PHP Security Check, SQL Injection
Required skills: MySQL, OSCommerce, PHP, Website Security
We use osCommerce for all our clients and provide specific plugins to them.
However, one of the plugins got hijacked and we could only remove it from the shop.
The client needs the plugin and we could not find out how someone could break through it. Most probably it was a SQL-Injection.
We will send you the entire source code of the oscommerce plugin and your job is to find the insecure line and fix it.
We will not give you access to the client's shop system for testing, of course.
This means: you should set up a simple oscommerce at your localhost or test server. Copy the plugin into it and test it there.
Then, let us know if you found the bug. If so, we will send you the payment in advance and after that, you tell us where you found it and also how to fix it.
Payment is in advance with 100% - no escrow and no payment if you can not find it.
The job requires very high PHP and security skills. If you are not experienced in this subject, please do not bid/waste your and my time.
I will send you the oscommerce plugin after bid. As soon as i have your confirmation that you found the bug => project awarding to you, full payment, delivery of fixed script and rating.
Please do not ask for exceptions. References are useless here. The only thing that counts for us, is: whether you find the bug or not.
This security issue is worth a lot and very important. That's why the budget is that big for it.
Looking forward to delivery asap to get the shops online again.
However, one of the plugins got hijacked and we could only remove it from the shop.
The client needs the plugin and we could not find out how someone could break through it. Most probably it was a SQL-Injection.
We will send you the entire source code of the oscommerce plugin and your job is to find the insecure line and fix it.
We will not give you access to the client's shop system for testing, of course.
This means: you should set up a simple oscommerce at your localhost or test server. Copy the plugin into it and test it there.
Then, let us know if you found the bug. If so, we will send you the payment in advance and after that, you tell us where you found it and also how to fix it.
Payment is in advance with 100% - no escrow and no payment if you can not find it.
The job requires very high PHP and security skills. If you are not experienced in this subject, please do not bid/waste your and my time.
I will send you the oscommerce plugin after bid. As soon as i have your confirmation that you found the bug => project awarding to you, full payment, delivery of fixed script and rating.
Please do not ask for exceptions. References are useless here. The only thing that counts for us, is: whether you find the bug or not.
This security issue is worth a lot and very important. That's why the budget is that big for it.
Looking forward to delivery asap to get the shops online again.
Posted In:MySQLPHPWebsite Security |
Related projects:
PHP Security Check, SQL Injection
ter bid. As soon as i have your confirmation that you found the bug => project awarding to you, full payment, delivery of fixed script and rating.
Please do not ask for exceptions. References are useless here. The only thing that counts for us, is: whether you find the bug or not.
This security issue is worth a lot and very important. That's why the budget is that big for it.
Looking forward to delivery asap to get the shops online again.
Please do not ask for exceptions. References are useless here. The only thing that counts for us, is: whether you find the bug or not.
This security issue is worth a lot and very important. That's why the budget is that big for it.
Looking forward to delivery asap to get the shops online again.
SQL Injection
I need someone to check my php script for SQL Injection vulnerabilities. If any are found then I need it cleaned up.
Website Security against sql injection
I run a small social networking site. It has been attacked with sql injection. Everytime database gets cleaned, within 24 hours it gets attacked again. I need an expert who knows about securing sites against these attacks. To my knowledge, the attacks are happening through the sites text boxes. Site must be totally secure to prevent this from happening. Job needs to be completed within 1 day.
WILL ONLY PAY ONCE I KNOW SITE HAS BEEN MADE SECURE
WILL ONLY PAY ONCE I KNOW SITE HAS BEEN MADE SECURE
Need OSCommerce security guru, PCI compliance developer
r MySQL server version
> for
> the right syntax to use near 'limit 1' at line 1<br><br>select
> page_id,page_name,short_desc,page_type from pages where page_type =
> 'News'
> and page_id = limit 1 <br><br><small><font color="#ff0000">[TEP
> STOP]</font></small><br><br></b></font>
> for
> the right syntax to use near 'limit 1' at line 1<br><br>select
> page_id,page_name,short_desc,page_type from pages where page_type =
> 'News'
> and page_id = limit 1 <br><br><small><font color="#ff0000">[TEP
> STOP]</font></small><br><br></b></font>
Security Test For Php Ec Site
I'm looking for someone who understand website security.
I want you to provide bid with list of security check point such as SQL Injection, Cross site scripting and file permission.
Also, approximate cost for fix these issue if you found.
I want you to provide bid with list of security check point such as SQL Injection, Cross site scripting and file permission.
Also, approximate cost for fix these issue if you found.
Php/mysql - Sql Injection Url
We use modified oscommerce (osc) MS2.
Oscommerce Product_info.php doesn't check that 'products_id' is a number, you can put anything in there to get it to execute arbitrary mySQL:
We need to resolve the security hole and make sure its hacker proof.
I believe this is to do with Sql injection / url security.
We can provide more details later.
Oscommerce Product_info.php doesn't check that 'products_id' is a number, you can put anything in there to get it to execute arbitrary mySQL:
We need to resolve the security hole and make sure its hacker proof.
I believe this is to do with Sql injection / url security.
We can provide more details later.
Object Oriented Php Expert For Evaluating Php Scripts 5
Efficiency (access to db, way to render html).
Security risks (SQL injection, cross site scripting, resource manipulation, authentication)
Maintainability (modular structure/code/db, easy to expand, following some coding standards, development methodology, documentations, reusable components percentage).
Dependability (resources, transactions, data integrity).
Supports standard formats.
Incorporates configurable affiliate areas.
Object Oriented Php Expert For Evaluating Php Scripts 4 2
Efficiency (access to db, way to render html).
