My site

[burnside]

Will you just test my site please, All there is working atm is Private messages. You just check you sql injection etc ... please.

 

www.burnside.net46.net

 

there is 3 accounts for testing.

 

username > password

 

account1 > password

account2 > password

account3 > password

[Hinty]

XSS

 

http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script>

[burnside]

XSS

 

http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script>

 

Fixed.

 

i called the wrong function to sanatize it ha ha

 

next?

[Hinty]

Looks all good to me

[burnside]

Looks all good to me

 

thanx know wrong bored but is the design okay?

[darkfreaks]

might want to strip out XSS code. try this

<?php
function clean($var){
  $var = trim(strip_tags(mysql_real_escape_string($var)));
  $var = htmlspecialchars($var,ENT_QUOTES);
}

array_walk_recursive($_POST,'clean');

//array_walk($_POST,'clean');// PHP 4 output
?>

[burnside]

might want to strip out XSS code. try this

<?php
function clean($var){
  $var = trim(strip_tags(mysql_real_escape_string($var)));
  $var = htmlspecialchars($var,ENT_QUOTES);
}

array_walk_recursive($_POST,'clean');

//array_walk($_POST,'clean');// PHP 4 output
?>

 

Yeah i downloaded the log from the database and noticed a few ill do that in abit.

[darkfreaks]

alright let me know once it is applied

[burnside]

alright let me know once it is applied

 

done.

 

didnt use the function you gave tho.

[darkfreaks]

how are you sanitizing it , i am still able to inject code without it stripping it ???

[gevans]

design looks ok, bit narrow. you want to be working to 990 wide really