GoFuckYourself.com - Adult Webmaster Forum - View Single Post

iBOUNCER · 11-29-2004, 03:43 PM

OK, a few security concerns.

1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif

This is bad.

2) You are not validating input, equally bad; see:

http://www.dxan.com/cobra/model.php?...g%20input&id=1

You are escaping meta characters, which is a good thing.

Let me know if you need any help closing these things up.

Otherwise, looks cool

11-29-2004, 03:43 PM
iBOUNCER Confirmed User Join Date: Nov 2004 Location: Monster Rain Posts: 214	OK, a few security concerns. 1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif This is bad. 2) You are not validating input, equally bad; see: http://www.dxan.com/cobra/model.php?...g%20input&id=1 You are escaping meta characters, which is a good thing. Let me know if you need any help closing these things up. Otherwise, looks cool __________________ Secure PHP Programming - Secure E-Commerce Design Site & Server Security Reviews - Code Reviews The new and improved iBOUNCER. Give us a try. ICQ: 201971159 or http://www.iBOUNCER.com