I created a basic members-only website. To ban a member, I had a script that will create a text file called "Banned user + .txt" and place that file in another directory.
Somebody found out the directory, and could create any text file he wanted and place it in that directory, and therefore banning anybody he wanted.
I created a script that will unban anybody who has been banned by the hacker, but the security hole is still there. How was this done? My website did deal with creating files in placing them in a different folder than the banned users folder. Do you think this was an exploit of my own programming, or another exploit? Thanks.
Somebody found out the directory, and could create any text file he wanted and place it in that directory, and therefore banning anybody he wanted.
I created a script that will unban anybody who has been banned by the hacker, but the security hole is still there. How was this done? My website did deal with creating files in placing them in a different folder than the banned users folder. Do you think this was an exploit of my own programming, or another exploit? Thanks.