web site security test

#1
dimitry

Posted 26 June 2009 - 06:44 AM

Learning Programmer

Members
40 posts

Hello,

do you know any programm wich could test the security of my web site in local area? I don't find any... perhaps my key words are not precise enough... Any idea is welcome!

Thanks from advance!

Lord Darkdriver by Dimitry

#2
WingedPanther

Posted 26 June 2009 - 07:25 AM

A spammer's worst nightmare

Moderators
16,831 posts

I know there are security suites for checking for SQL Injection and other attacks. Search for "sql injection test suite" and you'll get a bunch of hits.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#3
BlaineSch

Posted 26 June 2009 - 10:06 AM

Writes binary right handed and hex left handed

Members
2,448 posts

I am sure if you posted your website a few of us could look at it. If you were even willing to post your source we might even take a quick look at it.

Google - I'm Feeling Lucky | Youtube Classes! | BlaineSch's Project Blog

Posted Image

#4
dimitry

Posted 29 June 2009 - 12:22 AM

Learning Programmer

Members
40 posts

Hello,
WingedPanther, your idea is good, I'll look with it.
BlaineSch, you're right, here you are!(in attachement)
bye.

Attached Files

welcome_message.php 731bytes 37 downloads
questionnaires_remplir.php 4.85K 34 downloads
questionnaire_1.php 85bytes 36 downloads
logout.php 787bytes 31 downloads
menu.php 983bytes 30 downloads
query_reponses_formulaires.php 195bytes 38 downloads
inscription_info_mail.php 41bytes 33 downloads
info_user_fixe.php 1.18K 37 downloads
inscription.php 2.47K 36 downloads
inscription_admin.php 2.72K 28 downloads
info_user_change.php 1.01K 31 downloads
info_user.php 612bytes 24 downloads
index.php 1.58K 27 downloads
control_login.php 2.32K 24 downloads
error.php 634bytes 41 downloads
control_inscription.php 1.25K 40 downloads
control_inscription_admin.php 1.32K 37 downloads
close_db.php 24bytes 37 downloads
accueil.php 786bytes 45 downloads

Edited by Jordan, 29 June 2009 - 11:39 AM.

Lord Darkdriver by Dimitry

#5
BlaineSch

Posted 29 June 2009 - 06:07 AM

Writes binary right handed and hex left handed

Members
2,448 posts

Yes its a huge security vulnerability to post your user/pass to your database!!! Remove that **** connection file now before you get screwed! and change your pass once your done!

Google - I'm Feeling Lucky | Youtube Classes! | BlaineSch's Project Blog

Posted Image

#6
BlaineSch

Posted 29 June 2009 - 06:12 AM

Writes binary right handed and hex left handed

Members
2,448 posts

Is there a curse word filter on the forums? Odd I never saw that before..

I have been through a few of your files and yes your website is very very vulnerable. Here is a preview of what I have gotten so far. If you want more you will have to pay me. Or maybe some nice person will finish this off for you.

Quote

Accueil.php

Filter cookies input on line 7, 12, 13

Control_inscription.php

Even tho you are doing error checking on this - you should also keep track of how many you are sending per hour and probably limit it so you dont get somebody who is trying to crash your server. Probably justl ike a database row or a file or somethign that just keeps track of how many you send to limit it.