yoshida Posted July 8, 2006 Share Posted July 8, 2006 Hi guysI've created a php site with content manager. The code for the content manager is in a restricted area of the script. The login creates a session after which the webmaster menu will show. Every script called by that menu will check if the session exists.I'd like to see if the script is hack-proof, so I'm calling on you guys. This is the website, just click the email link on top of the page and I will reply to certify that I am the webmaster. The site is live, so if you manage to get into the webmaster menu please mail me a screenshot and recommendations to improve security.I know you guys will enjoy some hacking. So have fun. :)For the record: all css, html and php is written by me in nothing but a text editor. Link to comment Share on other sites More sharing options...
aleksanteri Posted August 2, 2006 Share Posted August 2, 2006 Umm, I checked the site but didn't find the logging page...But I managed to find one bug for you... in Opera, you could see that email address by putting the cursor on top of the link... you should encrypt it (by Javascript or PHP). Also, maybe include a dtd.<offtopic>BTW thanks for showing up for Crimson Editor (Notepad++ wasn't working correctly), enabled me to continue my work because my scripts weren't working...</offtopic> Link to comment Share on other sites More sharing options...
Jack McKalling Posted August 2, 2006 Share Posted August 2, 2006 Haha, kom je weer met je padvinders site, hihi! Ben je niet vergeten wat ik je eerder ook al heb voorgesteld, toen je voor het eerst dit topic maakte?After the last backup, and before the hacking, you made a request like this one. I replied, but ofcourse that is lost. But if you check the login system, to if a user can bypass the query you are executing, then you know that that should be fixed.By the way, yoshida's loginform can be accessed by replacing index.php by login.php, like yoshida forgot to notice that time too But erm, I think I remembered the wrong thing, or it has been changed, I can't find it anymore Link to comment Share on other sites More sharing options...
Skemcin Posted August 2, 2006 Share Posted August 2, 2006 what you need is TESTERS - so I changed the title. Please use appropriate language. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now