A small entertainment site

[Absorbator]

This is my first php script that is more than 700 lines of code I've ever build. Try it and please if you see any bugs or crasher or something else report me at 'mitkovtihomir@gmail.com'.... thank you 

[Absorbator]

Something like this: http://sharedhomour.org/en/.

[corbin]

Looks kinda... Errr....  Bad.

 

"Clik here to login or here to make account"

 

That's in the most random place ever, and clik should say click.

 

The buttons on the nav bar looks like they need a tiny bit more anti-aliasing.

 

I'm not a fan of stacking borders....  Like with your news articles in the main content box.

 

"First public alpha version of SH 1970-January-1 at 2:0:0"  I'm thinking your date display is messed up x.x.

 

You might should have a native English speaker check your pages (nothing personal....  You speak English a million times better than I speak Spanish which I've been taking for a couple years x.x).

 

For example, registrate should be register.

 

 

 

Wait, I just realized something....  What is homour?  I thought it was sharedhumor.org.... x.x  Is it supposed to be homour?

 

I don't feel like registering, but I might test it more later....

 

Everything seems to function well and what not, but there's not really much to test....

[Absorbator]

cliCk http://sharedhomour.org/en/view_discussion.php?id=g6

 

Hi, my english is really bad, but clik was just a "type"-mistake. hOmOUr  is also "type"mistake. I know it is humor... you know the first time when i tried to vist my site I typed sharedhumor.org... TWO days, until realize that it is homour not humor. I share you opinion about "native English speaker", I'll take my sister 'cause she is.

 

I don't really understand you about "I'm not a fan of stacking borders.... ". What is your OS ?  WInXP ?

 

Also "I don't feel like registering". The "Clik here to login or here to make account" message should be replaced with "Welcome, user".

 

I found fatal bug, but I'll tell you about it when I fix it 

 

Oh, I have a question for you. How is it "My name is Nobody" in Spanish?

[corbin]

http://img523.imageshack.us/img523/7613/82860441qe6.jpg

 

The red circles are what I was talking about with "stacked borders."

 

That's just personal preference... Some people like it, some people never notice it....

 

 

Oh, I have a question for you. How is it "My name is Nobody" in Spanish?

 

 

 

Hrmmm.....

 

What context are you using it in?  Like a logged-in page where it says "My name is <user name>" if the user is logged in or Nobody if he/she's not?

 

Direct translation would be...  Mi nombre es nadie.

 

But....  Like.... If I were to say, "Hi, my name is Corbin," to someone, I would say, "Hola, me llamo Corbin."

 

But directy, that would be "Hi, I call my self Corbin."

 

I guess you could say "No tengo un nombre."  Which is, "I don't have a name."

 

 

If I can find him in IRC, I'll ask a Spanish guy that plays a game that I play.

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code when creating topics.

 

Full Path Disclosure:

http://sharedhomour.org/en/view_discussion.php

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/technoto/public_html/en/view_discussion.php on line 24

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/technoto/public_html/en/view_discussion.php on line 30

 

Full Path Disclosure:

http://sharedhomour.org/en/index.php?id=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/technoto/public_html/en/index.php on line 25

 

When you register and login you can't post on the forums. It says you must login.

 

You can submit blank entries.

[phpSensei]

I am sorry but the layout is very disturbing.

[Absorbator]

I have made several accounts and they work. Example:

If your account doesn't work, try to make another account. There are some bugs in "log in" script, I'll try to fix them.

[phpSensei]

http://sharedhomour.org/en/view_text.php?textid[]

 

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/technoto/public_html/en/view_text.php on line 20

 

http://sharedhomour.org/en/view_topics.php?id=-">'

 

Form Breaks

[darkfreaks]

TRACE Method Enabled

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

Attack details

No details are available.

 

 

 

 

How to fix this vulnerability

Disable TRACE Method on the web server.

 

 

Vulnerability description

A possible sensitive file has been found. This file is not directly linked from the website. This check looks for known sensitive files like: password files, configuration files, log files, include files, statistics data, database dumps. Each of those files may help an attacker to learn more about his target.

This vulnerability affects /log.txt.

The impact of this vulnerability

This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Attack details

No details are available.

How to fix this vulnerability

Restrict access to this file or remove it from the website