2
2

Got Hacked :(

But not this blog P

I asked a few people from Neowin IRC to have a look at my blog project for uni, and to see what holes they could come up with. Seems like I made some major mistakes in not properly checking the input of a post.
They managed to add some javascript to the page by posting, and borked the page, nothing serious, just a js redirect. I’m not sure if they could have done it without the demo account, so at the moment, I’ve decided to disabled it.

The good news is I fixed all the bugs (I hope) found by them, and so far so good. It was interesting to see what a silly mistake it was that I made, it could’ve been much more serious if it had been a malicious person. But, I did learn a few good things out of this, mainly ALWAY validate the input before doing anything else first. Thanks to Dev and Kudos for having a look, and telling me how to fix it. )

The posts they made are still there, so if you wanna have a look, head over here and see what the mistake was. Their posts will probably be deleted once I import the database next time, so if it ain’t there, then see a screenshot here.

Leave a Comment add_comment




grin ! ? P wub wink whistle wassat w00t unsure smile sleeping silly sideways sick shocked sad pouty pinch ninja lol kissing heart happy getlost face dizzy devil cwy cool cheerful blush angry angel alien