MaddDogg49 Posted June 28, 2011 Share Posted June 28, 2011 I recently got a game from a guy and did wanna go through every page to find hacks. I was wondering how to test exploits on certain pages. I know how to fix the pages its just finding them is my issue. Quote Link to comment Share on other sites More sharing options...
W3Theory || Peter Posted June 28, 2011 Share Posted June 28, 2011 If you know how to fix them, then you will know what you would have to do to test them. It would be easier to go through your files to look through the codes then go to page by page testing all different ways to exploit. Quote Link to comment Share on other sites More sharing options...
MaddDogg49 Posted June 29, 2011 Author Share Posted June 29, 2011 Well the way how the files are its really spread out. It would be hard to go through every file. For example 1 file has 6 includes located in a separate folder. I have never found or know how to test for exploits. Quote Link to comment Share on other sites More sharing options...
Dayo Posted June 29, 2011 Share Posted June 29, 2011 What files are they? are they a game engine/open source project etc ... Quote Link to comment Share on other sites More sharing options...
Dominion Posted June 29, 2011 Share Posted June 29, 2011 Well for one, how are we going to tell you what kind of problems your site is open to if we don’t know what the site is? For example if it’s not using a mysql database than sql injection is off the table. Peter is right. Go through every file, and fix it. By the time you have tested a large site for problems on the user side you could have finished, especially since you understand how to fix the actual issues, but not how to test for them in that way. If you really wish to understand than I would suggest Google since I sincerely doubt anyone is going to sit down, and teach you when they don’t know you character. By that I mean it could be just to mess up a friend’s website etc... Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted June 29, 2011 Share Posted June 29, 2011 i kinda feel your pain i was trying to figure out what all phpmyadmin did to queries before they executed it and to do this i would have to find out where they executed it looked through 1 file seen some includes looked in the included files... more includes and more and more includes then dead end so i just said forget it i havent seen your files or directory but im gonna take a guess that its not as complex as phpmyadmin so it shouldn't be that hard as for testing for exploits... theres really only 1 way to do it if you have decent knowledge of php then you could probably find them just by looking through the files if not? you are going to have to look through each if statement and executed function and think what would happen to this if the user did this? then try it out... if it works find a way to fix it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.