Jump to content

Recommended Posts

I'm Pixeel, a two-month lurker turned hopeful contributor. I picked my username because Pixel was too plain and my second choice, Pixella, seemed a little weird. I don't even like eels that much anyway.

I'm a 17-year old hobbyist programmer currently going through 12th grade and am currently on my Christmas break, which is how I decided to sign up for the site. I hope to study Computer Science for college.

My favorite programming languages are Python, PHP, SQL (I know some people don't consider it a programming language, but I consider it good anyway), and JavaScript. I'm also learning Java for computer science purposes, but it isn't my favorite language to do. Apart from Java, I self-taught myself Python, PHP, and SQL.

I have been experimenting with PHP, Flask, Ruby on Rails, and other frameworks.

I originally tried to code my own MVC framework but decided it would be too complicated for a novice like me.

Although I am not a professional web dev/white-hat hacker (nor do I play one on TV), I have managed to warn several websites via e-mail about some super basic and frankly stunning PHP security vulnerabilities:

  • URL modification to edit posts that aren't mine.
  • No input validation for $_GET variables OR hidden fields. 
  • Spoofing the cookie username value to be a moderator, an administrator, or a user who doesn't exist.
  • XSS vulnerabilities due to improper escaping.
  • CSRF vulnerabilities that still haven't been fixed yet.
  • Posting in a locked forum thread.
  • Deleting forum threads by editing the URL (no permissions checks).
  • No permissions checks on functions that allowed moderators to ban users and even IP ban them.
  • Passwords are still stored in plain text (even 10 years later after someone complained).

It opened my eyes to the sheer amount of developers who neglect sanity checks. Most of the flaws I just mentioned were from one site, and I'm pretty sure that reporting them so much pissed off the administrators (I did, however, get mostly positive responses).

Apart from my tales of volunteer bug-hunting, there's nothing else to really say about me, except I hope to learn a lot and help out a lot of people here. Thanks again to everyone who may reply, and see you on the forums.

Link to comment
https://forums.phpfreaks.com/topic/314331-greetings-everyone/
Share on other sites

Welcome to the community.  Looks like you have already learned a lot of compsci and programming at a very young age.  PHP has 2 great frameworks:  Laravel & Symfony.  If you haven't already, you might enjoy creating some projects in one or the other or both.  

Link to comment
https://forums.phpfreaks.com/topic/314331-greetings-everyone/#findComment-1592853
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.