beansandsausages Posted December 12, 2008 Share Posted December 12, 2008 Will you just test my site please, All there is working atm is Private messages. You just check you sql injection etc ... please. www.burnside.net46.net there is 3 accounts for testing. username > password account1 > password account2 > password account3 > password Link to comment https://forums.phpfreaks.com/topic/136680-my-site/ Share on other sites More sharing options...
Hinty Posted December 12, 2008 Share Posted December 12, 2008 XSS http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script> Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713760 Share on other sites More sharing options...
beansandsausages Posted December 12, 2008 Author Share Posted December 12, 2008 XSS http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script> Fixed. i called the wrong function to sanatize it ha ha next? Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713768 Share on other sites More sharing options...
Hinty Posted December 12, 2008 Share Posted December 12, 2008 Looks all good to me Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713775 Share on other sites More sharing options...
beansandsausages Posted December 12, 2008 Author Share Posted December 12, 2008 Looks all good to me thanx know wrong bored but is the design okay? Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713777 Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 might want to strip out XSS code. try this <?php function clean($var){ $var = trim(strip_tags(mysql_real_escape_string($var))); $var = htmlspecialchars($var,ENT_QUOTES); } array_walk_recursive($_POST,'clean'); //array_walk($_POST,'clean');// PHP 4 output ?> Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713781 Share on other sites More sharing options...
beansandsausages Posted December 12, 2008 Author Share Posted December 12, 2008 might want to strip out XSS code. try this <?php function clean($var){ $var = trim(strip_tags(mysql_real_escape_string($var))); $var = htmlspecialchars($var,ENT_QUOTES); } array_walk_recursive($_POST,'clean'); //array_walk($_POST,'clean');// PHP 4 output ?> Yeah i downloaded the log from the database and noticed a few ill do that in abit. Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713791 Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 alright let me know once it is applied Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713797 Share on other sites More sharing options...
beansandsausages Posted December 12, 2008 Author Share Posted December 12, 2008 alright let me know once it is applied done. didnt use the function you gave tho. Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713810 Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 how are you sanitizing it , i am still able to inject code without it stripping it ??? Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-713843 Share on other sites More sharing options...
gevans Posted December 13, 2008 Share Posted December 13, 2008 design looks ok, bit narrow. you want to be working to 990 wide really Link to comment https://forums.phpfreaks.com/topic/136680-my-site/#findComment-714359 Share on other sites More sharing options...
Recommended Posts