The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Penetration testing
#1
Hi,

I was just wondering if any penetration testing has been done with userspice 4.0.

Looking at the code, it appears that the validation is triggered by a javascript (onclick event) which then triggers the jquery call to the server-side validation. If I spoof the registration form and tinker with the client-side javascript, it seems possible to make database entries in the user table with no server side validation.

When I get a bit of time, I'd be happy to have a go and show the results. I'm no expert on php coding though, so I don't know if I'd be able to offer a fix. Also, I could be wrong.

Anyone looked into this?

T.

  Reply


Messages In This Thread
Penetration testing - by tomdickson - 03-18-2016, 09:30 AM
Penetration testing - by tomdickson - 03-18-2016, 11:56 AM
Penetration testing - by mudmin - 03-18-2016, 01:21 PM
Penetration testing - by mudmin - 03-18-2016, 01:26 PM
Penetration testing - by tomdickson - 03-19-2016, 02:14 AM
Penetration testing - by mudmin - 03-19-2016, 04:45 PM
Penetration testing - by mudmin - 03-23-2016, 01:14 PM
Penetration testing - by brian - 03-23-2016, 03:36 PM
Penetration testing - by tomdickson - 03-23-2016, 07:23 PM
Penetration testing - by mudmin - 03-25-2016, 01:27 PM

Forum Jump:


Users browsing this thread: 9 Guest(s)