Xsspráce

In the next week we will be ready for some testing by an outside person to try and point out some vunerabilities in our system. We will need you to scan for xss and sql injectstions as well as anything else you can come up with to hack our app. We will want a full report of the hacks you found as well as some insight into how common they are so we can prioritize our dev efforts. This is our app and to make sure we are clear we can upload any zip or file you want to the server this is on to prove it is ours. Please let me know the tools your would use for this as well as the types of reports you would provide. I ask for tools mainly becuase i want to know you have a real method to this rather than just some free web scan util. We will get you to run an initia...

...knowledge of Linux, PHP, MySQL, HTML, CSS, Javascript, AJAX. -Able to adapt and build upon structures and systems already in place. -Innovative, hard-working, creative, and excellent communication skills. -Desire to work in fast-paced environment. -Must have knowledge of different caching techniques such as memcached as we plan on using these. -Coding must always be secure against sql injections/xss. To apply, please message us with responses to the following questions: 1) Links to websites that you have worked on in the past. 2) A list of skills and self-ranking of your experience/knowledge of those skills. 3) Your hourly rate (we also work on a per project basis). 4) Your availability -- time of day, and how many hours in a day you're available (average). ...

Do you know what TeleBid is? Have you developed something similar? If so, maybe you're the right man for the job. We need a web application very similar to TeleBid (if you don't know what it is and you haven't done anything alike, we don't need you). It will not have more functionalities than TeleBid (it may have less), ...Management Referrals Management Multi-currency (just on a 2nd phase) Multi-language ==Technical== Premium SMS integration Phone (IVR) integration (just on a 2nd phase) Paypal integration Ajax XHTML/CSS compliant Firefox and IE6/7 compatible Scalability/caching issues may need to be addressed 3-tier implementation LAMP platform preferred Table-less layout Security-aware (SQL Injection, XSS, etc..) Please post any que...

...What we need is * A well structured **database** (MySQL). * **Design.** We have the guidelines done but no more. You can find it at It should be very party-like. And the orange color is our color, so that needs to stay. * **Stored procedures** for all heavy querys. * **Security!** We need to prevent for all types of security flaws. Like SQL-injection and XSS. * Differens **account-types** for all users. This should be able to define through the admin-interface. (eg. Admin can do everything, VIP can do this and that, regual user can do this and that, and so on). * **Sign-up page** is already complete, done in ASP. The page involves an algoritm to check social security number and verify cellphone with SMS. This code needs to be ported to PHP. * **Login-form**

We have a browser and another iframe that loads within it. We want to capture information within the iframe but are unable to do so because of cross-site scripting. One end of the frame is not on our server; it'll be on the server of the site being visited within the frame. We need a hack/workaround that is able to capture data from the iframe such as navigation URLs and images. time frame is 1 week.

We have a browser and another iframe that loads within it. We want to capture information within the iframe but are unable to do so because of cross-site scripting. We need a hach/workaround that is able to capture data from the iframe such as URLs and images. time frame is 1 week.

we are looking to build a social site with the attached specs. we need to develop this within a month. and following t...following technology: ASP.NET and C# and SQL Server. This is most powerful platform I believe but feel free to suggest otherwise. .NET application has lots of advantages over other scripting lanaguages. 1. One time compilation. No more scripting interpreter. 2. Separation of Source code and visual design. 3. Native access to SQL Server database and other databases 4. No Security issue of XSS and other scripting hacking 5. Very powerful development environment. 6. Easy to build a site using AJAX we need this be super userfriendly and very very viral. we have the layouts ready, designer did all pages, you will be working with him. just need...

Budget $300 I currently have a Network Affiliate Script and a completed site but had to take it down after an XSS attack. Never made it to launch because I am very concerned about site security. Looking for a programmer to redo the graphic design of front and back end for user friendly interface. Also want the whole software package checked for XSS vulnerability...a must! Willing to consider other software but not looking to buy any more software online. Learned my lesson :-) More details can be provided along with a copy of the script to be used. Thanks!

