Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
New Ownership - Policies and Changes Going Forward
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


Wanting to learn filter_list
Author
Message
Slacker Offline
@Skullmeat loves me
Registered (Legends)
Twelve Years of Service
Posts: 1,454
Threads: 124
Reputation: 105
Currency: 142 NSP
Super Elite
Wanting to learn 01-26-2013, 05:01 AM #1
Ok I am wanting to learn for educational purposes, There is one site i want to play around and test this on but it is ran by my self. If any one is willing to teach me how to exploit weaknesses in a site it is greatly appreciated. I am wanting to learn incase my site is ever takin down when we get it up and running, like what to look for and what to make sure is not a vulnerable weakness Smile
I am fairly educated and catch onto shit fairly quick so there wouldnt be any need to repeat your self over and over to me.

Reply

i0xIllusi0n Offline
Eye for an eye, but I don't need to see.
Registered (Legends)
Twelve Years of Service
Posts: 919
Threads: 36
Reputation: 4
Currency: 0 NSP
Super Elite
RE: Wanting to learn 01-26-2013, 05:13 AM #2
If your website uses SQL, make sure you protect from SQL Injection, which you can do from PHP.
Prevent XSS, which you can also do from PHP.

If you have a login, hash your passwords. (More hashes in an algorithm = better security)
If you have a login, add a function to deny access if they have too many requests in a short amoutn of time (to stop brute force)
If you store cookies, encrypt the cookies and hook it with something, (like IP) to stop cookie stealing.
Have an Anti-flood script.

Reply

Slacker Offline
@Skullmeat loves me
Registered (Legends)
Twelve Years of Service
Posts: 1,454
Threads: 124
Reputation: 105
Currency: 142 NSP
Super Elite
RE: Wanting to learn 01-26-2013, 05:16 AM #3
ok but how do i do this stuff lol
Also wanting to learn and try on my site, strictly for educational purposes of course (legal disclaimer lol)

Reply

i0xIllusi0n Offline
Eye for an eye, but I don't need to see.
Registered (Legends)
Twelve Years of Service
Posts: 919
Threads: 36
Reputation: 4
Currency: 0 NSP
Super Elite
RE: Wanting to learn 01-26-2013, 05:27 AM #4
Well here's a sanitize function...

Code:
function sanitize($sql, $formUse = true)
{
    $sql = preg_replace("/(from|order by|concat|group_concat|src|select|insert|delete|where|drop table|show tables|,|<|>|'|#|\*|--|\\\\)/i","",$sql);
    $sql = trim($sql);
    $sql = strip_tags($sql);
    if(!$formUse || !get_magic_quotes_gpc())
    {
        $sql = addslashes($sql);
    }
    return $sql;
}

To hash your passwords, you can use MD5. md5($data);
Anti-flood would prevent brute force, if you use it right. There's a thread on here with an anti-flood script. Could use that.
To encrypt cookies, you can use Base64 or other encoding methods to do that. Make sure it's with a salt though, or anybody can decrypt.

Reply

w00t Offline
I'm here to make you think differently.
Registered (Legends)
Twelve Years of Service
Posts: 1,244
Threads: 7
Reputation: 0
Currency: 48 NSP
SmartSuper EliteLegendaryGold
RE: Wanting to learn 01-26-2013, 07:17 AM #5
http://php.net/manual/en/mysqli.real-escape-string.php

There's a function for sanitation.

Reply

Slacker Offline
@Skullmeat loves me
Registered (Legends)
Twelve Years of Service
Posts: 1,454
Threads: 124
Reputation: 105
Currency: 142 NSP
Super Elite
RE: Wanting to learn 01-26-2013, 07:27 AM #6
Thanks guys. Hopefully I will be able to get someone on join.me or TeamViewer or w/e to help. That would be dope!

Reply







Users browsing this thread: 2 Guest(s)