I've include the PHP files that are necessary to understand the concepts in the presentation.

I haven't included some of them, such as the Database class and the utility stuff like reset.php, because they are irrellevant.

If you need to reset the DB after testing out an attack such as the examples in the PPT, just load www.terriblefish.com/websec/reset.php.  It will reset the database.

PLEASE DO NOT DO ANYTHING MALICIOUS (well, more so than my examples) TO MY WEB SERVER USING THE VULNERABLE APPS THAT ARE LINKED TO IN THE POWERPOINT, I WILL PROBABLY GET MY ACCOUNT CANCELED (it is a shared host).  I'M RELYING ON YOU GUYS TO BE MATURE ABOUT THIS.

I will take everything down if I see anything suspicious in my logs.

If i'm forgetting something here, just contact me:

nouria@rpi.edu
aim: rabo karab
icq: 41252333