Security risks (SQL injection, cross site scripting, resource manipulation, authentication)
Maintainability (modular structure/code/db, easy to expand, following some coding standards, development methodology, documentations, reusable components percentage).
Dependability (resources, transactions, data integrity).
Supports standard formats.
Incorporates configurable affiliate areas.
Object Oriented Php Expert For Evaluating Php Scripts 4 2
Efficiency (access to db, way to render html).
Security risks (SQL injection, cross site scripting, resource manipulation, authentication)
Maintainability (modular structure/code/db, easy to expand, following some coding standards, development methodology, documentations, reusable components percentage).
Dependability (resources, transactions, data integrity).
Supports standard formats.
Incorporates configurable affiliate areas.
Object Oriented Php Expert For Evaluating Php Scripts 4 2
Efficiency (access to db, way to render html).
Security risks (SQL injection, cross site scripting, resource manipulation, authentication)
Maintainability (modular structure/code/db, easy to expand, following some coding standards, development methodology, documentations, reusable components percentage).
Dependability (resources, transactions, data integrity).
Supports standard formats.
Incorporates configurable affiliate areas.
Object Oriented Php Expert For Evaluating Php Scripts 4
Efficiency (access to db, way to render html).
Security risks (SQL injection, cross site scripting, resource manipulation, authentication)
Maintainability (modular structure/code/db, easy to expand, following some coding standards, development methodology, documentations, reusable components percentage).
Dependability (resources, transactions, data integrity).
Supports standard formats.
Incorporates configurable affiliate areas.
Softbiz B2B Marketplace- Close SQL injection vulnerabilities
mited to):
http://www.exploit-db.com/exploits/12245/
http://secunia.com/advisories/17808/
http://osvdb.org/show/osvdb/21252
http://www.net-security.org/vuln.php?id=12210
http://www.cvedetails.com/cve/CVE-2005-3937/
In addition to well commented code, we need full information and code that has been modified/added (as we have numerous sites that need to be patched later by us).
http://www.exploit-db.com/exploits/12245/
http://secunia.com/advisories/17808/
http://osvdb.org/show/osvdb/21252
http://www.net-security.org/vuln.php?id=12210
http://www.cvedetails.com/cve/CVE-2005-3937/
In addition to well commented code, we need full information and code that has been modified/added (as we have numerous sites that need to be patched later by us).
Full System Security Audit - Php
Directory Indexing
Server Misconfigurations
Browser Exploits
Misuse of personal information
No access will be given to the backend or source code!!
I need a full report on how the error can be exploited and full information on how the vulnerability can be resolved.
Everyone who wants to take on this projects needs to show excellent experience in this field.
The page is coded exclusively in PHP; JQUERY; JAVA and uses MYSQL.
Comparitive Study of SQL Injection Attacks in Web Apps
ot;.
Please contact me if you need more information.
Thanks.
Additional files submitted:
Paper_Structure.docx
Please contact me if you need more information.
Thanks.
Additional files submitted:
Paper_Structure.docx
SQL Injection in a website
Hi, i need to do a SQL INJECTION in a website as a test...
The website is in PHP/MySql and has security problems.
Objective: Execute a SQL INJECTION to replace some data.
Only low bids will be considered.
The website is in PHP/MySql and has security problems.
Objective: Execute a SQL INJECTION to replace some data.
Only low bids will be considered.
SITE NEEDS FINISH, PHP, SHOPPING CART, GRAPHIC DESIGN, SEO
must be able to communicate.
I can pay any way needed, but not before seeing what I am paying for. After the first few work, this wont be needed...
Unfortunately your work will not get you any linkbacks to your own site or anything like that. As a subcontractor of GC, we own the work and it is our product, our copyright, our intellectual property. Good Service providers may negotiate a link on the GC Site Only, not on sites produced by GC
I can pay any way needed, but not before seeing what I am paying for. After the first few work, this wont be needed...
Unfortunately your work will not get you any linkbacks to your own site or anything like that. As a subcontractor of GC, we own the work and it is our product, our copyright, our intellectual property. Good Service providers may negotiate a link on the GC Site Only, not on sites produced by GC
Sql Injection/attack Fix
llow" style="text-decoration: none" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration='none'">www.trregistry.com) which serves as a free public service has a security hole in the PHP/MySQL and requires review and fix to prevent suspected SQL injection / attacks. Inappropriate data with bogus info (most often porn references and links) are added almost immediately to the database even when removed. I need to find someone to lock down the site.
penetrate a dummy site by sql injection (simple project)
I have a dummy site i would like you to penetrate by sql injection and then tell me what quuies used
i also would like to add some simple stuff in the main page like dummy newsfeed and be able to disclosure db info and or change things up
simple project
more details will be provided in messages
i also would like to add some simple stuff in the main page like dummy newsfeed and be able to disclosure db info and or change things up
simple project
more details will be provided in messages
Sql Injection
Need a very simple web application built using php/mysql in order to just demonstrate sql injection attack and also show ways to prevent it in a day.
Sql Injection Question - Easy
is in the page of a login form. Teach/show me how I can inject sql into this, to change it to something like...
$ q = "SELECT username from `users` WHERE username!=''";
or
$ q = "SELECT username from `users` where username='bob'";
I know this is probably pretty basic, so lowest bid that can give me a working example, or show me how to do it will get the bid. If you are the first person to provide a working example in the PMB, I will select your bid.
$ q = "SELECT username from `users` WHERE username!=''";
or
$ q = "SELECT username from `users` where username='bob'";
I know this is probably pretty basic, so lowest bid that can give me a working example, or show me how to do it will get the bid. If you are the first person to provide a working example in the PMB, I will select your bid.
