Hey I know this site looks like shit but whatever check it out.
I especially like my cbox I created. I'm still not finished but I love it.
I am eventually going to do some more things but for now it's good how it is.
Try to exploit something. Don't ddos it or any lame crap (you'd have hell to pay from my isp) please.
But yeah my weakest point to exploitation is probably the cbox as it allows immediate display of input. But I've got a decent filter so have at it. I'm going to back everything up and if you do find a vulnerability PM me it. If you get into the server please leave it intact. It is my mom's computer and I don't want bad things happening as I just re-installed.
Anyways here it is: http://68.166.14.189
The register link is below the login.
learning php
-
- Fame ! Where are the chicks?!
- Posts: 291
- Joined: 14 Oct 2006, 16:00
- 17
- Location: Some hippy's van
- Contact:
spamming it works but due to someone showing me they would find the character limit I had to decrease it by 3. Untill at least I figure out how to split it up into rows. But right now it's like 100 chars.
Eventually i'm going to put a restraint on user-ip, and post-ip. My next big project are forums :-p.
Eventually i'm going to put a restraint on user-ip, and post-ip. My next big project are forums :-p.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
did some scans, and yes, it's secure so far...
but well, one or two little things you can/should do to make information gathering more difficult:
in httpd.conf look for ServerTokens and set it to
this will keep apache away from displaying it's version number on error pages or when being scanned.
in php.ini look for expose php and set it to 0 (default is 1), this keeps PHP away from displaying its version number.
but well, one or two little things you can/should do to make information gathering more difficult:
in httpd.conf look for ServerTokens and set it to
Code: Select all
ServerTokens Prod
in php.ini look for expose php and set it to 0 (default is 1), this keeps PHP away from displaying its version number.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
alright, no server version is displayed anymore:
and yes, simply change it to "off", it'll make this part disappear:
Code: Select all
HTTP/1.1 200 OK
Date: Mon, 30 Jul 2007 19:32:20 GMT
Server: Apache
Code: Select all
X-Powered-By: PHP/x.x.x