+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Security (https://lckb.dev/forum/forumdisplay.php?fid=164)
+----- Forum: Website Security (https://lckb.dev/forum/forumdisplay.php?fid=141)
+----- Thread: Test Script (/showthread.php?tid=1029)
- Spezzato - 08-18-2012
Hello Community,
I wish someone who understands web security as MAX or Blackfire have a look at this script web:
2
Registration and Login
If those who use this scrpit is vulnerable to SQL injection attacks or let me know please. And if possible, someone arrange it.
Credits Script: Wizatek (I just edited it)
Already grateful!
I'm using Google Translator
- Blackfire - 08-18-2012
hmm,it doesn't look unsafe but i'm sure it can be much safer but you would need to ask some1 like max or wizatek.
- Wizatek - 08-18-2012
Include\reset_level_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\rename_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\remove_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\password_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\login_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\delete_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\delete_items_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Include\add_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.
Those are the only security risks.
I don't understand why u use 2 different login systems though.
The use of the mysql_ functions in php are deprecated, i would recommend to use mysqli or pdo
- Spezzato - 08-18-2012
Thank you for your help!
But I have a problem:
I have an 'enemy' hacker who does not know how to interfere with my dedicated, responsible for making dedicated to cancel the service by the attacks.
The only thing I had was in htdocs: Ranking Script and Script registration and login I asked to analyze.
The User was and had no root password, and I did not use any security.
I'm thinking of renting another dedicated, but I'm afraid the same place!
Can anyone help me? I am eternally grateful!
- Spezzato - 08-18-2012
Thank you for your help!
But I have a problem:
I have an 'enemy' hacker who interfered with my dedicated.
Making responsible for canceling the service because of dedicated high consumption of network.
The only thing I had was in htdocs: Ranking Script and Script registration and login I asked to analyze.
The User was and had no root password, and I did not use any security.
I'm thinking of renting another dedicated, but I'm afraid of the hacker attack again.
Sorry for bad English. I am using google tratudor!
- Blackfire - 08-18-2012
I'm not really understanding what your problem is by the way your talking, if you speak another language maybe you should post it in the multilingual section so you can get a proper answer.
- Spezzato - 08-18-2012
Do not answer me there!
The problem is that hackers are attacking my dedicated server.
I need help ...
- Wizatek - 08-18-2012
Maybe the problem is not in the website, but in the forum?
Btw, a simple mysql injection can already grand limited administrator access on your dedicated server if your php and mysql are badly configured