multiple SQL injection vulnerabilities.
this is not anywhere close to professional.
this is not anywhere close to professional.
thx you R3wt for these words ....
its definly more easy to run scanner from Kali ,instead code from scratch this open source exchange
you cannot sweep the work just for some basic (important also) security breach
also as i said exploit need POC so please if you can report and show it would be a good contribution at least
you wont find LFi/RFi here , maybe an xss or sql injection as u find
as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this
it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)
i would recommend to also change request $GET to $POST
Looking through your source code, i found many of the same vulnerabilities that were in the original OpenEx scripts that i cowrote(In fact, some of the code is copied directly from OpenEx source code). To put it into perspective, i had no idea what i was doing back then(first experience with programming, delusional about my abilities). I do now:
https://github.com/OpenExLLC/web -- No Release candidate yet
https://github.com/OpenExLLC/live --0.1 Release
https://github.com/OpenExLLC/mail -- Release Candidate is untested
This exchange will be scalable, secure, and just generally awesome. If anyone wants to join this effort, you're more than welcome to. There are other components to the system, however these are the only ones i've made public at this time, Mostly because some are yet to be implemented or are waiting on other things to be completed so they can be tested.