accenturebicontest.com/
this site does'nt handle the session properly the directory are quite visible. i think directory traversal is quite possible
go to this site using firefox . using webdeveloper tool remove PHPSESSID value ,then reload the page.They havent tested properly.
[Unlinked, just in case. -Philipp] |
yes , tried it error on session management |
There is one more problem. the site is prone to GET request attack a ampersand symbol to the parameter causes mysql errors
please login and use this http://accenturebicontest.com/forum.php?id=& |