[orf]

http://koi.io/p/-1

Nice. Stored XSS everywhere as well - this is 2013, why are sites still effected by BASIC security issues like this? I would never trust any of my details with a site as poorly coded as this, sorry.

[artursapek]

On my second pageview I was greeted with a big alert saying "this website is not very secure."

Kind of ridiculous.

[prezjordan]

Looks like someone went with a SQL injection [0] (right after I read this!)

[0]: https://cloudup.com/cttFEZd2cL6

[artursapek]

Aaaand it's off the front page. It's actually inaccessible now, someone used XSS to redirect here whenever I open the home page. lol

[koi]

not sure how that happened, its a cakephp site and I assumed the framework provided some protection against sql injection. its good its hacked now so I know to fix it

[krapp]

I assumed the framework provided some protection against sql injection.

Some frameworks consider security out of the box to be beneath them. You should never assume you're secure even with a framework until you've gone combing through the docs and found where the security is, if it's anywhere, and if it's not anywhere because they spent all their effort on making it look and act like Ruby on Rails, how to get it.

[orf]

Stop making websites and start reading about web app security, the OWASP top 10 is a good place to start.