Jump to content

Archived

This topic is now archived and is closed to further replies.

pea

Security Hole Help

Recommended Posts

Hello, I made a blogging script and last night someone pointed out the security holes..I'm fairly new to php so some of it's confusing me a bit and i need some help. Here's what they said, i can do point one so i'll forget about that,

[quote]
2 - You can erase (even with mq=on) all file that are stored on the server:

[...]
$t = stripslashes($t);
[...]
$fc = fopen ("blog_comments/$t.txt", "w");
fwrite ($fc, "");
[...]

3-Using point No 1 you can do some XSS couse there isn't any anti-Xss code for admins
4-If mq=on than you can deface the site (but no injecting PHP cause < and > are properly parsed)
[/quote]

Firstly, what's mq (message queue?)? How can you deface the site. What's wrong with $t = stripslashes($t); ?I need some guidance..


Thanks. Pete

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.