HexString Posted June 13, 2007 Report Share Posted June 13, 2007 www.gashka-ta.ro va rog nu incercati sa il spargeti au mai fost cateva tentative nu veniti cu ceva de genu :http://gashka-ta.ro/my_profile_tag.php?tag=Hacked%20!?&&font=004.ttf&&colour=blue Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted June 13, 2007 Report Share Posted June 13, 2007 La inregistrare la campul username baga "><script>alert(1)</script> Quote Link to comment Share on other sites More sharing options...
nos Posted June 14, 2007 Report Share Posted June 14, 2007 asta i-am spuso si yo nemessis cand dai verifica :D darr nu ai ce face cu ea..... Quote Link to comment Share on other sites More sharing options...
HexString Posted June 14, 2007 Author Report Share Posted June 14, 2007 Nemessis dar cand esti logat nu mai iti apare pagina de register? Deci are ce sa imi faca? Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted June 14, 2007 Report Share Posted June 14, 2007 Nu mi-am facut user sa ma uit. Cand esti logat e posibil sa ai mai multe buguri la dispozitie. Eu doar ti-am spus unde ai o bubita Quote Link to comment Share on other sites More sharing options...
HexString Posted June 14, 2007 Author Report Share Posted June 14, 2007 Can test it? Iti sterg userul dupa aia daca doresti Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted June 14, 2007 Report Share Posted June 14, 2007 http://gashka-ta.ro/my_profile.php?username=secure + xss in guestbook + xss in blog + deja nu mai avea rost sa caut Pune filtre pe xss cheatsheet de pe ha.ckers.org Quote Link to comment Share on other sites More sharing options...
HexString Posted June 14, 2007 Author Report Share Posted June 14, 2007 Ce ar trebuii sa repar? Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted June 14, 2007 Report Share Posted June 14, 2007 Stiu sa stric nu sa si repar Filtreaza orice urma de script ce poate fi postat de un user. Quote Link to comment Share on other sites More sharing options...
HexString Posted June 14, 2007 Author Report Share Posted June 14, 2007 O sa incerc dar momentan oricum il voi verifca ... Quote Link to comment Share on other sites More sharing options...
MostWanteD Posted June 14, 2007 Report Share Posted June 14, 2007 si totusi...nu e cam offtopic situ asta ? adicaLinkuriPostati aici doar linkurile despre securitate!hmmmm... hi5=securitate ? Quote Link to comment Share on other sites More sharing options...
Dark_net Posted June 14, 2007 Report Share Posted June 14, 2007 Uitete pe situl uficial de la web application care ai tu... poate este un fix o ceva. Quote Link to comment Share on other sites More sharing options...
vladiii Posted June 26, 2007 Report Share Posted June 26, 2007 Lasa ca l-au spart alti destepti Felicitari HexString, buna securitate ! Incepi sa imi placi din ce in ce mai mult... Quote Link to comment Share on other sites More sharing options...
HexString Posted June 26, 2007 Author Report Share Posted June 26, 2007 Felicitari HexString, buna securitate ! Incepi sa imi placi din ce in ce mai mult...Puteai sa ma scutesti de comentarii .... Quote Link to comment Share on other sites More sharing options...
-G- Posted June 26, 2007 Report Share Posted June 26, 2007 Nici nu apare bine un site si asiaticii astia deja se fac cunoscuti )))))))))))))))))) Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted June 26, 2007 Report Share Posted June 26, 2007 Asta e chiar tare Quote Link to comment Share on other sites More sharing options...
vladiii Posted June 26, 2007 Report Share Posted June 26, 2007 Dah... Scuze HexString Uite ca se mai intoarce roata din cand in cand Quote Link to comment Share on other sites More sharing options...
Johnny Posted June 26, 2007 Report Share Posted June 26, 2007 Nu ti-o place tie securitatea dar sa dai chmod 0777 la index.php tre sa fii chiar paralel, astfel scapai de deface la indexul principal in caz ca nu obtineau atacatorii drepturi de super user , root pe linux respectiv administrator pe windows.Presupun ca siteul avea vulnerabilitati cu risc ridicat adica remote pentru ca din script nu puteau sa fi facut deface la indexul principal sau serverul pe care era gazduit siteul era si el prost securizat.Vulns cele mai raspandite in scripturile PHP care fac remote [preiau controlul fisierelor] sunt RFI`urile , vuln de care presupun ca era afectat si scriptul tau si pe care il puteai fixa fff simplu.In fine , poate acesti "lame hackeri" aka defaceri ti-au oferit o lectie buna. Quote Link to comment Share on other sites More sharing options...
HexString Posted June 26, 2007 Author Report Share Posted June 26, 2007 nu a modificat index.php ... a facut index.html si plm a sters cateva fisiere:| .. nu imi explic cum ... in fine ... Quote Link to comment Share on other sites More sharing options...
byjuniorhacked Posted July 2, 2007 Report Share Posted July 2, 2007 Dah... Scuze HexString Uite ca se mai intoarce roata din cand in cand mia placut asta vladiii Quote Link to comment Share on other sites More sharing options...
Ctc4 Posted January 25, 2008 Report Share Posted January 25, 2008 Mah...tot ce vorbiti..acilea....e off topic....noi vorbim numai despre securitate...apai...care avetzi un bifrons...hmm scuze...bitdefender..) Quote Link to comment Share on other sites More sharing options...
katmai Posted January 25, 2008 Report Share Posted January 25, 2008 Mah...tot ce vorbiti..acilea....e off topic....noi vorbim numai despre securitate...apai...care avetzi un bifrons...hmm scuze...bitdefender..)Citeste Regulile!Fara Warez.Cat despre problema...stiu ca e cam old,dar trebuie sa fiu ontopic ,cand face un user sign up,ce nu iti faci o functie de escape data?sau macar pune mysql_escape_string ,si mai ai o groaza de protectii ca htmlspecialchars,strip_tags..si etc Quote Link to comment Share on other sites More sharing options...