Updated: 05/14/2008

PHP Penetration Tests (XSS, SQLI, CFLF, ACU)

PHP Penetration Test is a program for performing simple form based security tests. Securing the internet is upon to developers to create proper forms and applications. This is a tool for testing individual fields and values from various attacks. How to use this program: * Grab url of address you wish to test, the action url. * Click Tamper Post, 10 fields appear that are post field name : post field value * If you wish to test a post field click XSS for cross-side scripting or hit for SQL Injection tests * Then hit Run, it will tell you if it has exploits or if doesn t have a tested exploit. How to protect against XSS attacks * Clean all text displayed from user inputs with filter (ex. preg_replace( [a-z0-9] ,$ str);) How to protect against SQL Injections * Clean all inputs * Also escape text with mysql_escape_string() How to protect against Auth Attacks How to protect against Directory Access Attacks How to protect against CRLF attacks