2014-05-02, 11:03 PM
(2014-04-02, 04:10 AM)Omar G. Wrote: [ -> ]The Newpoints issue is because you didn't properly uploaded the files. The former one, does JavaScript works well in the forum for you?
Hello,
I will tell you I just got this message to:
So he says that When exploiting register_globals and using javascript you can really touch the pot and make something you don't want to happend.
Then he tells me: Register_globals in PHP is a setting that control the availability of supergoal variables in PHP script (such as data posted from a user's form, URL-encoded data, or data from cookies).
In earlier releases of PHP, register_globals was set to "on" by default, which made a developer's life easier - but this lead to less secure coding and was widely exploited. When register_globals is set to "on" in php.ini, it can allow a user to initialize several previously uninitialized variables remotely. Many a times an uninitialized parameter is used to include unwanted files from an attacker, and this could lead to the execution of arbitrary files from local/remote locations. For example: require ($page . ".php");
If the $page parameter is not initialized and if register_globals is set to "on," the server will be vulnerable to remote code execution by including any arbitrary file in the $page parameter.
After he tells me: The thing is - I got a offer of 1,500$ to hack your website and deface it but I stepped back and checked it instead and want to help you.
Basically it's for javascript protection.
But from what I can see HTTPOnly is not enabled.
I need help, wtf is he saying?
Do I need to go in .php and disable javascript?
I need help!