Budget $35 Check and Repair pages on website that are vulnerable to Cross Scripting attackes. I have a list of approximately 10 pages that were been attacked today but I would like other pages checked/repaired prior to site launch. Thanks!

We have two php files in our web site that are flagged as vulnerable to Cross Site Scripting (XSS).We need a reliable and solid programmer to look at these two very small .php files and correct them to make them files were flagged by Acunetix as are both under 50 lines each. ## Deliverables The two files are attached for examination.

We have two php files in our web site that are flagged as vulnerable to Cross Site Scripting (XSS). We need a reliable and solid programmer to look at these two very small .php files and correct them to make them safe. The files were flagged by Acunetix as vulnerable. Files are both under 50 lines each.

I need this XSS vulnerability fixed:

An IDS which will allow the user to work with it local only. The user will browse to the directory full of logs or select one to monitor. It'll watch out for XSS, SQL Injection, CSRF, and in general bad characters. It will look for HTTP requests, in cookies, GET/POST Variables, and URL of course for script injection. It will allow the user to select which way of alert: Phone, Text, Email. *Looking for decent skin/GUI

Estimados, necesito desarrollar un s...gestión de requerimientos con clientes que tenga un estilo tipo portal, pero de sobrio diseño, con algunas animaciones en flash. Como ya he tenido un par de malas experiencias (pago y scrow no liberado), les indico las condiciones: A.) El sitio debe estar hecho en español e ingles (español es el lenguaje primario). B.) El desarrollo debe ser resistente a SQL injection, XSS y debe pasar una prueba de seguridad (Web Application Pen Testing) C.) TODO debe estar full documentado. E.) El pago se hará una vez que todo este en producción y funcionando, esto incluye las correcciones que sean necesarias como resultado de la Prueba de Seguridad. F.) El Diseño es sumamente importante. ...

K zobrazení podrobností se zaregistrujte nebo přihlaste.

Hello, i want to have a Quote Database be done in PHP. Here is what it should be able to do: -Quotes will be entered in a MySQL DB -Ratings (voting syst...(and of course with an other design - i visualize the site as speech bubbles where every one contains a quote and the controls for that quote). Please note: - development can be done on my server, i'll provide you with all necessary logins - deliverables include an installer-type script so i could easily install it on another server - must be secured against SQL-injection, XSS and other security-vulnerabilities (will be tested) - graphic design will also be done by you - must work equally in IE, Firefox, Opera and Safari Thank you and happy bidding! Generic bids w...

Hello, i want to have a Quote Database be done in PHP. Here is what it should be able to do: -Quotes will be entered in a MySQL DB -Ratings (voting sy...Moderation backend and anything else you can think of, suggestions are welcome. So basically it will be a clone with a twist. Please note: - development will be done on my server, i'll provide you with all necessary logins - deliverables include an installer-type script so i could easily install it on another server - must be secured against SQL-injection, XSS and other security-vulnerabilities (will be tested) - graphic design will also be done by you - must work equally in IE, Firefox, Opera and Safari Thank you and happy bidding! Generic bids will be d...

I need a sc...channels with the television programs airing for that time. It should allow the user to view the listings in "block" format like you see at (click on TV Listings). The user should also be able to click a show and have it dynamically get information on the show (maybe from ). This script will need to be 100% secure from any type of injection attack or xss attack. It will require logging for security purposes. It will need to log the user's IP address, zip code, cable provider, and the time the user searched. This may seem like a large project but for any expert (or someone who already has a script like this [which would be fine]) it wouldn't be too difficult. Good Luck! PS: Do NOT bid if you don't know if you can do this.

