test pleace my new edition

[xcoderx]

please check if all ok in the coding are ok and if any loops, also its only started will keep on upadting this topic when i keep adding more to the script. discussonline.in/milu

 

 

i have already proved that the server is mine on my earlier post hope i do not have to again?

[darkfreaks]

always have to post a link proving

[xcoderx]

lol bro u already know its mine ;-)

[darkfreaks]

could use a Doctype transitional tag also

Javascipt Error:

permission denied call to method location.tostring

 

 

Access Me:SECCOMP attack

Fix: put the following in htacess file

RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]

 

[xcoderx]

Thanks bro guna add .htacces to it now.

[darkfreaks]

did you add it to the file and how? you went from 9 failures to 1179 failures 

[xcoderx]

no i didn add nothing yet how come 1179 failures bro ???

[darkfreaks]

well that explains why the number fluctuates from 9-1000 each time i run Access Me 

[xcoderx]

1 min lemme add the htaccess

[xcoderx]

done now ?

[darkfreaks]

nope is your htaccess file in the root directory?

[xcoderx]

In base dir bro.

[darkfreaks]

do you have tokens on your session variables to guard against CSRF attacks?

CSRF PHP Tutorial

 

also it seems to be safe guarding against SECCOMP attacks the htaccess file but you got CSRF problems as well.

 

 

 

[darkfreaks]

after some obvious testing i realized i gave people the wrong code for the file itself.

Working Code:

 

RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]

 

 

Also if you are using PHP_SELF in your form variables don't try to avoid it or PHP_URI. try to make it redirect to an exact url if you can. if not  there is a "band aid" fix you can do where you can use htmlspecialchars to filter PHP_URI or PHP_SELF.