BillyBoB Posted July 9, 2007 Author Share Posted July 9, 2007 btw: I just tried to register the username Tester and p/w password and it said it worked... (Yeah I know you not to, but I couldn't resist.) roflmao now no one can login with tester cause I need to validate the account (but the email I used to reg was "password") xD fixed Pass should be Helper Link to comment https://forums.phpfreaks.com/topic/59043-security-test/page/2/#findComment-293144 Share on other sites More sharing options...
BillyBoB Posted July 9, 2007 Author Share Posted July 9, 2007 the xss should be deleted out of sb please check Link to comment https://forums.phpfreaks.com/topic/59043-security-test/page/2/#findComment-293149 Share on other sites More sharing options...
davidg80 Posted October 28, 2007 Share Posted October 28, 2007 You should protect directory: http://dreamshowstudios.net/inc/ Better yet tell Apache/2.2.4 (Fedora) Server to handle .inc files with php. Do the same for all file extensions you use ex: .class,.php,.inc, etc. Link to comment https://forums.phpfreaks.com/topic/59043-security-test/page/2/#findComment-380071 Share on other sites More sharing options...
davidg80 Posted October 28, 2007 Share Posted October 28, 2007 SQL Injection at: http://dreamshowstudios.net/members.php?user=Tester'%20AND%20'1'='0 Link to comment https://forums.phpfreaks.com/topic/59043-security-test/page/2/#findComment-380074 Share on other sites More sharing options...
Recommended Posts