waynew Posted October 4, 2008 Share Posted October 4, 2008 Hey guys, I've got a site. Could you test the hell out of it? I've been working on it for a month now around the clock. So much more to do but I'd like to see some experienced members test its security etc. http://mytestserver.net78.net (Bit slow because its a shared server on a free host) :-\ Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/ Share on other sites More sharing options...
darkfreaks Posted October 5, 2008 Share Posted October 5, 2008 Input Type Password Autocomplete Enabled An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. < INPUT TYPE="password" AUTOCOMPLETE="off" > Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-657719 Share on other sites More sharing options...
waynew Posted October 5, 2008 Author Share Posted October 5, 2008 Fixed: <input name="password" type="password" class="textfield" id="password" AUTOCOMPLETE="off" /> I had been meaning to do that for a while actually. Thanks for the reminder. Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-657735 Share on other sites More sharing options...
darkfreaks Posted October 5, 2008 Share Posted October 5, 2008 no its not im still picking it up on index and signup :-\ Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-657738 Share on other sites More sharing options...
waynew Posted October 6, 2008 Author Share Posted October 6, 2008 No you see that's only the test version of the one I uploaded on Saturday. The one that has been developed and worked on since is on my own localhost. Soon I will take off the captcha and provide you with a login so that maybe your scanner could look for XSS and SQL injection points? That's if you want to of course. Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-657985 Share on other sites More sharing options...
darkfreaks Posted October 7, 2008 Share Posted October 7, 2008 i do not need a login to scan stuff. your secure SQL and XSS wise. Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-658596 Share on other sites More sharing options...
waynew Posted October 7, 2008 Author Share Posted October 7, 2008 But there are plent of forms to fill in etc and I found that my send mail was completely ill-equipped to deal with XSS Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-658825 Share on other sites More sharing options...
darkfreaks Posted October 7, 2008 Share Posted October 7, 2008 ill scan again but i dont think anything will pop up Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-659134 Share on other sites More sharing options...
GraphiX Posted October 10, 2008 Share Posted October 10, 2008 SQL-Inject-Me say the front page is all good! Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-662042 Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 XSS me is all good too Link to comment https://forums.phpfreaks.com/topic/127031-social-network-test-version/#findComment-663579 Share on other sites More sharing options...
Recommended Posts