[Full Disclosure] TopLeader Is Vulnerable To SQL Injection

The website of TopLeader (招聘首業) is vulnerable to SQL Injection and server mis-configuration.

Please do not trust this site and not to give your information to the site as your data will have a risk to be leaked to the public.

Read more ....

Samiux

did you inform the site and how did they respond ?

TOP

did you inform the site and how did they respond ?
chancho 發表於 2017-7-7 11:20



Did you read the article that I posted?

Samiux

TOP

get it. sorry, i have reading problem.

TOP

Might you describe how do you carry the recon procedure? Especially for checking Blind SQL injection (SQLi)?

TOP

應變是艱難的決定, 痛苦的過程
你好心有好報

TOP

Might you describe how do you carry the recon procedure? Especially for checking Blind SQL injection ...
ronaldlee1607 發表於 2017-7-26 10:14


我會SET到如果DETECT到有人係D FORM到打SQL, 即刻IPTABLE BLOCK左佢IP
要試晒咁多常見漏洞, 佢唔知要轉幾多次IP

TOP

我會SET到如果DETECT到有人係D FORM到打SQL, 即刻IPTABLE BLOCK左佢IP
要試晒咁多常見漏洞, 佢唔知 ...

如果我用mobile呢?你係唔係要block晒令到成個台既人都去唔到?

TOP

如果我用mobile呢?你係唔係要block晒令到成個台既人都去唔到?
ati16800 發表於 2017-7-27 21:44


照block
唔用真IP都比睇已經很寬容, 如果有人混埋入去想攪事, 攪到佢附近D人全部冇得睇, 佢附近D人自然會搵佢出黎算脹. 或者一段時間後會自動解BLOCK, 以我所知其實好多網站都係咁做緊.

TOP

照block
唔用真IP都比睇已經很寬容, 如果有人混埋入去想攪事, 攪到佢附近D人全部冇得睇, 佢附近D人 ...
wiz123 發表於 2017-7-27 23:27


mobile黎講, 冇話附唔附近
可以完全唔同地方既人share同一個IP

TOP