Beta Testers Wanted – TextAdMarket.com

[goldfiles]

I am looking for 100 beta testers for http://www.TextAdMarket.com

 

TextAdMarket is a text-advertising marketplace, where advertisers can buy and publishers can sell.  Prices are based off a “per day” amount, and prices are determined solely by the concept of Supply & Demand.  If an ad sells, the price increases that day at midnight.  If an ad fails to sell, the price decreases at midnight everyday until it is bought.  This way, ads are only purchased for what the market is willing to pay. 

 

I developed TextAdMarket because of 4 reasons.

1. As an advertiser, I don’t like to overpay.

2. As a publisher, I like to sell my ads on a flat rate. (opposed to CPC/CPM)

3. It’s all automated for publishers.  Just pop the banner code on your site, and it sells itself.

4. Current advertising companies are getting away with murder by charging 25% - 60% commission on all sales!

 

 

Once the site/business gets going, all publishers will receive 90% of the sale price.  TextAdMarket pays for all of the transaction fees, keeps only 10% as a commission to cover costs, and we don’t charge any subscription or registration fees.

 

Right now, I am looking to beta test the site for a couple of months without involving money on the site.  I’m asking for 100 beta testers to give me a hand in getting this site tested.  During the beta testing, all AD credit is free (just ask for more).

 

If you are interested in helping me out, shoot me a PM with the email address you would like to register with.  IMPORTANT, I need to give you a beta tester’s code so you can register!  I’m only going to let 100 people on the site, so, first come first serve.  Please include any special web developing skills you may have when sending me a PM.

 

(If you aren’t interested in beta testing, I would appreciate hearing your first impressions)

 

 

Thanks for your support!

Ben

http://www.TextAdMarket.com

 

[Coreye]

Full Path Disclosure:

http://www.textadmarket.com/email_activation.php?activate[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/fluxmar/public_html/content/email_activation.php on line 2

 

Full Path Disclosure:

http://textadmarket.com/buy_details.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/fluxmar/public_html/content/buy_details.php on line 25

 

Full Path Disclosure:

http://textadmarket.com/register.php?submit[]

Warning: mktime() expects parameter 4 to be long, string given in /home/fluxmar/public_html/register.php on line 139

 

Cross Site Scripting:

You can submit ">code on your payment information page and it executes.

 

Cross Site Scripting:

You can submit ">code on your profile page and it executes.

 

Cross Site Scripting:

You can submit ">code on your advertisement description page and it executes.

 

Full Path Disclosure when the description contains '

http://www.textadmarket.com/buy_details.php?id=49

Warning: Division by zero in /home/fluxmar/public_html/content/buy_details.php on line 132

[Coreye]

You can send blank emails on your "Contact Us" page. Easy to spam.

[goldfiles]

thank you thank you thank you!!

 

I've been working furiously for the past 2 days to patch my code.  I'll have some more questions for you tomorrow.

 

I'd like to get some folks on here to just use the AD service. Buy and Sell Ads.  I'm giving $25 free AD Credit to beta testers so you can buy ads and help me test the performance of the site.

[goldfiles]

Thanks again for testing out the URLs on my site.  I've patch the issue with html tags being accepted.  I've also sanitized the $_GET variables you found to display errors with bad input.

 

Would anybody like to test the site out as a "pretend customer"?  I'll deposit however much credit you need into your account to give the site a full test.  I want some folks to buy and sells ads on the site.  Send me a PM if you are interested!  Thanks!

[Coreye]

Full Path Disclosure:

I edited the color choices when choosing the AD Format.

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 27 in /home/fluxmar/public_html/content/accnt/accnt_sell.php on line 15

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 27 in /home/fluxmar/public_html/content/accnt/accnt_sell.php on line 16

[goldfiles]

What page was that on, and how did you get that?

[Coreye]

http://www.textadmarket.com/accnt_index.php?accnt=12. I edited the color choices when choosing the AD Format.

 

Also on buy_details.php, shouldn't:

 

<td width="35%" class="align-right"><span class="bold indented">Total:</span> $<span id="purcahse_total">3.45</span></td>

 

Be

<td width="35%" class="align-right"><span class="bold indented">Total:</span> $<span id="purchase_total">3.45</span></td>

?

 

Purchase_total is spelled incorrectly.

[goldfiles]

Yes, purchase was spelled wrong, but amazingly it was spelled wrong elsewhere, too, so the code didn't screw up! haha, i fixed it.

 

For the selling page, where u edited the color choices, how did you edit the color choices to produce an error?

[Coreye]

For the selling page, where u edited the color choices, how did you edit the color choices to produce an error?

 

I edited the drop down menu.

[goldfiles]

o, i have learned something new today.  How do you edit a drop down menu?

 

also, try it now...i think i have a patch for that.

[Coreye]

o, i have learned something new today.  How do you edit a drop down menu?

 

also, try it now...i think i have a patch for that.

 

Yeah you fixed it. You can edit a drop down by editing your HTML source code.

[goldfiles]

But, how do YOU as a user, edit my html code and have it execute how you want?

[Coreye]

But, how do YOU as a user, edit my html code and have it execute how you want?

 

You click view source and edit it with notepad.

[goldfiles]

Oh really? and it just saves to your temp internet files and executes?

[dptr1988]

He is not editing your source code, he is editing a COPY of your source code that he downloaded from your website and saved on his computer. Once he edits it, he can view the edited file from his computer with his web browser.

 

When he views the source of your website and edits it, he is just editing a local copy of the HTML code and ( unless he has a really weird browser add on ) will see the original HTML code from your website next time he visits.

 

In other words, the edited code is totally unrelated to your website as far as the browser is concerned.

[goldfiles]

Well, he did something strange, because he can edit the values of the html drop down menus, and submit options that aren't listed.

 

I have also seen spam bots do this to me, too.  For example, if I have a "contact us" form, with drop down values "Urgent", "Medium", and "Low" priority. The spam bot will come in and SOMEHOW select "Viagra Priority"!  LOL.  How the heck can you edit the values of an HTML form before submitting it?

 

Thankfully, my PHP checks the values submitted first, but you can still alter the html somehow.

[dptr1988]

Yes, you can submit any type of data to a website. The HTML form does not restrict the data or form fields that can be submitted, the PHP script does.

 

In fact, I have a firefox addon that allows me to totally disregard the HTML forms and submit any data under any field name that I want.

 

That is why it is SO important to always check your form data in the PHP script. You can't rely on the HTML form definition, the browser or Javascript to do that for you.

[goldfiles]

Absolutely.  I think I spend more time sanitizing data and implementing other security methods than I spend on writing the useful part of programs.

 

I think I'm up to about 20 beta testers now.  And I've spent the last week fixing some minor loop holes, and adding some site improvements.  I'm still accepting beta testers if you want to use the site.  It helps me out a ton to see how people are using the site.