You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Yesterday 00:54:19
- sun skin only
- Member
- Registered: 2025-10-01
- Posts: 9
Username Sanitisation
TL;DR
Is the site (https://dev1galaxy.org) vulnerable to sql injection via the username field (register and login) due to allowing whitespace (check my name)?
LONG
Seached the forum quickly and found nothing on this. Referencing TL;DR, since most sites i see,don't allow whitespace and people use _ and
- instead. I'm not someone that has skills myself but i learn about cyber security for the sake of general knowledge. The reason i'm writing this is
for personal peace of mind, not to say anyone's incompetent since there's anti-bot measures and such, but if this was an oversight then i'd rather say something
than not. Else thank you for the constant maintainance of the site. Also if you maintain Devuan.org, thanx for the lack of cookies and JS.
Offline
#2 Yesterday 01:36:26
- ralph.ronnquist
- Administrator
- From: Battery Point, Tasmania, AUS
- Registered: 2016-11-30
- Posts: 1,548
Re: Username Sanitisation
When you try it, please don't do something destructive in case you succeed.
Offline
#3 Yesterday 21:21:22
- sun skin only
- Member
- Registered: 2025-10-01
- Posts: 9
Re: Username Sanitisation
I wasn't planning to try anything because i was worried about being flagged and/or ip banned,especially if leaving in whitespace was intentional and there were safety measures in place.
But that doesn't seem to be the case (due to how you replied) , so I'm going to poke and see if i succeed at anything, and if i succeed or find anything noteworthy I'll send a mail to you, golinux and fsmithred.
And i don't want to ruin this place, it's nice.
Offline
Pages: 1
