condoravenue Posted December 11, 2010 Share Posted December 11, 2010 http://tinyurl.com/2fqbcgp proof of ownership: http://www.snow-report.us/somename/phpfreaks.txt Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/ Share on other sites More sharing options...
dreamwest Posted December 21, 2010 Share Posted December 21, 2010 Can I give it a TCP test?? Itll be supa fun i promise Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1149754 Share on other sites More sharing options...
PHPTOM Posted December 25, 2010 Share Posted December 25, 2010 http://www.snow-report.us/somename/operations/error_log Displays your server address & username Also no index file in operations. Not a huge hole, but it is one. Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1151424 Share on other sites More sharing options...
Maq Posted December 28, 2010 Share Posted December 28, 2010 I got 136 failure with all tests for SQL Inject Me. Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1152241 Share on other sites More sharing options...
unlishema.wolf Posted January 6, 2011 Share Posted January 6, 2011 Anyone can access all your pages. Not a security risk until someone figures out what to insert to delete accounts and create accounts without permission. Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1155567 Share on other sites More sharing options...
Omirion Posted January 30, 2011 Share Posted January 30, 2011 http://www.snow-report.us/somename/operations/ You should really deny access to this. Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1167375 Share on other sites More sharing options...
Coreye Posted February 12, 2011 Share Posted February 12, 2011 Full Path Disclosure: http://snow-report.us/somename/operations/account_created.php?passkey[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/brecke5/public_html/somename/operations/account_created.php on line 7 Link to comment https://forums.phpfreaks.com/topic/221282-hack-my-site-and-tell-me-my-security-holes/#findComment-1173177 Share on other sites More sharing options...
Recommended Posts