Please test my sites security

[DVBT]

Hi i am looking for you programmers to test out the security of my new site.

http://www.classpile.com/dev/taglinks/

The site is on a test server atm, thats why i want the security tested so i can have it as secure as possible for when i launch it

Please PM me your results.

regards

 

[Noobie]

It looks ok for me in FF but not in IE if you're using css shrink the size of your main div i think

Does the search work?

 

[DVBT]

what about any security issues. Get any of them?

 

[Noobie]

I did try sql injection on your login ...
but nothing to test if nothing is functioning ?

 

[DVBT]

nope everything is functioning apart from the search box atm

regards

 

[iNod]

Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve

 

[DVBT]

Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve

thanks for letting me no steve

rep points added

 

[baxter]

http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers

 

[DVBT]

http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers

is that importantm does that mean somebody can use that information to hack the website?

 

[baxter]

Yes and no. It gives me information as to if say I come across a cpanel login I know what username to try. If I come accross a vulnerability with file viewing I know the exact path to your site from the server and can backtrace from there. If your host allows connections from other networks by default I could gain access to your mysql database especially since its not using a password.

All this can be fixed by simply adding intval() to sanitize it into a number :D

Cheers,

Bax

 

[DVBT]

thanks for that baxter.

Rep points added :D