SQLi on my site? Nah!

[Kataclysmic]

Alright so I posted something in an earlier thread about seeing if any of you could hack my site. Again the home page has a
comment saying

Code: Select all

<!-- Welcom HTS -->

Well anyways someone got mad, got some SQLi, gave me the link to mock me yadada. I still have no idea what the output was. He said it was my password which it was not, but the link was http://lawofcode.com/article.php?id=1%2 ... 7165687171),1,1#
since then I have changed the code and hopefully secured it from anymore sqli. I want to see if any of you can find it on my website. the areas possibly vulnerable to it are the videos and articles sections just fyi. I would really appriciate it if any of you could do it and then tell me what you used so I can try to further secure my site! Thanks and again you have my permission as owner and there is a comment on the home page to show for that.

[mShred]

Quick lookover doesn't reveal anything.
Two things though. One, you should definitely get some more content so there's more chance for hackery.
And two. Update your apache server. This is actually crucial. Unless you've edited it to act like it's outdated, it's vulnerable to a few good exploits.

[Goatboy]

Also for the sake of those testing the site, bear in mind that while the OP does in fact own the site, he does not own the hardware it is running on. Legal troubles abound if you break something or get detected.

[Kataclysmic]

Quick lookover doesn't reveal anything.
Two things though. One, you should definitely get some more content so there's more chance for hackery.
And two. Update your apache server. This is actually crucial. Unless you've edited it to act like it's outdated, it's vulnerable to a few good exploits.

What type of content would you recommend? Also I cannot update the server because I do not own it as mentioned below. What about it acts outdated?