Please test my sites security

SpaceshipSpaceship
Namecheap AuctionsNamecheap Auctions
SpaceshipSpaceship
Watch

DVBT

Account Closed
Impact
1
Hi i am looking for you programmers to test out the security of my new site.

http://www.classpile.com/dev/taglinks/

The site is on a test server atm, thats why i want the security tested so i can have it as secure as possible for when i launch it :)

Please PM me your results.

regards
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Unstoppable Domains — AI StorefrontUnstoppable Domains — AI Storefront
It looks ok for me in FF but not in IE if you're using css shrink the size of your main div i think

Does the search work?
 
Last edited:
0
•••
what about any security issues. Get any of them?
 
0
•••
I did try sql injection on your login ...
but nothing to test if nothing is functioning ?
 
0
•••
nope everything is functioning apart from the search box atm

regards
 
0
•••
Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve
 
1
•••
iNod said:
Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve

thanks for letting me no steve :)

rep points added
 
0
•••
http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers
 
0
•••
baxter said:
http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers

is that importantm does that mean somebody can use that information to hack the website?
 
0
•••
Yes and no. It gives me information as to if say I come across a cpanel login I know what username to try. If I come accross a vulnerability with file viewing I know the exact path to your site from the server and can backtrace from there. If your host allows connections from other networks by default I could gain access to your mysql database especially since its not using a password.

All this can be fixed by simply adding intval() to sanitize it into a number :D

Cheers,

Bax
 
1
•••
thanks for that baxter.

Rep points added :D
 
0
•••
Dynadot — .com TransferDynadot — .com Transfer
CatchedCatched

We're social

Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back