I haven’t had time of late to do a detailed analysis of scripts that I’ve found to be unsafe for whatever reason, so I’m going to do a quick flick through of my list with basic reasons why. I’ll also try and provide links to “safe” alternatives where possible.
Skip links:
Simpbook, XueBook, PHPFanBase, Enthusiast3, phpKIM’D, faqtastic, [...]
Sep 18th, 06 @ 19:08 · Scripts, Security · 43 Comments
As most of you are aware, some issues were found with some of the CodeGrrl scripts late last year and an announcement was made with the necessary fixes. Unfortunately, despite these fixes being easily and freely available people still ignored the risks (despite hundreds being exploited) or even worse: deleted the protection.php file (which had [...]
Sep 13th, 06 @ 19:45 · Ranting, Scripts, Security · 24 Comments
I recently took a look at faqtastic, by Cine of INEXISTENT scripts, to try and figure out why a friend was repeatedly being hacked. Much to my disappointment I found several holes in the script most commonly caused by a lack of validation. It’s also jam-packed with errors (only noticeable when error_reporting() is whacked up [...]
Aug 23rd, 06 @ 17:09 · Scripts, Security · 0 Comments
I was directed to pootato.org’s Dynamic Inclusion tutorial yesterday by somebody who has been using it, and as a result have been “hacked” — index page defaced as well as a fake banking website/etc put on her web space. This girl could potentially land in serious trouble, depending on how forgiving her hosts are, because [...]
Aug 19th, 06 @ 13:06 · Scripts, Security · 25 Comments
With the current surge in “hackings” (or rather: script kiddies exploiting known holes to deface websites that don’t support their view on the war) I’ve been going through a lot of scripts to find common and easy to fix vulnerabilities. With my fingers crossed, and perhaps a naive hope that people don’t release scripts with [...]
Aug 18th, 06 @ 18:52 · Coding, Security · 11 Comments
I’ve released part one of what I hope will be a series of PHP security articles — a PHP Script Checklist for those developing or looking to develop their own scripts. If you have any thoughts on PHP security problems that you’d like to be covered in part 2, or you’re an ‘expert’ and want [...]
Aug 3rd, 06 @ 20:09 · Security · 17 Comments
As I’m browsing around various personal websites and forums I see people offering up space on their domains for those who can’t/won’t buy ‘proper’ hosting for one reason or another, and every time I see these offers I cringe. I cringe at the naivety of these trusting website owners, and at the lack of published [...]
Jul 20th, 06 @ 12:15 · Security · 30 Comments
Firstly, this is not a tutorial on how to write your own Content Management System (CMS).. if I were to write a tutorial on creating a basic CMS it’d be featured on tutorialtastic. This is just a list of things to consider when you decide to embark on the adventure of writing your own CMS.
Security
I [...]
May 2nd, 06 @ 14:16 · Coding, Security · 13 Comments
An Enthusiast3 user recently asked at thefanlistings.org message board how people were inserting non-standard data via the join form using what should be a restricted drop-down menu. The answer to that bit was easy: form spoofing. This bit is not important, it is possible to do this for many, many forms on the Internet. The [...]
Apr 27th, 06 @ 10:06 · Scripts, Security · 24 Comments
In a way this post is mislabeled, because it’s not really WordPress and more a case of badly set permissions..
Anyway, to get to the point: I’ve been to several weblogs today based on WordPress which have been exploited because of dodgy set permissions. Unfortunately at the time I’ve had several websites open generally and can’t [...]
Nov 28th, 05 @ 23:28 · Internet, Security · 25 Comments
![[feed]](/images/feed.gif)
Copyright © Jem Turner 2000-08. Powered by WordPress. 
(Report a Typo · Sitemap)