Forgot your password?
typodupeerror
Security

+ - A Web Application Exploitation Expose->

Submitted by twistedmoney99
twistedmoney99 (1045980) writes "Installing an insecure web application is dangerous for the website operator, its visitors, the hosting provider, as well as any other clients of that provider. In an expose of one such web application, Seth Fogie walks through the testing of a commercial application (EZPhotoSales), gaining access to sensitive data, bypassing applications protections, finding permanent cross-site scripting bugs, gaining shell access, and obtaining access to the web pages and scripts of all the other clients of the hosting provider. If you are a user of this software, the article does include a few tips on how to secure the application. Ironically, the application developer did take measures to protect their intellectual property using ionCube (a PHP encoder) — if only the same efforts were made to protect the customer."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

A Web Application Exploitation Expose

Comments Filter:

An adequate bootstrap is a contradiction in terms.

Working...