MDCode

The login was broken when I tested XSS on the email field. It changed it to 'onmouseover or something. When I logged out I couldn't figure out what I had entered so it would keep saying invalid credentials. Your registration layout was broken earlier. It seems you've fixed it now.

Looks like I was. The XSS still exists in the avatar URL. I broke the login when testing the email field so I'll leave that up to you. When editing settings with JavaScript disabled, it leaves the user on a blank page. It seems your BBCode is no longer automatically entering itself into the textarea upon click. As in: If a user clicks link, it doesn't insert. A user can break the page by adding more than 1 page in the URL. Example: http://forum.inobb.net/profile.php?user=6&settings&view Not that much of a bug but still Very big bug (severity wise): A user can edit any post by changing ?edit= in the URL. Refer to introduction thread.

Also, could you send the test account a private message? For testing purposes.

Ok, for #2, I meant the latest reply box thing. It only works if there has been a reply in a thread, but not when a topic is created. For 4, you can do something like: <input type='email2' name='email2' id='email2' size='30' value='<?php echo(isset($_POST["email2"]) ? htmlentities($_POST["email2"]) : htmlentities($original)); ?>' class='text-input' /> Refer to the sentence below. Also, during figuring out settings, there's another XSS vulnerability in it. A user can end the value='' by inserting a single quote. Example on the test account settings. Edit: All the img src are vulnerable to XSS in the src='' by the same method. Put your mouse over the image. Also looks like your new pagination doesn't work.

A few bugs: XSS vulnerability in the title when creating a new topic. As seen in the introductions section. The options only work on the test forum? Your track topic option doesn't alert the user that it was successful, or that you did anything upon click. The profile settings do not update upon the next page load. It will confuse some users into updating twice. I have no idea what you're doing with your search, but some posts I search for just come up as "..." You're allowing the user to track the same topic multiple times. Weird post numbering? Each page has almost the same number for each post. If the topic does not exist, ie ?topic=9 you are showing a notice. A user can supposedly reply to a topic that does not exist by changing ?topic= in the URL. A user can supposedly create a new topic in a forum that does not exist by changing ?topic= in the URL.

Another XSS vulnerability in your bbcode. A user can enter XSS via "javascript:" and it will be inserted into the href. There are also XSS vulnerabilities via bbcode in the signature as well. Example: url=javascript:alert(String.fromCharCode(88,83,83))]Click Me[/url] Also, I sent a message to Lemon. You should see if there are any XSS vulnerabilities via that as well. Edit: Basically anywhere that you are converting BBCode is vulnerable. http://forum.inobb.net/viewthread.php?topic=3&track is giving header errors.

XSS vulnerability in viewthread.php. I put in "><iframe> and it broke the rest of the page.

Not necessarily related, but... XSS via search box. Search query is output onto the page without filtering. SQL injection via home page URL. index.php?id=' Couldn't help but try and see if you had an admin/ directory...and you did...and your username field is vulnerable to XSS

I don't have access to a computer right now, but I can tell you it's a mess on mobile (iPhone)

Update: Solved.

I've run into a tough situation with XSS. I was wondering what would be the best way to negate the use of "javascript:action" type attacks. ( Ex: javascript:alert(String.fromCharCode(88 83 83)); ) I've heard that there are some ways that browsers can be exploited to the point of which just removing all use of "javascript:" is not enough. What would be the best method of action against this?

I think she meant that the actual forum doesn't work.

You need 10 posts before you can edit any part of your profile. Reference

Seems ok, but I don't see a way to beat that green block at the end? I've been hitting it for like 5 minutes...

Congrats

There is a broken link for the current avatar in settings. At least once you first register.

Header After a header always use: Die or Exit I don't see how this wouldn't work in this situation as you aren't actually using any html (that you posted). Pertinent code doesn't always work as you aren't clearly stating where this is located and how you are using it.

Testing sql injection...and if I registered it then your registration doesn't work properly as it always showed an error. Back on topic, another XSS vulnerability on the profile page with their website

Taking a more in-depth look, I seem to have stumbled upon a test account testing sql injection Anyways, I broke the submit by disabling javascript. When you use firebug (in my case) to change the option value of the selection when submitting, it gives you a different page as to what it would be normally. What I'm talking about is, instead of a textbox for the link, it shows a content textarea. Edit: I guess it defaults to a text-type submit, but it will continue even if you select "Choose a type" The text-type submit does not work at all, and will continue to provide an error to provide an iframe link. Also when the error is given, the layout gets messed up. Also when submitted, you aren't checking the extension of the file uploaded, I just uploaded two (two tests) "evil.php" files (blank) to your server. Also you should check if there are any vulnerabilities created from the submitting I did on your end other than the uploading. You should also be checking the iframe content, you say it must be youtube or vimeo on the home page, but a google iframe passed validation

You have an XSS vulnerability with your search. In Firefox version 13.0.1 the Sign in with Facebook button is a bit above the login and register buttons. I would rather not create an account, especially without any clear indication what my errors in registering are. Do you have a test account?

if($return->messageRead = "0") { Look closely at this line

The newsletter signup is broken.

Congratulations!

At first glance it looks like another blog site, nothing to do with a book. The middle section just looks dreadful with the uneven edges to the left and right. As well as the top navigation. The overlap makes it look rather bland.

Check out mysql_error()