Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Disallow direct access to process.php
#1
Hello,

I found and exploit in the system by using the surf module. The exploit was quite simple. I found this exploit on my live site, then made a temp fix.

Basically I made a small program that has 10 threads which navigate to

Code:
Hidden content for guests

2 times a second. I found this because it's hardcoded in to the website template (you can find it with a scraper), and it gives you the coins for viewing that site. However they're not actually viewing the site and it will show as having been viewed 300 times a minute.

The easiest fix would just be to disallow direct access to this file so users can't visit those urls.


Messages In This Thread
Disallow direct access to process.php - by Hostpro - 01-16-2013, 07:07 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  More features in Registrations Process Mezo 2 1,986 12-20-2012, 05:21 PM
Last Post: Admin

Forum Jump:


Users browsing this thread: 1 Guest(s)

About MN Shop

MafiaNet Shop is an online store where you can buy powerful scripts, cool templates, graphic components and many other digital goods.

              Quick Links

              User Links

              Advertise