SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 32 of 32
  1. #26
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually when I put that code into my database.php file and press the hack button, some weird things come up instead:

    Array ( [0] => /home/directory/directory/mysite.info/update.php [1] => /home/directory/directory/mysite.info/database.php )

  2. #27
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The code crmalibu gave you is supposed to do that ... take a look at get_included_files and print_r.

    It's a way to help you make sure no other files are being included in your script ... something a hacker might do ...

    Also, when you put name="delete" in the <input> part of your delete form, not the <form> tag, does the hack script still work?

  3. #28
    SitePoint Enthusiast futureking's Avatar
    Join Date
    Mar 2009
    Location
    Bilaspur, Chhattisgarh, INDIA
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use a framework and forgot about security. My favorite is codeigniter. If you use frameworks then they will handle all security. This makes application development faster and easier.
    Freelance PHP Developer

    Portfolio Link http://abhinavsoftware.com

  4. #29
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When I put name="delete" in the <input> field but not the <form> field, the hack script doesn't work. If I put name="delete" the other way around, the hack script also doesn't work and everything is fine.

  5. #30
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    and if you put it back in both places?

    futureking's suggestion is also important once you start to understand how php works. Personally, I think it's good to step through the process as you're doing, learning the fundamentals: how and why certain commands and scripts work and how hackers can "break-in", but if you need to get an application up and running quickly a framework is your best bet. I haven't had experience with codeigniter yet ... another "popluar" framework is the zend framework.

  6. #31
    SitePoint Enthusiast futureking's Avatar
    Join Date
    Mar 2009
    Location
    Bilaspur, Chhattisgarh, INDIA
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi, danNL

    Zend Framework is very powerful framework. It is used by many websites. In comparison to Zend, Codeigniter is very very easy to learn. Code igniter is best if you want to create blog like application. But if you want to create very very large application then you should go with zend or symfony.

    Symfony is used by Yahoo Answers, Del.icio.us and Dailymotion.
    Freelance PHP Developer

    Portfolio Link http://abhinavsoftware.com

  7. #32
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks futureking ... nice tip I'll take a look at it


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •