Please test my sites security

DVBT · 08-17-2006, 01:25 PM

Hi i am looking for you programmers to test out the security of my new site.

http://www.classpile.com/dev/taglinks/

The site is on a test server atm, thats why i want the security tested so i can have it as secure as possible for when i launch it

Please PM me your results.

regards

Noobie · 08-17-2006, 03:45 PM

It looks ok for me in FF but not in IE if you're using css shrink the size of your main div i think

Does the search work?

DVBT · 08-17-2006, 03:53 PM

what about any security issues. Get any of them?

Noobie · 08-17-2006, 07:58 PM

I did try sql injection on your login ...
but nothing to test if nothing is functioning ?

DVBT · 08-18-2006, 09:30 AM

nope everything is functioning apart from the search box atm

regards

iNod · 08-18-2006, 10:22 AM

Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve

DVBT · 08-18-2006, 12:23 PM

Quote:

Originally Posted by iNod

Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve

thanks for letting me no steve

rep points added

baxter · 08-18-2006, 12:44 PM

http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else

Cheers

DVBT · 08-18-2006, 01:18 PM

Quote:

Originally Posted by baxter

http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else

Cheers

is that importantm does that mean somebody can use that information to hack the website?

baxter · 08-18-2006, 03:31 PM

Yes and no. It gives me information as to if say I come across a cpanel login I know what username to try. If I come accross a vulnerability with file viewing I know the exact path to your site from the server and can backtrace from there. If your host allows connections from other networks by default I could gain access to your mysql database especially since its not using a password.

All this can be fixed by simply adding intval() to sanitize it into a number

Cheers,

Bax

DVBT · 08-18-2006, 03:55 PM

thanks for that baxter.

Rep points added

08-17-2006, 01:25 PM	#1 (permalink)
DVBT Account Closed Join Date: Feb 2006 Posts: 272 52.00 NP$ (Donate)	Please test my sites security Hi i am looking for you programmers to test out the security of my new site. http://www.classpile.com/dev/taglinks/ The site is on a test server atm, thats why i want the security tested so i can have it as secure as possible for when i launch it Please PM me your results. regards

08-17-2006, 03:45 PM	#2 (permalink)
Noobie NamePros Regular Join Date: Feb 2006 Location: Montreal, Quebec, Canada Posts: 324 66.75 NP$ (Donate)	It looks ok for me in FF but not in IE if you're using css shrink the size of your main div i think Does the search work? __________________ Goldkey.com is a scam What's your BMI? \| Timestamp Generator Last edited by Noobie; 08-17-2006 at 03:48 PM. Reason: spelling

08-17-2006, 07:58 PM	#4 (permalink)
Noobie NamePros Regular Join Date: Feb 2006 Location: Montreal, Quebec, Canada Posts: 324 66.75 NP$ (Donate)	I did try sql injection on your login ... but nothing to test if nothing is functioning ? __________________ Goldkey.com is a scam What's your BMI? \| Timestamp Generator

08-18-2006, 10:22 AM	#6 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,289 126.05 NP$ (Donate)	Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues. - Steve __________________ I feel old.

08-17-2006, 03:53 PM	#3 (permalink)
DVBT Account Closed Join Date: Feb 2006 Posts: 272 52.00 NP$ (Donate)	what about any security issues. Get any of them?

08-18-2006, 09:30 AM	#5 (permalink)
DVBT Account Closed Join Date: Feb 2006 Posts: 272 52.00 NP$ (Donate)	nope everything is functioning apart from the search box atm regards

08-18-2006, 12:44 PM	#8 (permalink)
baxter NamePros Regular Join Date: Apr 2006 Posts: 289 1,990.00 NP$ (Donate)	http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id=' gives me information on your sql user and path information. I didn't really have a lot of time to test anything else Cheers

08-18-2006, 03:31 PM	#10 (permalink)
baxter NamePros Regular Join Date: Apr 2006 Posts: 289 1,990.00 NP$ (Donate)	Yes and no. It gives me information as to if say I come across a cpanel login I know what username to try. If I come accross a vulnerability with file viewing I know the exact path to your site from the server and can backtrace from there. If your host allows connections from other networks by default I could gain access to your mysql database especially since its not using a password. All this can be fixed by simply adding intval() to sanitize it into a number Cheers, Bax

08-18-2006, 03:55 PM	#11 (permalink)
DVBT Account Closed Join Date: Feb 2006 Posts: 272 52.00 NP$ (Donate)	thanks for that baxter. Rep points added

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)