Jump to content

Recommended Posts

Hi guys,

 

I've got this site that a project for uni, the site design is crap and has previously been discussed at lenght:)

 

I'm worried about the security of the site.  I'm pretty new to php and so on.  I've a member login, registration etc page.

 

I thought it would be okay but I suspect someone has been fking around the many holes there likly is as I received 8 or so new password requests from my own acount.  I just don't want the guys that have set up accounts to have any problams and hoping someone can have a look and say what I need to do.

 

I ran the audit php file that one of the guys uploaded and there was a whole lot of red, but unsure how to rectify it.

 

www.webdesignprofessionals.co.uk

 

thanks in advance.

 

I also don't have a .htaccees file, I need to get one sorted.

 

When you find holes coudl you also point me in the right direction on how to solve it.

 

proof txt - http://www.webdesignprofessionals.co.uk/phpproof.txt

 

Hi,

You have a few issues:

 

  • The activation of user accounts can easily be forged by guessing the activation id.
  • Password resets should send a link with which the user can use to reset their password and not a new password
  • There is SQL injection in some paramaters / forms.
  • Forms are vulnerable to CSRF
  • Password complexity is not enforced

 

Msg me if you want further details.

 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.