PT security scanner test

**lodlock** · 10-23-2006

One way or the other, the biggest problem with security is weak passwords. You could have the best security system in the world but a weak password will still bring you down. You yourself could periodically run some brute force or dictionary attacts (dictionary first). That way you can find who's members passwords were easily hacked and request that they change them.

mark · 10-23-2006

CODE FIXED for admin/userlog.php and admin/adminlog.php
============================================

IN admin/userlog.php and admin/adminlog.php look for this LINE :
---------------------------------------------------------

echo $p_arr[Action];

REPLACE it with this :
---------------------------------------------------------

echo htmlentities($p_arr[Action]);

**ijk** · 10-24-2006

hi
Cannot find the line below in adminlog.php

IN admin/userlog.php and admin/adminlog.php look for this LINE :
---------------------------------------------------------

echo $p_arr[Action];

The nearest match is below is that the one which needs to be changed.

Code:

<td align=center><? echo $p_arr[IP]?></td>
	<td align=center><? echo $p_arr[action]?></td>

mark · 10-25-2006

I should say PHRASE not LINE sorry

Just look for this : echo $p_arr[action];

Replace it with : echo htmlentities($p_arr[Action]);

The nearest match is below is that the one which needs to be changed.
Code:
<td align=center><? echo $p_arr[IP]?></td>
<td align=center><? echo $p_arr[action]?></td>

**ijk** · 10-25-2006

have done it in userlog.php but speaking here of adminlog.php

The is no

echo $p_arr[action];

we have echo $p_arr[action]

but no

echo $p_arr[action];

so which line have you found it on

thanks

mark · 10-26-2006

I think this :
$p_arr[action]

is same with :
$p_arr[action];

Maybe your copy of adminlog.php has no ";" semi colon after echo $p_arr[action]

Its ok to replace :
$p_arr[action]

With this :
htmlentities($p_arr[action])

Ranks · 11-03-2006

Originally Posted by lodlock

You yourself could periodically run some brute force or dictionary attacts (dictionary first). That way you can find who's members passwords were easily hacked and request that they change them.

Please I can't follow you here. dictionary attacts and how do I do that? Do I need a special software?

Thanks in advance

**lodlock** · 11-03-2006

Originally Posted by Ranks

Please I can't follow you here. dictionary attacts and how do I do that? Do I need a special software?

Take a look here. Here's a brief explanation and a few programs: http://en.wikipedia.org/wiki/Dictionary_attack

flofou · 11-08-2006

IN admin/userlog.php and admin/adminlog.php look for this LINE :

Hello,

I cant find adminlog.php or userlog.php in the admin folder

I am using aedating 4.1.0004
Where to modificate my script then?

Thank you

**ijk** · 11-08-2006

Look in the commerical mods section.
Userlog it is called

Thread: PT security scanner test

LinkBack

Thread Tools

Display

CODE FIXED (Sanitized) for admin/userlog.php and admin/adminlog.php

fix

Correction -- CODE FIXED for admin/userlog.php and admin/adminlog.php

no echo $p_arr[action]; in adminlog.php

Maybe your copy of adminlog.php has no ";" semi colon after echo $p_arr[action]

Commerical mods

Thread Information

Users Browsing this Thread

Similar Threads

goolag scanner

How to view test website from another pc?

Test Clean 6.0.1

test site

test

Bookmarks

Bookmarks

Posting Permissions