How show proof of concept in the last few months, not so good. In February fell PCfun now eMAG.



PCfun at HackersBlog:


eMAG at AlienHackers:


Some things should have regard to those still in charge of something:

  • any store in Romania does not store your debit card / credit for what has not - is external payment processing and data can only be entered by the buyer.
  • contents of /etc/passwd is not used for anything from the late '80s, try with /etc/shadow

To prevent such situations, solutions are at hand shop:

  • leave aside mysqli_multi_query()
  • a mysql_real_escape_string () should be placed where it seems that is worth a thousand screenshots of vulnerabilities, or alternatively, prepared statements
  • if you use wrapper functions for querying the database using the query filter that's not the end (eg.'s magic keyword "union")
  • hash links for their passwords or encryption
  • if you use hash links, forced users to use strong passwords - there are rainbow tables
  • keep up to date versions, be they libraries or programs live support