FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How about a chance?





JensDuck
I recently have been suspended on accusations my script I am developing is considered "very vulnerable for hacking" I have felt my php programming is not the worst, nor the best but I am stuck without host due to this... I feel that I need a live audience to bug hunt, I was told to use XAMPP of which I did do for 4 years developing my website... This is not a rant/rave over not having hosting... but not having a chance. PHP scripts are so very vulnerable just look at there PHPBB 'viewtopic.php' Remote Code Execution Vulnerability and way more I shouldn't post to put anyone at risk...
JensDuck
Code:
 <?php

require_once 'header.php';

$pagetitle = 'Newest Updated Blogs';
$pageheader();

echo '<h1>Latest Entries</h1>';

$toplinks = array();

$toplinks['blog.php'] = 'Your Blog';
$toplinks['add_blog.php'] = 'Add Entry';

$pageuserbar($toplinks);

?>

<div class="container">
<h2>Newest 20 Blogs</h2>
<table>
<?php echo $homepage->blog_posts(); ?>
</table>

</div>

<?php
$page->footer();
?>


I don't see how this was considered
Quote:
very vulnerable for hacking


Please let me know something.
jajarvin
First of all what is your operating system?
There are XAMPP for Windows, foe Linux ans for OS

This article my help you Web Hacking Lesson 4 - File Include Vulnerabilities because you have some includes in your code, for example:

r
Code:
equire_once 'header.php';
deanhills
JensDuck wrote:
This is not a rant/rave over not having hosting... but not having a chance. PHP scripts are so very vulnerable just look at there PHPBB 'viewtopic.php' Remote Code Execution Vulnerability and way more I shouldn't post to put anyone at risk...
The vulnerability you refer to is dated 2004 and has been updated a long while ago:
https://www.phpbb.com/community/viewtopic.php?t=302011

phpBB has a whole team of experts to check on exploits and vulnerabilities of their script. They are turning out new versions on a regular basis with plenty of security updates. Hence why security rule no. 1 is to always use an up to date script for a Forum. Any older versions of phpBB, myBB or any of the other Forums will have vulnerabilities for exploits.

Not only is the script you are using out of date, but it is dated 2006 from an unverified source. Coupled with the fact that you are experimenting with php when you are not fully up to date with php exploits and their consequences, this is a really big risk for a shared server to take on. Refer Frihost TOS:
Quote:
Any of the following is strictly not allowed, unless stated otherwise.
[..]
10. Out of date and insecure websites and/or scripts that are easily abused/hacked.
Related topics
New Xbox has chance to be No. 1, Gates says
We took a chance...
Give Peace a Chance - my poem
We took a chance
Hmm.. Perhaps a chance for misusers?
today ,i lost a chance for a good job
Brasil campeão????
Data recovery - last chance (Server 1)
X3 Talk Wiki Site Advertising
Bush: last chance to reward the oil companies.
Why take a chance on being Christian?
NBA - Who wants Webber?
proof we all didnt just "Happen" by chance.
random stranger, chance meeting & casual dating
Dating Sites/Social Networks the only chance for love?
Reply to topic    Frihost Forum Index -> General -> Suggestions

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.