...then re-allowing, rather than set a “notify?? flag. Principles Security essentials: - The site may store some limited personal information about users under the age of 18 (name, email address), and also some record of their educational progress ??" answers to questions etc. With current scrutiny over loss of personal data, this site must be reasonably secure (as an aid to marketing). - Minimises XSS (cross-site scripting) by escaping all HTML and SQL characters in input - Uses sessions, not cookies. - Only requires user log-off to terminate session (i.e. can’t guarantee that browser will be closed. May be used in school computer labs ??" want to minimise students editing their friends’ accounts for fun). - Will run under SSL. - Not vulnerable to user s...

...script is running fine and live on site. But i want a professional person who know PHP & Mysql very well to Check each and every file of my Script for security threads, and make it more optimized. and tweak for better performance. Please Note, the one who want this project, should check each and every file in the script. Check and Fix if there are any security holes including SQL Injection, XSS Attacks, CSRF Attacks,PHP variable insertion,Input validation checking in the script, also optimized it for better performance to make it stable for large community site. The one who do this, should not edit the files directly. Just Make Step by Step Tutorial which explain which file to edit, what to edit, where to edit, and reason of editing it. (Like described in any script...

...Group73 - Group74 - Year 8 - Group81 - Group82 - Year 9 Principles Security essentials: - The site may store some limited personal information about users under the age of 18 (name, email address), and also some record of their educational progress ??" answers to questions etc. With current scrutiny over loss of personal data, this site must be reasonably secure (as an aid to marketing). - Minimises XSS (cross-site scripting) by escaping all HTML and SQL characters in input - Uses sessions, not cookies. - Only requires user log-off to terminate session (i.e. can’t guarantee that browser will be closed. May be used in school computer labs ??" want to minimise students editing their friends’ accounts for fun). - Will run under SSL. - Not vulnerable to user spo...

...nicely. Requirements: - Increase the default results to 20 per request. - Add paging (10 pages per search) if there are enough results to cover that. (previous 1 2 3 4 5 6 7 8 9 10 Next) - Add a timed Secure file caching, to not make the same request for the same query (Maybe save the file as an md5 hash of the query) - Optimize and secure existing code, I already added a custom XSS detection class to sanitize the input. (Reason, I was recently hit with the iframe injection attack on another site.) But the class is very restrict see if you can relax it without compromising security. - Grab and display the total number of results (which is also returned in the same XML file) - Create an advanced search form (similar to Google's) that offers more searc...

...database Security Requirements The system must maintain a high level of security and have all actions logged with the current user, time, and IP address. The log can be maintained in an external log file or as part of the database. All database actions must be protected against SQL injection. All fields that may be redisplayed anywhere on the site must be protected against Cross Site Scripting (XSS)....

My forum was under a xss and ddos attack .. I should like to upgrade my vbulletin version to latest one and I also want to remove uploaded files by the attacker, and I would like to, I also would like the programmer to find the cause of this attack and close the backdoor so this will not happen again in the future.

K zobrazení podrobností se zaregistrujte nebo přihlaste.

...htmlspecialchars na zmiennych wysyłanych do Smarty. Poleganie na magicquote nie jest wystarczające ponieważ może to być ............... oraz zmienne mogą być .............. a nie z get/post. Można to naprawić tworząc własny filtr do użycia w .tpl, lub ręcznie wywołując htmlspec.. na zmiennych w assign(); Ale jeszcze lepiej można po prostu .................. ; Dzięki temu nasz skrypt jest odporny na XSS i pokrewne ataki, bez potrzeby pamiętania o tym ze strony autora zarówno .tpl jak i .php - wszystko jest robione automatycznie. Cena: 40 godzin pracy (cena brutto) Termin: od kiedy można zaczynać Proszę podać też: formę współpracy ; gotowość douczenia się naszych narzędzi (subversion mantis-bugtracker plone-cms/dokumenacja linux). Oferty od osób znający...

