Vulnerabilities - PAKWAP.COM https://pakwap.com/ RSS - PAKWAP.COM https://pakwap.com/assets/img/images/logo.png RSS - PAKWAP.COM https://pakwap.com/ admin@pakwap.com (admin) admin@pakwap.com (admin) Sat, 07 Mar 2026 10:28:03 +0500 First, &quot;holes&quot; are slang for vulnerabilities. Second, they vary widely, and in web applications, they can be indirect (SQL Inj, XSS) or indirect. That is, the code itself isn&#039;t vulnerable, but it&#039;s imperfect (the site doesn&#039;t use tokens, there&#039;s no SSL), leading to vulnerabilities like CSRF, ClickJecking, and Mitm.<br> <br> xss - injection of potentially dangerous html/js code for the purpose of stealing cookies or other similar actions<br> <br> sql inj - injection of dangerous sql code for the purpose of obtaining data or disabling a site<br> <br> csrf - form substitution<br> mitm - traffic theft/modification<br> clickcjecking - performing actions on behalf of another person, similar to csrf but not.<br> <br> How to protect yourself:<br> <br> from XSS - escaping, converting HTML entities to a safe form.<br> The htmlspecialchars function<br> <br> from sql inj - good typing, or the mysql(i)_real_escape_string functions, or use PDO<br> <br> from csrf - use CSRF tokens<br> from mitm - have a good ssl<br> <br> And finally, carefully set cmod (access rights), be careful also with eval (the function executes the code inside itself), be careful when connecting files, say if you connect a file based on cookies. https://pakwap.com/topics/506?pid=761 Vulnerabilities REHAN Fri, 06 Mar 2026 17:50:13 +0500 Messages https://pakwap.com/topics/506?pid=761