Closed Help website

[Ryze Main]

Possible pang pwede ma häçk yung gantong website? May gusto lang kase ako manalong candidate e haha. It seems na mahina lang security kase. nagagawa kong mag 5 votes in 1 account in just 1min using . Vote tapos pag loading i cancel ko agad then vote ulet. Ganun lang kadali i bypass yung 1 min interval bago maka vote ulet ng 1. maximum nya ay 5 votes per 1 fb account.

Maraming salamat po sa mga makakatulong

 

[moondhie]

Posibble, i think mahina security niyan.

 

[Ryze Main]

Posibble, i think mahina security niyan.

may alam kaba kung paano? hahaha

 

[moondhie]

may alam kaba kung paano? hahaha

Hahaha, you have knowledge on networking and programming. Sql injection, modified the cøøkíés.

 

[Migfus]

wag kang mag rely sa html at javascript functions. dun ka sa php or asp mag add ng security.

 

[Migfus]

For example pwede ko ma disable ang button gamit ang html code, which is user friendly sya pero madali lng ma edit. Kapariho din sa javascript.

Sa url naman yung may numeric variable sa mga redirects paki inhance sa post or get security kasi madali ma inject.

For example http:/website.com/user/delete/91 <-- ito ay other user delete function.
pwede ko rin maging http:/website.com/user/delete/1 <--- which is admin mostly id nyan.
Ma apply po yan sa edit at add

 

[Migfus]

Para ma inhance ang voting mo paki restrict lng na max 5 votes sa server. madali naman yan

 

[Migfus]

Paki iwas lng po sa injection para hindi ka ma troll, like <style>*{color:red}</style> or <script>...</script> etc,. Mostly sa textbox yan ma inject pag add or update