Στις 8/11/2013 12:46 πμ, ο/η Tim Delaney έγραψε:
On 8 November 2013 09:45, Tim Delaney <timothy.c.dela...@gmail.com
<mailto:timothy.c.dela...@gmail.com>> wrote:
On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr...@gmail.com
<mailto:nikos.gr...@gmail.com>> wrote:
I feel a bit proud because as it seems i have manages to secure
it more tight. All i need to do was to validate user input data,
so the hacker won't be able again to pass bogus values to
specific variables that my script was using.
So we now have confirmation that Nikos' site is subject to SQL
injection attacks on anything that he is not specifically
validating. And I'm absolutely sure that he has identified every
location where input needs to be validated, and that it is
impossible to get past the level of validation that he's doing, so
the site is completely secure! Just like the last time he claimed
that (and the time before, and the time before that ...).
Not to mention the idiocy of exposing your web server logs to the
outside world ... (no - I didn't go there - I want no chance of getting
malware from his site).
Tim Delaney
It was necessary post post web server's logs by doing
tail -f '/usr/local/apache/logs/error_log'
so to display the error message i got.
Also i never claimed i was a professional coder, i am an amateur at a
beginner level and i do it out of hobby.
I could have designed my website in a CMS( wordpress, joomla) but i like
programming and wanted to design and learn to code at the same time.
Since i'm an idiot as you call me try to hack it yourself since you are
so smart.
And i don;t think it was an sql injection by the way.
It was just a manipulation of the 'page' variable my script is using.
Hacker was able to pass bogus info to that variable.
I believe he passed values to var 'page' via URL like
http://superhost.gr/?page='
--
https://mail.python.org/mailman/listinfo/python-list
