Type: Posts; User: niggles; Keyword(s):
Search took 0.01 seconds.
March 12th, 2009, 03:08 AM
The one thing the (quite old) article at WebmasterWorld doesn't say is always sanitise the user input or your database will be open to SQL Injection i.e
December 1st, 2008, 02:29 AM
There's no SSH access and it has to be an automatic process as the files are uploaded by the client through a Java-based FTP applet. I then need to strip out bad characters from the filenames after...
November 28th, 2008, 03:57 AM
I've been Googling my butt off and still found no satisfactory answer to this, so maybe there's someone here who can help.
I'm on a shared hosting environment and this can't change as it's...
October 22nd, 2008, 03:57 AM
To the best of my knowledge, if you are using https you need to call all assets as https or you will that message about mixed secure and insecure items. Calling an asset straight http will make...
August 15th, 2008, 04:04 AM
I took a screengrab when it happened this morning. It looks so nicely formatted it's so very tempting to click it :-)
It's possible it may be legit, but whether or not Adobe recommends only...
August 13th, 2008, 06:52 AM
For the last few days on Facebook I've been getting a message that my Flash Player is out of date and I need to update it. This happens on lots of pages, not just particular pages with user-uploads...
July 24th, 2008, 07:32 AM
They bought it second hand, so it could already have had it installed.
On the first page of this thread there are a couple of Trojans mentioned too which can open up these ports and/or install VNC...
July 23rd, 2008, 04:39 AM
I've used this Java applet to let clients upload files to our work website -
It's an FTP client so it allows large files that...
July 23rd, 2008, 04:22 AM
Since turning off VNC ports it's stopped happening. They did run a number of virus checkers and one of them picked up some possible virii, but as it costs money, they decided not to proceed any...
July 16th, 2008, 04:47 AM
When I first spoke to them, they said they replaced the mouse with a wireless one in case it was a problem with the mouse. But it's quite possible the first mouse was also wireless.
They do use...
July 15th, 2008, 12:20 AM
It turns out virtually all VNC and Remote Desktop options were on and the Firewall was allowing them through. They're all turned off now.
They said when the mouse moved it moved really quickly and...
July 14th, 2008, 07:39 AM
All good questions - I'll ask tonight when I give them a ring - Dad at least understands what I'm trying to talk to him about when it comes to computers :-)
July 14th, 2008, 04:39 AM
My parents computer running XP has started acting strangely. Unfortunately I can't see it in action as they're in a different state, but they say every now and then the mouse will start...
There's a disection of PHPBB3 capture breaking here as well as previous blog entries explaining the whole "floodfill" thing to break CAPTCHAs ->
April 28th, 2008, 04:52 AM
There's a script here that will look for subdomains : http://www.edge-security.com/subdomainer.php
They also have heaps of other cool tools for Pentesting.
April 7th, 2008, 04:28 AM
Instead if a CAPTCHA I use 2 extra fields to detect bot-behaviour.
One is "email_again" with CSS display set to "none" -> if this is filled in it's likely to be a bot filling every form.
April 2nd, 2008, 03:34 AM
Google "how to build a website" or similar to get some tutorials as a complete lesson on building a website is probably beyond the scope of this forum. Heck, after building them myself for 10 years...
March 25th, 2008, 03:29 AM
I had a play around with it when I first got a Bluetooth enabled phone 12 months ago, but didn't find any vulnerable devices after a month or so and erased it. It seems even here in Aussie-land the...
March 20th, 2008, 03:36 AM
I find it's useful for letting characters such as ' or " be entered into comment fields or in CMS backend without risk of terminating the SQL command.
March 20th, 2008, 03:32 AM
Ouch - I use VLC for playing .avi files on my Mac!
March 11th, 2008, 04:23 AM
I find that mysql_real_escape_string works the best as no matter what they put in or how you escape things it's not going to break the query.
The other thing, is to surround the column name with...
February 24th, 2008, 10:25 PM
SirDice - Sent you a PM with a link to see the code.
We ended up just wiping the server and and re-installing a clean backup of the site minus the areas we felt may have been the vulnerable entry...
February 22nd, 2008, 02:40 AM
One of our clients servers was hacked overnight (it appears through a vulnerability in the Sphider script we used) and a "Hacked By kangkung Indonesian Hacker" placed on the front page + a...
February 5th, 2008, 11:07 PM
Yes, it's a Dell Laptop running Vista. I looked at Internationalisation settings and keyboard setup, but none seem to enable the shortcut. The fact that a similar model had it working by default...
February 5th, 2008, 02:30 AM
I'm a Mac person and I've tried finding a solution to this with no luck so far.
On our new work PC running Vista and my girlfriends old Win 98 box, you can do ü and é type characters by...