Not logged in: Log In / Register You are here: Home » Script Reviews » Waks Ask & Answer (Script Review)

Waks Ask & Answer

Waks Ask and Answer script is very insecure. The script has un-cleaned data passed to the form via the $_GET superglobal array (i.e. via the url which anyone can maliciously edit to inject data into files), each question is stored without any decent sanitisation and it requires a directory CHMODed to 777 which can be used to execute "hacker's" files.

The suggested fixes on the Internet do not fix the biggest problems with this script and will not stop your hosting account from being hacked/cracked.

Verdict: Awful; I found this script insecure. Do not use.
Reviewed: 25th November 07 by Jem
Bookmark At: StumbleUpon, Digg

• Home
• Sitemap

Handy Stuff

• Code Converter
• Lowercase Converter
• Length Converter
• MD5 Hasher
• Code Snippets
• PHP Script Reviews

Downloads

• CSS Templates
• PHP Scripts

Top Links

• GoodPHPTutorials.com
• CodeGrrl
• 3till7: Geeky Stuff
• rev.iew.me

Resources

• IconBuffet
• Hackety Hack
• Other links?

tutorialtastic — ultimately better than pixelfx
Copyright © Jem Turner 2003-08. (About | Disclaimer | Link In)