Security Issues in most public Private Servers

Quote:

Originally Posted by cryz35 Nice thread, are you going to add aurora-azure security holes? Just wonder. I know some not important ones, may you see [Only registered and activated users can see links. Click Here To Register...] when you have free time?

If you want I can give you some information to help you protect it. There is still some exploits in your login form.

-jD

Quote:

Originally Posted by linkpad Your website is vulnerable, I can dump every database. I can even access account by decrypting md5 hash...

lol website part simply sucks, I didn't pay much attention :p Can you tell me the files?

Quote:

Originally Posted by »jD« If you want I can give you some information to help you protect it. There is still some exploits in your login form. -jD

I'll be glad to know the problems, thank you..

Quote:

Originally Posted by linkpad Have you find any exploits on [Only registered and activated users can see links. Click Here To Register...] ? Just for let me know

I'm currently running an Audit. First things first, you have a bunch of open ports running some exploitable version of software. Just lettin you know.

Also, there seems to be some time-based stuff in the signup form.

-jD

Are you sure I have a bunch of open ports ? I did a nmap, and there's only 8 ports opens.
Also I don't really understand what you mean by "time-based" stuff in the signup form could you explain a little ?

Thanks for the report I really didn't notice it

What is SQL Injection?

SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.

The underlying fact that allows for SQL Injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly.

For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt. Here is a typical example:

select * from users where username=’admin’ and password=’admin123′;

If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password.

admin’–

The query in the back-end looks like:

Select * from users where username=’admin’–’ and password=’xxx’;

Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:

Select * from users where username=’admin’;

So password check is bypassed.
For more: [Only registered and activated users can see links. Click Here To Register...]

I thought about adding to my sticky thread just in case somebody isn't as good as some coders here to know this.

btw:
Could you check my page again? :p

Just a heads up, still a bunch of exploits out there ;)

-jD

Good job

all those private servers out there are useless,

if you want to make a real safe, good and stable, you can do it alone but you need tobe a master designer, coder, and a genius :P, if you work in a team with talented people, like a designer, a coder, a cybersecurity expert etc.. then you can create a game just like do and release it, without being scared for bigpoint, blackgalaxy is kind of a simple version, of what i mean but it was hard to make,

so dont try to make a private server, if you dont know coding, hackers can get it down by studying the code and figuring out the weak spots. it''s pretty simple for a real talented coder.

and jd, what happened to ur private server ?

My Private Server is making a comeback. I'm working on getting everything back online now!

*cough* [Only registered and activated users can see links. Click Here To Register...] *cough*

-jD

lol -jD is alive!

server looks nice!


can't wait for it to come out

Well, new looks really nice! Waiting for server to come online ;)

If you need help in any ways feel free to PM me (translations, testing etc.).

Maybe you still remember me -Jd :P

Regards,
Nommo.

Quote:

Originally Posted by »jD« My Private Server is making a comeback. I'm working on getting everything back online now! *cough* [Only registered and activated users can see links. Click Here To Register...] *cough* -jD

I could spend some moduls to solve some comings soons. ;)