SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Sep 2005
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Web site is hackable

    Hello,

    Iam working as IT Exec. my boss complained to me that our company`s web site can hack easily and can download the data easily, but I couldnt find out any loop hole of site, pls help me to indentify and rectify the issue

    thanks
    Lasantha

  2. #2
    Born to Code rainadaman's Avatar
    Join Date
    Feb 2005
    Location
    india
    Posts
    793
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    whatz your website address .
    Let me hack.
    I was born intelligent,
    But Google ruined me.

  3. #3
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This will need to be moved into the web security section. May I ask which programming language or server the website uses?
    [mmj] My magic jigsaw
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The Bit Depth Blog Twitter Contact me
    Neon Javascript Framework Jokes Android stuff

  4. #4
    l 0 l silver trophybronze trophy lo0ol's Avatar
    Join Date
    Aug 2002
    Location
    Palo Alto
    Posts
    5,329
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Lasantha
    my boss complained to me that our company`s web site can hack easily and can download the data easily
    I would ask your boss specifically what he's talking about and how it's easily hacked. This seems a bit inefficient; if he told you the information straight-up you could already be busy patching.

  5. #5
    SitePoint Wizard
    Join Date
    Dec 2002
    Location
    New Zealand
    Posts
    1,021
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree with lo0ol. If your boss is aware of a security hole they should tell you what it is so you can get onto fixing it.

  6. #6
    SitePoint Member
    Join Date
    Sep 2005
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rainadaman
    whatz your website address .
    Let me hack.
    thats is www.eyellowpages.lk

  7. #7
    SitePoint Member
    Join Date
    Sep 2005
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mmj
    This will need to be moved into the web security section. May I ask which programming language or server the website uses?
    web site is www.eyellowpages.lk
    language is asp
    db is sqlserver2000

  8. #8
    SitePoint Addict Richard Conyard's Avatar
    Join Date
    Jun 2005
    Posts
    373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well within the first 30 seconds ... not bad.

    Your site allows SQL injection - try http://www.securiteam.com/securityre...DP0N1P76E.html

  9. #9
    Freelance Web Guy freekrai's Avatar
    Join Date
    May 2003
    Location
    Penticton,BC
    Posts
    400
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also, before panicing too much, remember that the standard thing that makes bosses think a site is hackable is if they can view the HTML source.
    You should also protect against injedtion attacks ttoo.
    Roger Stringer
    DBStract - Build a database - Gather data - View it from every angle
    Other Sites: [ 1 ][ 2 ][ 3 ][ 4 ][ 5 ]


  10. #10
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    you might want to change this line....

    <script language="JavaScript1.2" fptype="dynamicanimation" src="file:///C:/Program%20Files/Microsoft%20Office/Office10/fpclass/animate.js">
    </script>

    No dangerous just a bit daft!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  11. #11
    Put your best practices away. The New Guy's Avatar
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    2,087
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    I wish I had a website that could hack
    "A nerd who gets contacts
    and a trendy hair cut is still a nerd"

    - Stephen Colbert on Apple Users


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •