 19, 2008 well it does not allow empty fields at all. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719464 Share on other sites More sharing options...
waynew Posted December 19, 2008 Share Posted December 19, 2008 haha! a pro would clean there fields to prevent spam1 Use a captcha. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719601 Share on other sites More sharing options...
Maq Posted December 19, 2008 Share Posted December 19, 2008 haha! a pro would clean there fields to prevent spam1 Use a captcha. Either that or ask a simple question for the user to answer, "What's 2 + 2?" Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719638 Share on other sites More sharing options...
Lamez Posted December 19, 2008 Author Share Posted December 19, 2008 haha! a pro would clean there fields to prevent spam1 Use a captcha. Either that or ask a simple question for the user to answer, "What's 2 + 2?" YA, but if a bot that was made for this forum, it would know the answer all the time, so it would have to be random. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719671 Share on other sites More sharing options...
Maq Posted December 19, 2008 Share Posted December 19, 2008 YA, but if a bot that was made for this forum, it would know the answer all the time, so it would have to be random. Random, or, you could make up your own weird question. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719698 Share on other sites More sharing options...
Lamez Posted December 19, 2008 Author Share Posted December 19, 2008 lol I will make the script to generate a random number, then ask it to input that number. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719713 Share on other sites More sharing options...
Maq Posted December 19, 2008 Share Posted December 19, 2008 lol I will make the script to generate a random number, then ask it to input that number. Sure, that's what a lot of sites do. They have a list of like 10 questions they ask randomly. Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719769 Share on other sites More sharing options...
Lamez Posted December 19, 2008 Author Share Posted December 19, 2008 ya, I will get on that later! Link to comment https://forums.phpfreaks.com/topic/137494-hack-this/#findComment-719780 Share on other sites More sharing options...
Recommended Posts