Hello all, this is my first blog post in English and my first blog post in the last 3 years, so be nice :)
Recently I found a very interesting DOM based XSS in one of the Pingdom’s services.
The service is Pingdom Website Speed Test .
Par saveta za pisanje sigurnog php koda.
Zaštita od SQL Injection-a
evo kao primjer jedan jednostavni kod: (traženje usera u bazi)
<form action=“.“ method=“post“>
<input type=“text“ name=“username“ />
<input type=“submit“ name=“sbm“ value=“Search!“ />
</form>
(…)
mysql_connect(„localhost“, „guest“); Continue reading “Sigurni php kod”
Lista za sada sadrži XSS i SQLi sigurnosne propuste komercijalnih web aplikacija.
Softver: BGS CMS
Web Sajt: www.bgs-cms.com
Ranjiva adresa: https://www.server/?action=search&search=[XSS]
Continue reading “Lista sigurnosnih propusta koje sam otkrio”
