LCKB ** OLD LCKB DATABASE ** Website Scripting & Security Security Website Security
Test Script

Linear Mode
Test Script
Wizatek Offline
Posting Freak
*****
Posts: 768
Threads: 40
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: May 2011
Reputation: 0
#3
08-18-2012, 05:28 PM

Include\reset_level_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\rename_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\remove_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\password_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\login_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\delete_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\delete_items_exec.php line 6, u need to sanitize that also, because its used in a query later on.

Include\add_gm_exec.php line 6, u need to sanitize that also, because its used in a query later on.

 

Those are the only security risks.

I don't understand why u use 2 different login systems though.

 

The use of the mysql_ functions in php are deprecated, i would recommend to use mysqli or pdo

Find


Messages In This Thread
[No subject] - by Spezzato - 08-18-2012, 03:50 PM
[No subject] - by Blackfire - 08-18-2012, 05:18 PM
[No subject] - by Wizatek - 08-18-2012, 05:28 PM
[No subject] - by Spezzato - 08-18-2012, 06:34 PM
[No subject] - by Spezzato - 08-18-2012, 06:40 PM
[No subject] - by Blackfire - 08-18-2012, 06:42 PM
[No subject] - by Spezzato - 08-18-2012, 06:56 PM
[No subject] - by Wizatek - 08-18-2012, 10:04 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)