Login

08-18-2012, 03:50 PM

Hello Community,

I wish someone who understands web security as MAX or Blackfire have a look at this script web:

2

Registration and Login

If those who use this scrpit is vulnerable to SQL injection attacks or let me know please. And if possible, someone arrange it.

Credits Script: Wizatek (I just edited it)

Already grateful!

I'm using Google Translator

Blackfire · 08-18-2012, 05:18 PM

hmm,it doesn't look unsafe but i'm sure it can be much safer but you would need to ask some1 like max or wizatek.

Wizatek · 08-18-2012, 05:28 PM

Include\reset_level_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\rename_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\remove_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\password_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\login_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\delete_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\delete_items_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\add_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Those are the only security risks.

I don't understand why u use 2 different login systems though.

The use of the mysql_ functions in php are deprecated, i would recommend to use mysqli or pdo

08-18-2012, 06:34 PM

Thank you for your help!

But I have a problem:

I have an 'enemy' hacker who does not know how to interfere with my dedicated, responsible for making dedicated to cancel the service by the attacks.

The only thing I had was in htdocs: Ranking Script and Script registration and login I asked to analyze.

The User was and had no root password, and I did not use any security.

I'm thinking of renting another dedicated, but I'm afraid the same place!

Can anyone help me? I am eternally grateful!

08-18-2012, 06:40 PM

Thank you for your help!

But I have a problem:

I have an 'enemy' hacker who interfered with my dedicated.

Making responsible for canceling the service because of dedicated high consumption of network.

The only thing I had was in htdocs: Ranking Script and Script registration and login I asked to analyze.

The User was and had no root password, and I did not use any security.

I'm thinking of renting another dedicated, but I'm afraid of the hacker attack again.

Sorry for bad English. I am using google tratudor!

Blackfire · 08-18-2012, 06:42 PM

I'm not really understanding what your problem is by the way your talking, if you speak another language maybe you should post it in the multilingual section so you can get a proper answer.

08-18-2012, 06:56 PM

Do not answer me there!

The problem is that hackers are attacking my dedicated server.

I need help ...

Wizatek · 08-18-2012, 10:04 PM

Maybe the problem is not in the website, but in the forum?

Btw, a simple mysql injection can already grand limited administrator access on your dedicated server if your php and mysql are badly configured

Login
Username/Email:
Password:	Lost Password?
	Remember me