How do people mess up website security? Just finished my new site and it is like you would have to fuck up on purpose for it to be insecure at all.
Explain how people fuck this up?
good job on the security when anyone can just get the last password from the input field history
oh look. someone tried. keyword: Tried
>At this point in 2015, if you have a vulnerable website you might as well give up now. I have a website and it was clear that you would have to be stupid to have a vulnerable website.
quote from OP in reddit
we haxed his website, the login was literally admin:password
'nother bored person here.
I got to the test_environment.php page. Was about to upload a dummy document. I uploaded a php script that dumps file contents, but I couldn't find where it went. I didn't get a chance to upload a dummy .pdf before the site died.
my guess is that the video, documents sites where built from the file names - hence he only allowed mp4 (video), doc and pdf (documents), everything else goes into the trash (or gets left behind somewhere, probably in htdocs still)
From what it looks like, the site is ridiculously unfinished. The admin page upload doesn't work (as far as I can tell). That honey.js file doesn't do anything either. Hell, I wouldn't be surprised if the Login_Check.php doesn't even check against a DB and just compares in plaintext.
If you really wanna do something, you'd probably need another route besides basic web app manipulation. Probably Apache server exploits or breaking in through SSH.
Also, if I had to guess, I'd say the website dev generates the file links on each of the content pages by PHP, so if you manage to upload a file to the Videos or Other folder, you might be able to make it show up on the front-facing page.
OP, why don't you go back to W3schools and learn how to make a proper login and administration page? This bullshit reminds me of when I too learned how to PHP.
Before you criticize others on website security, you should probably try learning how to properly webdev.
They don't show up, I think it's broken or not meant to show up immediately, no idea
I'm just fucking around, no intent on doing serious hacking here. I think OP was trolling anyways.
>made a website specifically for shitposting
>whole first month was people trying to break into it.
I did even prepare statement. Made a scrubber.
Site eventually got taken down because someone hacked my host. lel
It might be static, however each link item in the HTML looks too uniform and copypasta to be static. Who knows, OP could be retarded and just copy-pasted all his links instead of looping in PHP for them.
And same here. I don't think OP is trolling though. Based on his reddit user page at CyberPatriotArchives, he just seems arrogant and stupid.
No, its not a proper login page because you have no idea how to proper authenticate in PHP. The password field is plaintext and I don't even think you check your credentials against a DB, and even if you did, you probably stored your password in plaintext. Does Login_Check.php actually check a DB? Or does it just compare likeif ($username == "admin" && $password == "admin")
Okay guys, I'm in. OP is a mega noob. I got in through his shitty "honeybadger" thing. Got the geolocation applet running and used the code inside to inject commands right into his fucking server.
Top kek OP. Top kek.
Oh sorry. I should let you get back to sucking corporate cock discussing the newest phone or graphics card. Or even better, maybe you could go show off your l33t desktop on the desktop thread or your sooper_complex_program.c on the DPT while discussing traps.
Fuck off. This may be a shit thread, but its a change.