How show proof of concept in the last few months, not so good. In February fell PCfun now eMAG.
PCfun at HackersBlog:
eMAG at AlienHackers:
Some things should have regard to those still in charge of something:
- any store in Romania does not store your debit card / credit for what has not - is external payment processing and data can only be entered by the buyer.
- contents of /etc/passwd is not used for anything from the late '80s, try with /etc/shadow
To prevent such situations, solutions are at hand shop:
- leave aside mysqli_multi_query()
- a mysql_real_escape_string () should be placed where it seems that is worth a thousand screenshots of vulnerabilities, or alternatively, prepared statements
- if you use wrapper functions for querying the database using the query filter that's not the end (eg.'s magic keyword "union")
- hash links for their passwords or encryption
- if you use hash links, forced users to use strong passwords - there are rainbow tables
- keep up to date versions, be they libraries or programs live support