Any security risks? loopholes?

[tommyda]

Could anyone help me with finding security risks with this script.

 

http://websiteconstructionteam.com/phptesting/mobile-social-networking

 

Any help would be much appreciated

 

Thanks

[darkfreaks]

refer to this thread:

 

http://www.phpfreaks.com/forums/index.php/topic,232470.0.html

 

[tommyda]

http://websiteconstructionteam.com/phptesting/mobile-social-networking/phpfreaks.php proof its my site

[darkfreaks]

Login and register are secure you got a test login we could use ???

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code when you register and and it will execute after you login.

 

Cross Site Scripting(XSS):

http://websiteconstructionteam.com/phptesting/mobile-social-networking/profile.php?user="><marquee><h1>test

 

Full Path Disclosure:

http://websiteconstructionteam.com/phptesting/mobile-social-networking/newblog.php

Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/newblog.php:13) in /home/website/public_html/phptesting/mobile-social-networking/newblog.php on line 58

 

Full Path Disclosure:

http://websiteconstructionteam.com/phptesting/mobile-social-networking/newmsg.php?to=

Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/config.php:2) in /home/website/public_html/phptesting/mobile-social-networking/newmsg.php on line 37

 

Full Path Disclosure:

http://websiteconstructionteam.com/phptesting/mobile-social-networking/inbox.php

Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/config.php:2) in /home/website/public_html/phptesting/mobile-social-networking/inbox.php on line 41