Protection from SQL Injection and XSS Attack on CKEditor

Lazy coding got the better of me as one of the sites I built got hacked. The site is running on a custom php framework I built. Security wise it was still too infant and alot of security needs to be patched. Through SQL Injection via the URL the hacker was able to get into my database and eventually cracked a user’s password then posted an XSS script on the CKEditor which eventually got the site compromised further.

Read the rest of this entry »