Design Monkeys - Need Feedback

[gaza165]

Hi all I need people to test my website for any flaws or design muck ups!!!

 

 

http://www.thedesignmonkeys.co.uk

 

Everyone can login using...

 

username: tester

password: tester

 

If people could leave feedback via the blog or on php freaks, that would be really helpfull.

 

Thanks Guys

 

Garry

[Maq]

Haven't gone through the whole site but I typed in the wrong password and when I went to the next screen to try again, I typed in the correct credentials (tester//tester) and received this error:

 

Not Found

 

The requested URL /login/login/process.php was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

[Coreye]

There was a cross site scripting issue, but it looks like you fixed that.

 

Full Path Disclosure:

http://www.thedesignmonkeys.co.uk/blog_files/homeblog.php

Warning: include(dbconnect/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/thedesig/public_html/blog_files/homeblog.php on line 4

 

Warning: include(dbconnect/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/thedesig/public_html/blog_files/homeblog.php on line 4

 

Warning: include() [function.include]: Failed opening 'dbconnect/dbconnect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/thedesig/public_html/blog_files/homeblog.php on line 4

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'thedesig'@'localhost' (using password: NO) in /home/thedesig/public_html/blog_files/homeblog.php on line 47

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/thedesig/public_html/blog_files/homeblog.php on line 47

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/thedesig/public_html/blog_files/homeblog.php on line 51

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/thedesig/public_html/blog_files/homeblog.php on line 84

 

Every once in awhile I see this:

Warning: getimagesize(http://www.thedesignmonkeys.co.uk/img/Blog/blog_images/monkey.gif) [function.getimagesize]: failed to open stream: HTTP request failed! in /home/thedesig/public_html/blog_files/homeblog.php on line 65

 

Warning: Division by zero in /home/thedesig/public_html/blog_files/homeblog.php on line 31

[gaza165]

yeah thanks for that... also need to validate my comments area... as you have shown u can enter nothing and it will still show..

 

I have an image resize script and sometimes it has trouble getting the images... but when u refresh it is ok again.... will work on it....

 

 

 

thanks

[Maq]

All of your links on the right hand side under "categories" I get this error:

 

Not Found

 

The requested URL /blog/blog.php was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Also for you javascript to show recent blog entries it shows:

 

#

#

\">

Corey:

\">

Corey

 

Looks like some sort of incomplete code or code in the wrong place.

[Coreye]

Also for you javascript to show recent blog entries it shows:

 

#

<script type=\"text/javascript\" src=\"http://www.scriptscribes.n:

<script type=\"text/javas

#

\"><marquee><h1>Corey:

\"><marquee><h1>Corey

 

Looks like some sort of incomplete code or code in the wrong place.

 

That was me testing for XSS.

[Maq]

Thought something like that.  Everything else looks fine to me...  but on the security side I'm not too knowledgeable.  I'm sure some of the security enthusiasts can help you out...