Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Submission + - A Web Application Exploitation Expose (informit.com)

twistedmoney99 writes: Installing an insecure web application is dangerous for the website operator, its visitors, the hosting provider, as well as any other clients of that provider. In an expose of one such web application, Seth Fogie walks through the testing of a commercial application (EZPhotoSales), gaining access to sensitive data, bypassing applications protections, finding permanent cross-site scripting bugs, gaining shell access, and obtaining access to the web pages and scripts of all the other clients of the hosting provider. If you are a user of this software, the article does include a few tips on how to secure the application. Ironically, the application developer did take measures to protect their intellectual property using ionCube (a PHP encoder) — if only the same efforts were made to protect the customer.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

A Web Application Exploitation Expose

Comments Filter:

In the future, you're going to get computers as prizes in breakfast cereals. You'll throw them out because your house will be littered with them.

Working...