...commission o Signup bonus o Referral signup bonus o 12 levels commission settings * Contextual Ads Wizard * Help system to integrate XML Feed * Affiliates Portal with keyword rotating support * Click and referral contest with real time report and 1 click winner credit system Security filters * Alive proxy detection and proxy blocker * XSS~SQL injection protection * Click shields for sorts of automated traffic(Validating browser, Operating System...) * IP security to test ips automatically and group by isp to eliminate bots * Detailed IP security report per users * Feed/User block * Sub user blocker for XML traffic * Ougo tracker/blocker * Country, Domain, Keyword IP blocker ...

...case GoDaddy loses our data. This should run nightly, and we should keep a history of backups. A mysql dump will probably suffice. Security Store user login information securely in the HTTP session. Perform security checks on every page to make sure a client isn't accessing a different client's shipping requests, and make sure clients can't access employee screens. Filter output to prevent XSS holes. Uses random tokens to protect against XSRF attacks. If you don't know what those are, Google them. Database Tables USERS ----- ID (Primary key, string, used for login) PASSWORD (Hashed in case we get hacked) TYPE (Client or employee?) NAME (Human readable name) EMAIL ADDRESS CITY STATE ZIP PHONE FAX SHIPPING_REQUESTS ----- USER_ID (...

Hello, I've been made aware that there security flaws in my site that allow people to do SQL injections, XSS attacks, and do other malicious things. I need someone who is highly skilled in securing sites to help me out. I need someone who is available to fix these bugs immediately. The budget may be raised if needed. Please PM me with any questions. Thanks.

K zobrazení podrobností se zaregistrujte nebo přihlaste.

The system is essentially a cross-site-scripting injection scanner. It should take a URL, use the Snoopy web client class to fetch the URL, use the PHP DOM classes to find all the forms on the page, fill each field with specific values and submit the form, then check the source of the resulting page to see if an XSS vulnerability is possible. Estimated two hours of development and one hour of coding. please ensure uses CamelCase for the naming convention. It is not a full site, we just want the class, no HTML, no interface, no login etc. More details will be given and budget maximum $30.

Open source legal version of Cyber-Wars. The idea of this project is for the community to all work together on the game. Rather than closed development with just two people adding little features. If your a PHP Developer, MySQL dev, graphics/web designer add smarty, accelator + adodb lite fix sql errors move code into folders ajax security audit - fix xss add businesses, virus, user pages, ajax chat (multi user rooms, pm) re-work outposts, rework battle (ajax?) add jobs/intent re-work gangs + gang wars and amroury daily interest multiple cities missions better equipment re-work districts merge facility npcs [contact details removed]

Require xmb forum scripts to be altered to allow an ajax 'quick reply' to a topic. When used by a forum member, the database should be updated with the relevant post etc. (as it does now with the non ajax posting ) and the post to appear immediately below the existing posts on the topic/thread without the entire page reloading. Must be secure against xss.

..."virtual team" Required Skills: - XML / XSLT – Advanced - XHTML / CSS - Advanced - JavaScript - Advanced - Provide quality, well-documented code - Estimate, set deadlines, and meet them - Communicate status accurately and daily Helpful Skills: - the JavaScript library jQuery () and its use of Ajax - the open source CMS Umbraco () - Understanding of SEO - XSS Scope of Work: - We implement about 5-8 solutions each month ranging from high-end customized e-commerce solution to our standard solution with a bit of design. Your job will be to implement the chosen design upon our standard e-commerce product. - We would estimate 160+ hours of work each month - Both parties will agree to the time and costs of all projects before commencement. - B...

I need a 3 page form that matches surfers with online degree programs. After all 3 form pages have b... Again, I will give you an example site that you can copy. They are doing the exact same thing I am with the same external server, except their page 1 is missing two questions that I want asked on page 1 instead of page 2. You can keep track of the state however you like- sessions are fine, input type hidden forms are fine, etc. Just be smart about what you're doing and don't open me up to XSS attacks. Note that you will need to show me a demo on your server of the working script. If you have any questions, ask me and I will explain whatever you need. The external server is setup to accept test leads, so I can communicate with you back and forth as to any pro...

