 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 112
 Members: 0
 Total: 112
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| madman |
|
| Replies: 6 |
| Views: 12126 |
|
|
 |
|
 |
|
bit of detail or that...? mod-rewrite
Mod-rewite is powerful Apache module to "rewrite" or replace request's URLs. You can replace an url like this:
http://foo.bar/request.asp?cookie=xxx
into:
... |
|
|
|
| madman |
|
| Replies: 8 |
| Views: 18727 |
|
|
|
|
|
|
Maybe it will be better if we change it to:
Yes, it should be fine. Here another one pass:
if (preg_match('/(\?|\&)(admin|user|\=?http|id)/i', $checkurl)){di ... |
|
|
|
| madman |
|
| Replies: 16 |
| Views: 33179 |
|
|
|
|
|
|
I'm back !
And I'm waiting. 
Is possible echo smiles without make some security holes ? To echo smiles i made this piece of code but I think is not so secure  
I didn't see what ... |
|
|
|
| madman |
|
| Replies: 6 |
| Views: 12126 |
|
|
|
|
|
|
Use mod-rewrite.
But it useless though, because you try to catch cookies only under your domain. |
|
|
|
| madman |
|
| Replies: 2 |
| Views: 10312 |
|
|
|
|
|
|
... and works with server under Windoz OS only. 
Mac and *nix system has no idea with such *.exe file. |
|
|
|
| madman |
|
| Replies: 6 |
| Views: 14921 |
|
|
|
|
|
|
u right , maybe the next mysql version have this feature,
so the multiple sql queries can be executed like mssql...
Well, mysql indeed support multi queries separated with semicolon chars. But serve ... |
|
|
|
| madman |
|
| Replies: 4 |
| Views: 13329 |
|
|
|
|
|
|
yea madman need Sub-forum for cms comparison
This is a call of duty for Icenix. |
|
|
|
| madman |
|
| Replies: 4 |
| Views: 13329 |
|
|
|
|
|
|
Nice to hear about that.
Well, because there's no special forum for cms comparison, maybe I'll need to just ask here. What is the most secure cms software, in your opinion? I've heard that WebGUI ... |
|
|
|
| madman |
|
| Replies: 7 |
| Views: 15141 |
|
|
|
|
|
|
Well, is there any translated tutorial instead of in Indonesian language only? Nice to see bosen.net now grown and become pupular, after hackerlink community goes down. 
btw; Merdeka, Bung! |
|
|
|
| madman |
|
| Replies: 7 |
| Views: 13947 |
|
|
|
|
|
|
no lammers software or scripts for newies 
Hehehe... Good point, Argentino.  |
|
|
|
| madman |
|
| Replies: 5 |
| Views: 13905 |
|
|
|
|
|
|
but I doesnt understant what can i do with that exploit if information what i'm getting is uselles , maybe i must wait while another user is loged on that forum ant then i will get his psw or what ?
... |
|
|
|
| madman |
|
| Replies: 4 |
| Views: 11920 |
|
|
|
|
|
|
| To be honest, I never rely on addslashes() function only. |
|
|
|
| madman |
|
| Replies: 5 |
| Views: 13905 |
|
|
|
|
|
|
So forum_sid is password in md5 hash
Incorrect. Sid -- as the name say it -- is session id. This id generated randomly as an "unique" id to the session table, along with user data such as user id, pa ... |
|
|
|
| madman |
|
| Replies: 4 |
| Views: 11920 |
|
|
|
|
|
|
Just an addition. Use addslashes instead of stripslashes.
This code can be used to sanitize single- or double-quote regardless of magic quotes in effect:
function quote_me($str) {
... |
|
|
|
| madman |
|
| Replies: 16 |
| Views: 33179 |
|
|
|
|
|
|
Variable taked from database but not used later for sql INSERT or SELECT (only "echo" on page), have to be sanitize ?
No, unless you do care with "dangerous" html tagging on the text string. ... |
|
|
| Page 1 of 3 |
Goto page 1, 2, 3Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
