I post a several page tome on SQL injection only to find out the biggest vulnerability people have is that they use a script that provides the abilty to delete any file on the file system by simply tweaking a url. I think I should have created "basic web app security 101" :) Can we get someone to take down that file? That's a terrible security issue could bite a lot of people before they even knew it existed.Quote:
When you ask the php file to CLEAR your highscores file all the people have to do is change ?filename=game.sco to a simple ?filename=index.html
