gaza165 Posted October 6, 2008 Share Posted October 6, 2008 Hi all I need people to test my website for any flaws or design muck ups!!! http://www.thedesignmonkeys.co.uk Everyone can login using... username: tester password: tester If people could leave feedback via the blog or on php freaks, that would be really helpfull. Thanks Guys Garry Link to comment Share on other sites More sharing options...
Maq Posted October 6, 2008 Share Posted October 6, 2008 Haven't gone through the whole site but I typed in the wrong password and when I went to the next screen to try again, I typed in the correct credentials (tester//tester) and received this error: Not Found The requested URL /login/login/process.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Link to comment Share on other sites More sharing options...
Coreye Posted October 6, 2008 Share Posted October 6, 2008 There was a cross site scripting issue, but it looks like you fixed that. Full Path Disclosure: http://www.thedesignmonkeys.co.uk/blog_files/homeblog.php Warning: include(dbconnect/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/thedesig/public_html/blog_files/homeblog.php on line 4 Warning: include(dbconnect/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/thedesig/public_html/blog_files/homeblog.php on line 4 Warning: include() [function.include]: Failed opening 'dbconnect/dbconnect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/thedesig/public_html/blog_files/homeblog.php on line 4 Warning: mysql_query() [function.mysql-query]: Access denied for user 'thedesig'@'localhost' (using password: NO) in /home/thedesig/public_html/blog_files/homeblog.php on line 47 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/thedesig/public_html/blog_files/homeblog.php on line 47 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/thedesig/public_html/blog_files/homeblog.php on line 51 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/thedesig/public_html/blog_files/homeblog.php on line 84 Every once in awhile I see this: Warning: getimagesize(http://www.thedesignmonkeys.co.uk/img/Blog/blog_images/monkey.gif) [function.getimagesize]: failed to open stream: HTTP request failed! in /home/thedesig/public_html/blog_files/homeblog.php on line 65 Warning: Division by zero in /home/thedesig/public_html/blog_files/homeblog.php on line 31 Link to comment Share on other sites More sharing options...
gaza165 Posted October 6, 2008 Author Share Posted October 6, 2008 yeah thanks for that... also need to validate my comments area... as you have shown u can enter nothing and it will still show.. I have an image resize script and sometimes it has trouble getting the images... but when u refresh it is ok again.... will work on it.... thanks Link to comment Share on other sites More sharing options...
Maq Posted October 6, 2008 Share Posted October 6, 2008 All of your links on the right hand side under "categories" I get this error: Not Found The requested URL /blog/blog.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Also for you javascript to show recent blog entries it shows: # # \">Corey: \">Corey Looks like some sort of incomplete code or code in the wrong place. Link to comment Share on other sites More sharing options...
Coreye Posted October 7, 2008 Share Posted October 7, 2008 Also for you javascript to show recent blog entries it shows: # <script type=\"text/javascript\" src=\"http://www.scriptscribes.n: <script type=\"text/javas # \"><marquee><h1>Corey: \"><marquee><h1>Corey Looks like some sort of incomplete code or code in the wrong place. That was me testing for XSS. Link to comment Share on other sites More sharing options...
Maq Posted October 8, 2008 Share Posted October 8, 2008 Thought something like that. Everything else looks fine to me... but on the security side I'm not too knowledgeable. I'm sure some of the security enthusiasts can help you out... Link to comment Share on other sites More sharing options...
Recommended Posts