Need testers on my website

I win i got admin rights, it was kind of a joke. You have a serious programming error.

i was there, as ***** there are some bugs and major errors like php injection .. you need to review the email part.. i could insert code with injectioning..

You need to change the forget password. Because anyone can change the password from any user.

comando300 wrote: You need to change the forget password. Because anyone can change the password from any user.

Way to give away the big highly unknown secret.;) /sarcasm

if you submit it over at my site http://www.fixedbeforehacked.com me and my team will take a look at your site as well. Seems though you need to patch quite a few things from previous posts in this thread, but i will take a look and see what i can find.

i have sql injected the "forgot password " so i think i have changed the beast :D

good luck

Regards :ninja:

well for sql injections, make sure you put quotes around every thing like instead of:

$sql="SELECT * FROM table WHERE id=$id";

put this instead of above

$sql="SELECT * FROM table WHERE id='$id'";

also use the function addslashes() to make sure they can't put in ' or " in to mess up the query. what really helps is having magic_quotes turnen on in the php.ini file however you may not have access to that since you are on a free hosting site.

Got msn