charlton Posted February 23, 2009 Share Posted February 23, 2009 I have just finished creating a simple, user friendly PHP gallery application. It has an administrator area where the admin can add, remove, change etc collections, albums and pictures. The frontend design is as simple as it gets because it will be customized to each individual site it is built into. Can people let me know of any vulnerabilities or bugs that I have missed. I'm not too fussed about vulnerabilities (e.g. XSS) in the admin section because the admin will only be hacking the own site! Frontend URL: http://gallery.ambion.com.au/gallery Admin URL: http://gallery.ambion.com.au/admin/login.php Admin User: admin Admin Pass: admin Verification that this is my site: http://gallery.ambion.com.au/verify.html Link to comment Share on other sites More sharing options...
waynew Posted February 24, 2009 Share Posted February 24, 2009 See here Also, use htmlentities when outputting gallery name. When logged in, see here. Link to comment Share on other sites More sharing options...
JonnoTheDev Posted February 24, 2009 Share Posted February 24, 2009 Looks knackered Link to comment Share on other sites More sharing options...
charlton Posted March 2, 2009 Author Share Posted March 2, 2009 Looks knackered Please explain! Link to comment Share on other sites More sharing options...
JonnoTheDev Posted March 2, 2009 Share Posted March 2, 2009 Was all kinds of broken images when I looked last. Looks like you've sorted it. Link to comment Share on other sites More sharing options...
waynew Posted March 2, 2009 Share Posted March 2, 2009 Still open to XSS Link to comment Share on other sites More sharing options...
Recommended Posts