Security Test. Test my Web Application.

[jandrox_ox]

The purpose of the web is for unregistered users to search organizations based on keywords and for registered users to edit, create, delete organizations, keywords, accounts, etc. There are no graphics yet, I know, I will take care of that later.

 

You can access it through: http://citizensforsocialjustice.com/match/keywords/search

(I am not interested on anything outside of folder .../match, anything in there is fair game).

 

**There are two types of accounts, admins and organizations' owners. Here are two log in credentials for testing purposes

Admin account (username,password): test1,test1

Organization's account (username,password): test2,test2

 

Please, do not destroy the site if you find something? If you can post what you found with a solution, it would be great. Also, if you can't find anything, could you please post it just so that I know the test was successful?

 

Thanks in advance.

[Coreye]

Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html.

 

Thanks,

Corey.

[jandrox_ox]

Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html.

 

Thanks,

Corey.

Done, there is a link to my profile on the /keywords/search page.

[darkfreaks]

I shall abide by the new rule

 

anyhow with identity established i can honestly say that is SQL injection free from what i was able to inject into the forms and you stayed away from doing ?variable=variable in your urls so i can't inject there.

 

 

[jandrox_ox]

Anyone else wants to give it a try?