please test for security!

[darkfreaks]

its good

[ricmetal]

edit as far as injections, looks like it

inject me still produces errors when i type in extra variables on my code that have nothing to do with the db

 

but they are all 302 errors and the db isnt populated, so i guess thats ok

 

[ricmetal]

must add the other stuff to further protect the site

[darkfreaks]

please paste your code so we can see why exactly it is failing

[darkfreaks]

ok let me know if the code i sent ya works it should filter and sanitize your $_GET[msg] code

[darkfreaks]

just incase you didnt get my inbox

 

<?php
]echo "<div class=\"msgOk\">" filter_var($_GET[msg],FILTER_SANITIZE_STRING);" </div>"; ?>

 

erase the code i originally gave you, it wont work right. let me know if u still get errors it may be syntax if anything.

[ricmetal]

still getting errors with the filter sanatize

 

but im  sure its not because of the gets

 

its something else i added

 

ill strip down the code to where it stoped giving me trouble then ill let you know

[darkfreaks]

what were the errors ???

[darkfreaks]

nvm

[ricmetal]

hey, pm sent, with the code that doesnt get triggered by inject

try out on the site, ull see 0 errors, but my db gets populated

[ricmetal]

well,m not anymore 

[Hinty]

XSS is present on the deals section.

 

when inserting a deal enter <script>alert(document.cookie);</script> and a popup will appear when viewing list of deals.

[ricmetal]

gracias

*fixed now*

thanks

[Hinty]

Thers also another XSS vulnerability present with same deals section.

 

You can use it by entering javascript:alert(document.cookie); into the '** I JOIN'  field.

This requires the user to click the link for the attack to happen.

 

Its also displaying the values twice, is that supposed to happen?

[ricmetal]

 

thanks for that

im getting on checking xss out

thanks

[ricmetal]

ok, i figured out how to use a code i had here. thanks dark!

hinty plse check now

 

thanks for all help so far, really, im plain lazy when it comes to learning

but implementing, im there 

thanks

[Hinty]

yup all good, cant find any others at the moment

[darkfreaks]

XSS me and SQL inject me checks out good

[ricmetal]

yeo thanks very much

[darkfreaks]

your adddeals.php still has injection try this:

<?php

function clean($var)
{
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}

$referralForm=clean($_POST['referralForm']);
$dealForm=clean($_POST['dealForm']);
$my_ptcForm=clean($_POST['my_ptcForm']);
$his_ptcForm=clean($_POST['his_ptcForm']);
$contact_userForm=clean($_POST['contact_userForm']);
$recaptcha_challenge_field=clean($_POST['recaptcha_challenge_field']);
$recaptcha_response_field=clean($_POST['recaptcha_response_field'];
$submit=clean($_POST['submit']);
?>

[ricmetal]

still has 302 errors

but doesnt inject anything but blank spaces...

 

check here

http://www.dealsground.byethost7.com/adddeal.php

 

ill postie the code for you

maybe u can see whats wrong

thanks

[darkfreaks]

is test@test.com still the login im having trouble logging in ???

[ricmetal]

dealstesting@fake.com

12345678

[darkfreaks]

im still seeing injection can you paste the link to the current code so i can see it? and copy the 302 errors ???

[ricmetal]

sure

 

http://www.pastie.org/private/csd8h7sohvjrxagvfsdn2w