Test

[waynewex]

Could you guys test my new site? It's only new and I want to fix the bugs and iron everything out within the next two months. Cheers

 

http://beboskinszone.com

[JasonLewis]

I didn't test much, didn't get time. Read the article "20 worst things about Bebo". You know, I hate all those sites. Bebo, MySpace, Facebook. They really p me off. That article made me laugh.

 

Site looks good though. Very user friendly. Eye-appealing and easy on the eye as well.

 

p.s: Do you honestly like Bebo? It doesn't seem like it.

[waynewex]

I suppose its because it was the first social network site that I ever signed up to. I just use it for profit now really. I have a profile with 30000 views and twenty group pages that I advertise via. Big keyword market for Bebo skins.

[jjk2]

where did you get this design? its very clean and nice.

[darkfreaks]

Revealing Error Message Vulnerability

 

Over-informative error messages (or error messages not meant for general consumption such as debug messages) can reveal targets or exploits for attack attempts.

 

Combined with an automated scan and injection attack, a page or application may be purposely fed inappropriate data to try and provoke a revealing error message.

Remedy

 

    *

      Enable a configurable “debug” mode such that if such a mode is disabled, only a generic message disclaiming that “an” error happened and perhaps “the administrator has been notified”.

 

 

 

[Daniel0]

The diagonal stripes in the content areas are distracting when reading. If you want them then I suggest you put them in the background instead.

[waynewex]

where did you get this design? its very clean and nice.

 

Credit is given on the footer. Or if you're really that hardcore, check the source. 

 

DarkFreaks: Thanks for that man. I'll just throw the old: error_reporting(0); in there.

 

Daniel. What do you mean? On all blog content, there are no stripes? You mean on the summaries?

[darkfreaks]

is your server up? it keeps saying not found on my scanner

[Lamez]

on your contact me form, you need to use php not JavaScript to validate your form, I turned my JS off and was able to mess with the form!

[darkfreaks]

Application error message

This page contains an error/warning message that may disclose the sensitive information.The message can also contain the location of the file that produced the unhandled exception.

 

This may be a false positive if the error message is found in documentation pages.

This vulnerability affects /contact.php.

The impact of this vulnerability

The error messages may disclose sensitive information. This information can be used to launch further attacks.

 

Attack details

The Cookie variable __utmc has been set to .

How to fix this vulnerability

Review the source code for this script.

 

Application error message

This page contains an error/warning message that may disclose the sensitive information.The message can also contain the location of the file that produced the unhandled exception.

 

This may be a false positive if the error message is found in documentation pages.

This vulnerability affects /contact.php.

This vulnerability affects /blog.php.

This vulnerability affects /bebo-skin.php.

 

 

The impact of this vulnerability

The error messages may disclose sensitive information. This information can be used to launch further attacks.

 

Attack details

The HTTP header x-forwarded-for has been set to 268435455.

The GET variable article has been set to NULL.

The GET variable article has been set to 0x3fffffff.

The HTTP header user-agent has been set to -1.0.

The Cookie variable __utmz has been set to 0xffffffff.

The HTTP header referer has been set to 0xffffffff.

The Cookie variable __utmb has been set to 0x80000000.

The Cookie variable __utmc has been set to \'\");|]*{%0d%0a<%00.

The Cookie variable __utma has been set to 0.

 

 

How to fix this vulnerability

Review the source code for this script. Use strip_tags() and trim().

 

 

 

[darkfreaks]

Email address found

One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found.

This vulnerability affects /blog.php

This vulnerability affects /bebo-skins.php

This vulnerability affects /bebo-skin.php

This vulnerability affects /bebo-blog.php

This vulnerability affects /colorful-bebo-skins.php

This vulnerability affects /funny-bebo-skin.php

This vulnerability affects /fashion-bebo-skins.php

This vulnerability affects /music-bebo-skins.php

This vulnerability affects /movie-bebo-skins.php

This vulnerability affects /index.php

This vulnerability affects /links.php

This vulnerability affects /plain-bebo-skins.php

This vulnerability affects /random-bebo-skins.php

This vulnerability affects /rude-bebo-skins.php

This vulnerability affects /sitemap.php

This vulnerability affects /sport-bebo-skins.php

This vulnerability affects /contact.php

 

The impact of this vulnerability

Email addresses posted on Web sites may attract spam

How to fix this vulnerability

http://evolt.org/article/Spam_Proofing_Your_Website/20/41849/

[inactive]

What scanner are you using darkfreaks?

[darkfreaks]

Acunetix

[inactive]

cool thanks