Saturday 31 October 2009

Venus.com.np Security Disclosure

Venus.com.np Hackz:



Last 4 lines of .htaccess:

AuthType Basic

AuthName www.venus.com.np

AuthUserFile /home/venus/public_html/_vti_pvt/service.pwd

AuthGroupFile /home/venus/public_html/_vti_pvt/service.grp





Example of poor coding:

<?php

$inc = $_GET['page'] . '.php';

if ($inc == '.php') $inc = 'home.php';

//echo $inc;

?>


Nothing more to say. You know how vulnerable they are. Happy Hacking!!! :)

2 comments:

  1. this is called fcked up coding... they need to learn...

    ReplyDelete
  2. still under construction. radiantnepal sucks

    ReplyDelete