I have just made a full vulnerability test on your web-site -
http://cryptofate.comI have found
2 Major Issue,
3 Medium Priority, and
4 Minor security problems.
SQL InjectionIf an attacker send "$_POST" data like this, your database is accessable using different SQL Injection Tactics:
abtc=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&next=Show%20me%20about%20the%20address%20above
Cross-Site ScriptingAgain! If attacker sends "$_POST" data like this, a hacker can execute any Javascript code he wants at this moment:
abtc=1'%22()%26%25prompt(975737)&next=Show%20me%20about%20the%20address%20above
The rest are not Major holesFew application error messages.
Directory Access not Configured.
HTML forms without CSRF protection
and so on,,
Your web-site is not safe, and if someone really wanted to, he could
attack the Project/Copy Database/Tamper with Data.
Thank you, DevSoft.