burnside Posted December 12, 2008 Share Posted December 12, 2008 Will you just test my site please, All there is working atm is Private messages. You just check you sql injection etc ... please. www.burnside.net46.net there is 3 accounts for testing. username > password account1 > password account2 > password account3 > password Link to comment Share on other sites More sharing options...
Hinty Posted December 12, 2008 Share Posted December 12, 2008 XSS http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script> Link to comment Share on other sites More sharing options...
burnside Posted December 12, 2008 Author Share Posted December 12, 2008 XSS http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script> Fixed. i called the wrong function to sanatize it ha ha next? Link to comment Share on other sites More sharing options...
Hinty Posted December 12, 2008 Share Posted December 12, 2008 Looks all good to me Link to comment Share on other sites More sharing options...
burnside Posted December 12, 2008 Author Share Posted December 12, 2008 Looks all good to me thanx know wrong bored but is the design okay? Link to comment Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 might want to strip out XSS code. try this <?php function clean($var){ $var = trim(strip_tags(mysql_real_escape_string($var))); $var = htmlspecialchars($var,ENT_QUOTES); } array_walk_recursive($_POST,'clean'); //array_walk($_POST,'clean');// PHP 4 output ?> Link to comment Share on other sites More sharing options...
burnside Posted December 12, 2008 Author Share Posted December 12, 2008 might want to strip out XSS code. try this <?php function clean($var){ $var = trim(strip_tags(mysql_real_escape_string($var))); $var = htmlspecialchars($var,ENT_QUOTES); } array_walk_recursive($_POST,'clean'); //array_walk($_POST,'clean');// PHP 4 output ?> Yeah i downloaded the log from the database and noticed a few ill do that in abit. Link to comment Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 alright let me know once it is applied Link to comment Share on other sites More sharing options...
burnside Posted December 12, 2008 Author Share Posted December 12, 2008 alright let me know once it is applied done. didnt use the function you gave tho. Link to comment Share on other sites More sharing options...
darkfreaks Posted December 12, 2008 Share Posted December 12, 2008 how are you sanitizing it , i am still able to inject code without it stripping it ??? Link to comment Share on other sites More sharing options...
gevans Posted December 13, 2008 Share Posted December 13, 2008 design looks ok, bit narrow. you want to be working to 990 wide really Link to comment Share on other sites More sharing options...
Recommended Posts