Witam, chciałbym zlecić napisanie dwóch skryptów. Wpierw mniejszego, coś na wzór systemu Adder (narzędzie prostrze od tego) Skrypt powinien być przystosowany dla prze...chciałbym zlecić napisanie dwóch skryptów. Wpierw mniejszego, coś na wzór systemu Adder (narzędzie prostrze od tego) Skrypt powinien być przystosowany dla przeciętnego użytkownika. Jeśli pierwszy projekt będzie solidnie wykonany. Będe za podpisaniem umowy na większy drugi dotyczący podobnej tematyki. Wymagania - PHP+MySQL - optymalizacja kody PHP - zabezpiecenia przez XSS itp - umiejętne posługiwanie się funkcjami preg_* - znajomość modułu CURL - dostępność minimum 4 godz na dobe - wiek minimum 20 lat Pozdrawiam Enterso Wojciech Kłodziński

...anonimowa". Wtedy wiadomosc publikowana jest w Sekcji. Publiczne wiadomosci. (Z Paginacją, Losowo wybraną wiadomoscią, 100 najwyzej ocenianych. System ocen, gwiazdek (opartą o IP, jednen glos na jedna wiadomosci na IP). Musi to dzialac. Musi przewidziec problemy zwiazane z duza iloscia wysylanych maili w jednym czasie. Pola tekstowe o ktorych mowa musza byc zabezpieczone przed hackami, xss itp. Do tego licznik wszystkich uzytkownikow i ich wiadomosci. Prosty admin panel z podlgaem wiadomosci, uzytkownkow i ich danych. Wszytko zamkniete w jakiejs prostej grafice ktira bedzie zmieniona przeze mnie. TYLKO OFERTY OSOB KTORE SA W STANIE ZAJAC SIE TYM OD RAZU. Podanie czasu wykonania liczy sie od wygrania aukcji. Prosze sie nie zglaszac jesli nie macie czasu. TYLK...

Hello, Need someone (thats not to busy) to create me an exact clone of () Community Classified Ads within 30 days, and revised with a new registration page that requires (us...the "Featured Ad" & "Extended Ad" page. Note that these add-on's must somehow be implimented in the admin panel & database. Coding must be in english and must be readable. CVS directories are not be used, store all info in database. Do not use external styles CSS, nor javascript unless its used for validations only. NOTE, no part of the script should be vulnerable to XSS attack or command-line access. Script must be search engine friendly. If you have any questions, please PM me. Payment would be thru "GAF Escrow Only" upon full completion of script. Thanks

...hyperlink.. 5. The actual link page and the home page must both be PR3+. 6. Links must be deployed over 2 month period to avoid any search engine penalties. 7. All links must be FREE and shouldn't appear in a paid links slot such as: "sponsored" links, advertisers, links, ads or any other slot links that will show the search engines. URL must not contain .../links/ 8. No redirects, XSS ,JavaScript links, hidden links, Flash sites/pages, or other unethical or black-hat tactics. 9. Link page must be search engine friendly, i.e. no redirects, cloaking, etc. Page must not be excluded by and the anchor text must not contain the rel=nofollow tag. 10. Link pages must be cached by Google within the last 30 days and not from a site penalized or banned by...

We recently had our website scanned for vulnerabilities in it's code. We discovered 479 high alerts, 12 medium alerts and 85 low alerts. Our script had alerts for possibly being vulnerable to Cross Site Scripting (XSS) attacks, SQL Injection attacks, directory traversal attacks and SQL/XPath Injection attacks amongst the lists of high alert items. I will provide the full scan report upon request. Our website is at We seek an experienced company in this area that can supply proof of previous work done. Before selecting a provider, we will need a signed NDA. After receiving signed NDA we will provide the source code book and database. Please provide details specific to performing this task. We will pay 50% at start of the project and the remainder after completion

I am considering the purchase of Online Universal Payment System Script, but there are reports about some security issues, such as Cross Site Scripting (XSS) and directory traversal issues that would want to have fixed before I can use this program. You can see and demo this script at A list of the known vulnerabilities can be found at I need to know if this script can be repaired 100% and combed for other security vulnerabilities and operational issues before I commit to purchasing it. Let me know if this can be done and at what price. Thanks.

