Lukeidiot Posted July 10, 2011 Share Posted July 10, 2011 Hey guys, I was recently told but one of my customers that their logs were getting stolen, and I am not sure if this is a brute force of the login, or maybe a mysql injection, or even session hijacking. User: phpfreaksdemo Pass: demopass Login: http://runescapesr.com/beta/index.php?goto=login Will reward anyone who find any possible vulnerabilities, paypal money. Ownership Verify: http://runescapesr.com/pro.txt Link to comment https://forums.phpfreaks.com/topic/241555-paying-to-test-my-site/ Share on other sites More sharing options...
cssfreakie Posted July 11, 2011 Share Posted July 11, 2011 as far as i can see you just use pretty standard forum software, which is thoroughly tested. Link to comment https://forums.phpfreaks.com/topic/241555-paying-to-test-my-site/#findComment-1241066 Share on other sites More sharing options...
Lukeidiot Posted July 11, 2011 Author Share Posted July 11, 2011 as far as i can see you just use pretty standard forum software, which is thoroughly tested. Oh sorry, I should have made this clear. I have integrated the forum registration to simultaneously create a "Beta Access" account. The URL for testing is located here: http://runescapesr.com/beta/ Everything at /beta/ has been hand coded by myself, and would like to know of its possible security flaws. Thanks! Link to comment https://forums.phpfreaks.com/topic/241555-paying-to-test-my-site/#findComment-1241184 Share on other sites More sharing options...
cssfreakie Posted July 11, 2011 Share Posted July 11, 2011 you should prevent directory traversal. as example: http://runescapesr.com/beta/?goto=../index.php suppress errors and log them in a file outside the root Link to comment https://forums.phpfreaks.com/topic/241555-paying-to-test-my-site/#findComment-1241378 Share on other sites More sharing options...
Recommended Posts