Lukeidiot Posted February 23, 2009 Share Posted February 23, 2009 Here's the site http://lukesq.sytes.net I built this from ground up, in PHP, and MySQL. Please test the sites security. Thanks! Link to comment https://forums.phpfreaks.com/topic/146457-test-for-custom-member-system-for-exploits/ Share on other sites More sharing options...
Coreye Posted February 24, 2009 Share Posted February 24, 2009 Cross Site Scripting (XSS): You can submit ">code when editing your profile and it will execute on the members list and when viewing profiles. Link to comment https://forums.phpfreaks.com/topic/146457-test-for-custom-member-system-for-exploits/#findComment-769952 Share on other sites More sharing options...
Lukeidiot Posted February 24, 2009 Author Share Posted February 24, 2009 Cross Site Scripting (XSS): You can submit ">code when editing your profile and it will execute on the members list and when viewing profiles. Thanks for that, I believe I have fixed this issue now. Link to comment https://forums.phpfreaks.com/topic/146457-test-for-custom-member-system-for-exploits/#findComment-769968 Share on other sites More sharing options...
darkfreaks Posted April 3, 2009 Share Posted April 3, 2009 you have some injection use something like <?php function connected(){ /* Create a new mysqli object with database connection parameters */ $mysqli = new mysqli('localhost', 'user','pass','database'); if(mysqli_connect_errno()) { echo "Connection Failed: " . mysqli_connect_errno(); exit(); } } function clean($text) { $text=trim(mysql_real_escape_string(strip_tags($text))); return $text; text.=html_entities($text,ENT_QUOTES); } $username= clean($_POST['username']); $login= clean($_POST['login']); $password=clean($_POST['password']); //using mysqli prepared statement to escape any other injection $connect= connected(); $stmt=$connect ->prepare("INSERT INTO table VALUES (:login,:username,:password)") $stmt ->bindParam(':login',$login); $stmt ->bindParam(':username',$username); $stmt ->bindParam(':password',$password); $stmt ->execute(); ?> Link to comment https://forums.phpfreaks.com/topic/146457-test-for-custom-member-system-for-exploits/#findComment-799990 Share on other sites More sharing options...
Recommended Posts