Re: [Hack-A-Thon: End of round 1] Hack my site (Changing servers)
Take a look at some of the email addresses that were submitted. Was able to submit and it accept full php statements. Which means I can implant code snippets in the database for later use.
Ie. You do a JOIN with First Name last name to display on page. You will begin assembling code snippets for me.
You need conditionals to test for exactly the type data that will be submitted in each form field and most importantly escape anything and everything being submitted to you in forms. And lastly, escape everything.
Ie. You do a JOIN with First Name last name to display on page. You will begin assembling code snippets for me.
You need conditionals to test for exactly the type data that will be submitted in each form field and most importantly escape anything and everything being submitted to you in forms. And lastly, escape everything.