Looking for Good programmer who Knows XSS techniques to get backlinks. I need a web-based script that can locate PR-4 to PR-6 sites that have forms, that my Comment and URL can be "injected". Also Cloaker should be added. I have some instructions to offer but programmer should already be familiar with technique. Please post any experience you may have with this.

I need Good programmer who Knows Black-hat XSS techniques to get backlinks. I need a web-based script that can locate PR-5 to PR-6 sites that have the kind of forms, then "inject" X my url backlinks and keyword(s) . Cloaker should be added. I need script done as fast as possible.

K zobrazení podrobností se zaregistrujte nebo přihlaste.

Someone on my site wrote the following message. He could be just trying to gain access to my site for a hack attempt, but based on what he said, I would like for someone to check all of my php files in my site to see if in fact he is correct. Here is his message: ***BEGIN MESSAGE*** I have found many holes in the security of your website. Including SQL injection holes, and XSS holes. Your site is thereby vulnerable to session hijacking, and, it also runs the risk of having arbitrary SQL code ran [which could easily take all information from your database, and delete it]. I am a security expert. I am offering my services to you. Respond if you wish to talk about compensation. ***END MESSAGE*** Thanks in advance for bidding on this project. Chris

We're looking for someone to scan, analyze and eventually fix loopholes found on our website. This would include (but not limited to): * SQL Injection * Cross-Site Scripting (XSS) * Google Hacking * JavaScript/AJAX/etc. * any other loopholes/backdoors found We need EXPERTS so if you represent a company (individual is welcome as well), you need to produce your past work (portfolio). Price is negotiable (escrow method only via SL) so please bid and send me a message on the PMB.

This project is to take an existing movie/photo website and rewrite some of the PHP in order to protect it from hacks. Also, I want to get bids to redo the frontend as a complete flash page. The site has several security holes, which became clear when some of the pages were replaced with cialis spam links. I think it was an XSS attack, but they might have gotten in another way. -database design changed so that existing admin cms is assigning unique IDs instead of using titles in strings. the data needs to be enforced and checked. -html must escape incoming data. -contact form must also be locked down to escape incoming data. -also, it might be a good idea to make the whole page into a flash app. there are some flash elements on the page already, and the menu could b...

Hi there, I am searching for a reliable link builder. I have a bunch of new sites which need some linkbuilding. Links may come from different sources. Directories are o.k., but comment and trackback spam and xss are not. PR is not important, but the link source must be indexed by google. I expect a .xls file after each linkbuilding campaign. This project is for one campaign. Please provide your quote in a pm. Your pm should look like this: "I will use these and these techniques and will build x links for y $" Thanks for your attention.

Hi I am posting this project again because some of the programmers could not understand what I wanted . Ok I have a couple of php websites .Lately there have been a few attacks on my websites ,so I need a php function which I can call on the top of my php pages .something like filterInput() Now this php function will go through all the POST and GET Variables and scan for XSS attacks ,sql injections etc and will exit with an error if it finds any such instances. (It would need to filter against all types of sql injection ie injection using quotes and without quotes eg 1 - ' or 1 eg 2 - union select password from admin ) Thanks ! FP

Hi, I require an expert who knows XSS and exploiting very well. You must be available online using chat software (MSN, Yahoo, etc.) and your English must be excellent. I will need you to make several scripts for me and ensure they are 100% functional. Please use the PMB before bidding to ask me any questions about the project. I would like you to briefly explain your background and experience with XSS and exploiting. Thanks