PHP Security and/or Lack Thereof

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply

How Secure is Your Site?

Very Secure
1
33%
Pretty Secure
1
33%
Never Secure Enough
1
33%
 
Total votes: 3

User avatar
Saethyr
Forum Contributor
Posts: 182
Joined: Thu Sep 25, 2003 9:21 am
Location: Wichita, Kansas USA
Contact:

PHP Security and/or Lack Thereof

Post by Saethyr »

Yesterday I found a neat little site called http://www.hackthissite.org on this site are many "missions. In these missions you learn to exploit several vulnerabilities in MySQL, PHP, SSI, and Javascript that will allow a hack to infliltrate your website. I think it might be worthwhile for newbies and veterans alike to check this site out, I found many things that I would have overlooked before completing all the basic hacking and 4 of the realistic missions. Opened my eyes and I thought I would share it with those who had never seen it. I am now considering writing a security tutorial for newbies who might not think about things like SQL injection, SSI directives, address bar javascript and referrer spoofing.


Saethyr
Eternal Newbie 8O
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

that is definatley an interesting site...
here's a nice article about how to get the real IP address through proxy servers
http://www.hackthissite.org/readarticle.php?id=44

Code: Select all

<?php
<?
if (isset ($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$UserIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
}else {
$UserIP = $_SERVER["REMOTE_ADDR"];
}
print $UserIP;
?>
?>
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

here is an article that explains how to crack MD5

http://www.hackthissite.org/readarticle.php?id=353
Post Reply