shank888 Posted October 20, 2008 Share Posted October 20, 2008 First and foremost, please only test int he testing area!!! and the link is: www.communitycouch.net Link to comment Share on other sites More sharing options...
dropfaith Posted October 20, 2008 Share Posted October 20, 2008 is there a demo account we can use to test with? i hat signing up for sites just to test Link to comment Share on other sites More sharing options...
shank888 Posted October 20, 2008 Author Share Posted October 20, 2008 demo@demo.com passowrd: demo Link to comment Share on other sites More sharing options...
Coreye Posted October 20, 2008 Share Posted October 20, 2008 Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewboard&board[] Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/.pouka/babblenet/communitycouch.net/includes/functions.php on line 75 Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewthread&board=2a&thread[] Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/.pouka/babblenet/communitycouch.net/includes/functions.php on line 75 You can post blank posts and threads. You can reply to threads that don't exist. Link to comment Share on other sites More sharing options...
Lamez Posted October 20, 2008 Share Posted October 20, 2008 in IE6, after I login, it logs me out (after it redirects me) Link to comment Share on other sites More sharing options...
Lamez Posted October 20, 2008 Share Posted October 20, 2008 oh wait, it just looks like it did, also I would remove the registration when the user is logged in. Link to comment Share on other sites More sharing options...
Maq Posted October 20, 2008 Share Posted October 20, 2008 After you login and it redirects you, you still see the login fields and the register link in the top nav. This is confusing to whether or not I'm logged in. Link to comment Share on other sites More sharing options...
shank888 Posted October 22, 2008 Author Share Posted October 22, 2008 Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewboard&board[] Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/.pouka/babblenet/communitycouch.net/includes/functions.php on line 75 Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewthread&board=2a&thread[] Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/.pouka/babblenet/communitycouch.net/includes/functions.php on line 75 Upon going to those links I do not seem to get the error you labeled. Link to comment Share on other sites More sharing options...
xylex Posted October 22, 2008 Share Posted October 22, 2008 SQL Injection http://www.communitycouch.net/index.php?action=viewboard&board=1a`%20JOIN%20`1b Link to comment Share on other sites More sharing options...
Coreye Posted October 22, 2008 Share Posted October 22, 2008 Upon going to those links I do not seem to get the error you labeled. Make sure your adding [] instead of just one [ at the end. I just tried them again and I'm getting errors. Link to comment Share on other sites More sharing options...
Hinty Posted October 23, 2008 Share Posted October 23, 2008 You can post a reply to a thread that doesn't exist. perform input validation to verify the user has permission to reply and the thread exists. Link to comment Share on other sites More sharing options...
shank888 Posted October 25, 2008 Author Share Posted October 25, 2008 thanx guys, I really appreciate this. I have a ton less errors on this version then my last! w00t! please feel free to continue testing. I will be adding up update hopefully in the near future to fix all the errors. thanx again Link to comment Share on other sites More sharing options...
allistera Posted October 26, 2008 Share Posted October 26, 2008 Mabie you should limit the width of the post area, and limit the amount of letters someone can post, examples: http://www.communitycouch.net/index.php?action=viewthread&board=1a&thread=00b541ece8ac084147fac2f73be36c3d http://www.communitycouch.net/index.php?action=viewthread&sec_action=create_thread2&board=2a Open Directory's: http://www.communitycouch.net/gfx/ It asks me to log in when I already have. You can create a topic with no title, just a space. and it doesn't require any text in the message area. All thread views are at a 10,000 by default. No BBcode? Link to comment Share on other sites More sharing options...
darkfreaks Posted October 28, 2008 Share Posted October 28, 2008 Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Apache Mod_SSL Log Function Format String Vulnerability This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Link to comment Share on other sites More sharing options...
darkfreaks Posted October 31, 2008 Share Posted October 31, 2008 on your register page you might want to encode the following characters on each variable: username,first_name,last_name,year ,email: = / \ ;not encoded Link to comment Share on other sites More sharing options...
bonne Posted November 16, 2008 Share Posted November 16, 2008 maybe you can, after logging in something like: "welcome [name]"? design looks good, did you made it yourself? Link to comment Share on other sites More sharing options...
shank888 Posted December 14, 2008 Author Share Posted December 14, 2008 maybe you can, after logging in something like: "welcome [name]"? design looks good, did you made it yourself? Thanks I can definatly add something like that in upcomming releases. as well thank you for the compliments ont he design, I made it bymyself. Link to comment Share on other sites More sharing options...
om Posted December 14, 2008 Share Posted December 14, 2008 First and foremost, please only test int he testing area!!! and the link is: www.communitycouch.net Serious Bug on your site When we reply and the post page is shown back::: Then when we refresh the page automatically same post gets posted repeatedly as many times as we REFRESH. THIS MAY BE DUE TO SAME URL REMAINS IN THE ADDRESS BAR. HAPPY DEBUGGING. cHECK MY MESSAGE BOARD www.ucy.in/tcmb By the way whats the size of ur s/w company team??? Link to comment Share on other sites More sharing options...
om Posted December 15, 2008 Share Posted December 15, 2008 maybe you can, after logging in something like: "welcome [name]"? design looks good, did you made it yourself? AFTER LOGGING OUT WHEN U USE BACK BUTTON TO SEE POSTS PAGE, IT SHOWS UP wHY. iT SHOULD DENY ACCESS WHEN BACK BUTTON IS PRESSED AS WE HAVE LOGGED OUT Link to comment Share on other sites More sharing options...
shank888 Posted December 16, 2008 Author Share Posted December 16, 2008 First and foremost, please only test int he testing area!!! and the link is: www.communitycouch.net Serious Bug on your site When we reply and the post page is shown back::: Then when we refresh the page automatically same post gets posted repeatedly as many times as we REFRESH. THIS MAY BE DUE TO SAME URL REMAINS IN THE ADDRESS BAR. HAPPY DEBUGGING. cHECK MY MESSAGE BOARD www.ucy.in/tcmb By the way whats the size of ur s/w company team??? Hi thank you for your bugs They should be fixed within the near future. Currently I am working on getting SQL Injection down to a minimum. I am not sure what you mean by "s/w" but for the site its self I am currently working me and one other programmer. Link to comment Share on other sites More sharing options...
ngreenwood6 Posted December 16, 2008 Share Posted December 16, 2008 I would only show the logout link on the page if the user is logged in. When I am not logged in and click the logout link it says it is logging me out and I was never logged in. Link to comment Share on other sites More sharing options...
darkfreaks Posted December 16, 2008 Share Posted December 16, 2008 Register.php: The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: ¼script¾document.vulnerable=true;¼/script¾ Link to comment Share on other sites More sharing options...
Recommended Posts