SQLi on my site? Nah!

Discuss the many weaknesses of browser security and ways to mitigate the threat

SQLi on my site? Nah!

Post by Kataclysmic on Sat Dec 14, 2013 2:10 am
([msg=78493]see SQLi on my site? Nah![/msg])

Alright so I posted something in an earlier thread about seeing if any of you could hack my site. Again the home page has a
comment saying
Code: Select all
<!-- Welcom HTS -->

Well anyways someone got mad, got some SQLi, gave me the link to mock me yadada. I still have no idea what the output was. He said it was my password which it was not, but the link was http://lawofcode.com/article.php?id=1%2 ... 7165687171),1,1#
since then I have changed the code and hopefully secured it from anymore sqli. I want to see if any of you can find it on my website. the areas possibly vulnerable to it are the videos and articles sections just fyi. I would really appriciate it if any of you could do it and then tell me what you used so I can try to further secure my site! Thanks and again you have my permission as owner and there is a comment on the home page to show for that.
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 26
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: SQLi on my site? Nah!

Post by mShred on Sat Dec 14, 2013 4:35 pm
([msg=78499]see Re: SQLi on my site? Nah![/msg])

Quick lookover doesn't reveal anything.
Two things though. One, you should definitely get some more content so there's more chance for hackery.
And two. Update your apache server. This is actually crucial. Unless you've edited it to act like it's outdated, it's vulnerable to a few good exploits.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1689
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: SQLi on my site? Nah!

Post by Goatboy on Sun Dec 15, 2013 2:02 am
([msg=78506]see Re: SQLi on my site? Nah![/msg])

Also for the sake of those testing the site, bear in mind that while the OP does in fact own the site, he does not own the hardware it is running on. Legal troubles abound if you break something or get detected.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2788
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: SQLi on my site? Nah!

Post by Kataclysmic on Sun Dec 15, 2013 7:53 pm
([msg=78517]see Re: SQLi on my site? Nah![/msg])

mShred wrote:Quick lookover doesn't reveal anything.
Two things though. One, you should definitely get some more content so there's more chance for hackery.
And two. Update your apache server. This is actually crucial. Unless you've edited it to act like it's outdated, it's vulnerable to a few good exploits.

What type of content would you recommend? Also I cannot update the server because I do not own it as mentioned below. What about it acts outdated?
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 26
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests