 |
 |
 |
 |
|
|
|
Comments for: sporty20001102
| Message # 1013238: |
|
Date: 09/06/02 01:50
By: Andy Christianson Profile Subject: RE: Credit card hack -- will that work?? I did however find that several site (which will go unmentioned) have issues with basic messageboards or commenting. If they already do not filter HTML out of their posts, there can be a great risk to opening up certain issues in the site. For instance, this particular site has a Name and Email text box for posting a comment, you don't need to be registered and the max text length in both boxes seems to be like 50-75 chars... I successfully managed to mess with the html enough to completely fake that I was a registered user. Registered users have a little icon next to them and a link to their profile. This just proves that you can't trust data from users. I'm gonna go check my site over for these bugs =) |
Previous Message | Next Message |
| Comments: | ||
| Do you wanna buy Credit Card ? | Migawa | 12/29/04 01:54 |
| how do i hack credit cards | tosin | 11/18/04 13:43 |
| RE: Credit card hack -- will that work?? | john smith | 02/07/04 20:29 |
| A generic validation script for web forms? | Kelvin Poon | 09/19/03 11:22 |
| RE: Where to check? | Jester | 04/05/03 12:03 |
| Where to check? | Ian | 10/09/02 02:11 |
| Real Time Data | John | 10/06/02 10:27 |
| RE: What about this ? | Chris | 09/23/02 17:02 |
| What about this ? | Staffan Söderström | 09/13/02 06:37 |
| RE: Credit card hack -- will that work?? | Andy Christianson | 09/06/02 01:50 |
| RE: Credit card hack -- will that work?? | Andy Christianson | 09/03/02 16:51 |
| RE: Javascript form validation workaround | Mark Bembnowski | 08/20/02 11:54 |
| Security of $_POST[] | Jeremy Brown | 07/28/02 15:55 |
| RE: Very dangerous sql code possible | Daniel Tsadok | 07/16/02 06:24 |
| Javascript form validation workaround | Daniel Tsadok | 07/16/02 05:56 |
| Somebody has hacked my credit card | Parul Asha Singh | 07/14/02 11:11 |
| RE: When is it too much | Hari Usmayadi | 07/07/02 22:29 |
| check input | Wolfgang Hamann | 04/14/02 03:28 |
| unknown extension | Peter van Rooijen | 04/03/02 02:13 |
| excellent !! | mika | 02/02/02 09:15 |
| Un Normalised Table Into Un Normalised Data | Mehmood Ahmed Chadhar | 09/26/01 03:00 |
| RE: Credit card hack -- will that work?? | Grasso | 08/06/01 00:23 |
| RE: ...basic problem.. | Frans-Jan Wind | 07/24/01 02:38 |
| Page Caching | Unknown | 07/19/01 02:16 |
| ...basic problem.. | Van Tri | 05/04/01 08:49 |
| RE: Very dangerous sql code possible | Chris Boget | 04/04/01 13:16 |
| good solution | igor | 03/22/01 13:24 |
| RE: Credit card hack -- will that work?? | Michael McGinley | 03/13/01 11:44 |
| RE: http_refferer | Josh | 03/11/01 02:19 |
| Credit card hack -- will that work?? | Chuck Clayton | 02/15/01 11:13 |
| RE: Very dangerous sql code possible | Wojtek | 12/24/00 07:18 |
| RE: http_refferer | Michael Rowe | 11/26/00 00:46 |
| Very dangerous sql code possible | Greg MacLellan | 11/22/00 12:18 |
| Checking for bad SQL | Martijn | 11/14/00 11:05 |
| http_refferer | Adam Zochowski | 11/13/00 12:51 |
| It's array_push not push_array | John Miller | 11/10/00 15:34 |
| RE: Also need to strip HTML tags from input | spencer p | 11/10/00 11:53 |
| Also need to strip HTML tags from input | John Lim | 11/09/00 10:03 |
| RE: When is it too much | spencer p | 11/04/00 16:59 |
| RE: When is it too much | Tim Frank | 11/03/00 23:38 |
| When is it too much | CCBCREG | 11/03/00 13:35 |
| Article | Marc | 11/03/00 03:14 |
| Excellent ! | Bjorn Sodergren | 11/03/00 01:23 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
