Originally Posted by
KFlint
while agree with you post in general, this quote is completly wrong and makes me wonder if you know anything about programming...
I should point out that while no back end code is present, you can actually test whether a site is secure by analysing, then modifying, some elements of HTML.
I use a FireFox utility called hackbar, that allows me to modify the query string of, and reload, an HTML page. This means that I can detect if the code is secure.
An example of an old forum bug (hopefully sealed by now), is the quote bug, where you quote a message, which gives you an edit window. On the bugged version of TBS forums, you could modify the 'postid', and it would reload the specific post, and the 10 preceding posts of that thread. There were no checks to ensure that you had access to that specific thread.
Another way to determine if a site is secure is to play with the POST values, and see if you can access restricted areas.
Finally, cookies allow another entry into an insecure system.
Needless to say, a secure system will bounce you out if it detects that you are trying to access a restricted area. A secure system will also deal with SQL injection (which is achieved via HTML). A really secure system will also bounce malicious javascript.
You'd be surprised at how many systems I have been able to compromise, with just a simple bit of HTML modifying. Thankfully, most owners took on board my suggestions, and hardened their sites.
Bookmarks