Submission + - A Web Application Exploitation Expose (informit.com)
twistedmoney99 writes: Installing an insecure web application is dangerous for the website operator, its visitors, the hosting provider, as well as any other clients of that provider. In an expose of one such web application, Seth Fogie walks through the testing of a commercial application (EZPhotoSales), gaining access to sensitive data, bypassing applications protections, finding permanent cross-site scripting bugs, gaining shell access, and obtaining access to the web pages and scripts of all the other clients of the hosting provider. If you are a user of this software, the article does include a few tips on how to secure the application. Ironically, the application developer did take measures to protect their intellectual property using ionCube (a PHP encoder) — if only the same efforts were made to protect the customer.