1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Your site is vulnerable

Discussion in 'BlackHat Lounge' started by tnenad, Dec 18, 2012.

  1. tnenad

    tnenad Regular Member

    Joined:
    Jul 13, 2009
    Messages:
    214
    Likes Received:
    174
    Location:
    Serbia
    What would you do if you receive an email (not a spammy one) that says that your site is vulnerable to SQLi/RFI/XSS... ?
     
  2. SUPER CHAMP

    SUPER CHAMP Junior Member

    Joined:
    Dec 1, 2012
    Messages:
    153
    Likes Received:
    43
    Take precautions?

    SQL injections are used to inject codes in website to gain access to databases to get the admin password.
    XSS uses java scripts, someone can cookie steal your sessions with it.
    Google precautions from SQLi/XSS because these ones are pretty common.

    RFI(remote file inclusion) is dead.
     
  3. Oukast

    Oukast Senior Member

    Joined:
    Jan 11, 2012
    Messages:
    832
    Likes Received:
    683
    Location:
    Under the palm tree
    As long as they are not trying to sell anything, you should really look into it - I know many people do stuff like that in just good faith, maybe revealing major issues to business/website owners, and kinda just telling them that "If you appreciate this gesture, then consider a donation".
     
  4. tnenad

    tnenad Regular Member

    Joined:
    Jul 13, 2009
    Messages:
    214
    Likes Received:
    174
    Location:
    Serbia
    My point was NOT in the type of vulnerability...
     
  5. iboga

    iboga Junior Member Premium Member

    Joined:
    Apr 2, 2009
    Messages:
    106
    Likes Received:
    12
    Occupation:
    project manager / company owner
    Location:
    France
    Check your forms and sanitize all the fields on your website
     
  6. tnenad

    tnenad Regular Member

    Joined:
    Jul 13, 2009
    Messages:
    214
    Likes Received:
    174
    Location:
    Serbia
    It's not about my website. I posted it as a general question.
     
  7. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Let me guess, you hacked or can hack someone and you're hoping that they will reward you after you let them know that their site is vulnerable?
     
  8. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,147
    I 'd wonder why I mailed myself about it :D
     
  9. SUPER CHAMP

    SUPER CHAMP Junior Member

    Joined:
    Dec 1, 2012
    Messages:
    153
    Likes Received:
    43
    Work with the latest version of whatever your planning is, say if you are planning to make a forum on vBulletin just pick latest one & let them do updates.

    There is a software called Havij enter your website there if it gives you all databases then your website is easily hackable.

    For checking XSS there are some javascripts enter that in text boxes, if see popups then your site is hackable. Setting up XSS hack is pretty difficult.
     
  10. necro

    necro Regular Member

    Joined:
    Dec 23, 2010
    Messages:
    292
    Likes Received:
    189
    1. You will be a nice guy write them and you will get absolutly nothing.
    1.1. Of 20 siteowners on bhw i emaild about hacking-problems, 1 gave me a freebie and thanked me.
    19 didnt even care

    2. you will own them and leave them crying why it happened to them.

    Do what you want, but think about karma
     
  11. tnenad

    tnenad Regular Member

    Joined:
    Jul 13, 2009
    Messages:
    214
    Likes Received:
    174
    Location:
    Serbia
    I think that all of you got me wrong :\
     
  12. saxgod

    saxgod Regular Member

    Joined:
    Sep 19, 2010
    Messages:
    351
    Likes Received:
    337
    Maybe you should elaborate a bit more then and don't be so vague.
     
    • Thanks Thanks x 1