Unstoppable Domains

Please test my sites security

Spaceship Spaceship
Watch
D

DVBT

Account Closed
Impact
1
Hi i am looking for you programmers to test out the security of my new site.

http://www.classpile.com/dev/taglinks/

The site is on a test server atm, thats why i want the security tested so i can have it as secure as possible for when i launch it :)

Please PM me your results.

regards
 
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
GoDaddyGoDaddy
Sort by date Sort by points
It looks ok for me in FF but not in IE if you're using css shrink the size of your main div i think

Does the search work?
 
Last edited:
Reply
0
0 Like
0 Thanks
•••
what about any security issues. Get any of them?
 
Reply
0
0 Like
0 Thanks
•••
I did try sql injection on your login ...
but nothing to test if nothing is functioning ?
 
Reply
0
0 Like
0 Thanks
•••
nope everything is functioning apart from the search box atm

regards
 
Reply
0
0 Like
0 Thanks
•••
Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve
 
Reply
1
1 Like
0 Thanks
•••
iNod said:
Your sites Login box doesn't seem to allow SQL interjections so a good for that. I checked a few things and they all are a good. So I do not see any clearly visable security issues.

- Steve
Click to expand...

thanks for letting me no steve :)

rep points added
 
Reply
0
0 Like
0 Thanks
•••
http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers
 
Reply
0
0 Like
0 Thanks
•••
baxter said:
http://www.classpile.com/dev/taglinks/index.php?p=addfavorite&id='

gives me information on your sql user and path information. I didn't really have a lot of time to test anything else :D

Cheers
Click to expand...

is that importantm does that mean somebody can use that information to hack the website?
 
Reply
0
0 Like
0 Thanks
•••
Yes and no. It gives me information as to if say I come across a cpanel login I know what username to try. If I come accross a vulnerability with file viewing I know the exact path to your site from the server and can backtrace from there. If your host allows connections from other networks by default I could gain access to your mysql database especially since its not using a password.

All this can be fixed by simply adding intval() to sanitize it into a number :D

Cheers,

Bax
 
Reply
1
1 Like
0 Thanks
•••
thanks for that baxter.

Rep points added :D
 
Reply
0
0 Like
0 Thanks
•••
Log in or sign up to reply here.
Dynadot — .com Registration $8.99Dynadot — .com Registration $8.99

Similar threads

Z
Security check please?
8 replies
511 views
Zhang
Z
P
Php Security [advice]
1 reply
396 views
Eric
Eric
N
Please test my free text-messaging script
6 replies
428 views
ccm
ccm
O
PHP Security
2 replies
609 views
axilant
axilant
A
Hack My Site
2
20 replies
2K views
Peter
Peter
Appraise.net

We're social

Escrow.com

New posts ➔

Spaceship

Auction activity ➔

Unstoppable Domains

How do you think a potential buyer first checks if your domain is for sale?

Polls of interest ➔

CryptoExchange.com

Hot this week ➔

Domain Recover

Community favorite ➔

Hot this month ➔

DomainEasy — Payment Flexibility

Blog favorites

DomDB

  1. bradfordcarpetcleaning.com

    • Make Offer

  2. portablelasers.com

    • Make Offer

  3. ExalMar.com

    • Make Offer

  4. SeaDomains.Com

    • Show Price

  5. eatandrest.com

    • Make Offer

  6. FinanceLaunch.com

    • Make Offer

  7. OwnThisProperty.com

    • Make Offer

  8. mbi.xyz

    • Make Offer

  9. Kindling.net

    • Make Offer

  10. InnVestio.com

    • Make Offer
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back