waynew Posted May 23, 2009 Share Posted May 23, 2009 Building a site for Bebo skin (graphical skin for profile) makers. Need people to test it out and maybe find some vulnerabilities. http://myportfolioww.comli.com/index.php If you get sent back to the homepage when you didn't expect to, it's because my 404 error redirects there. Link to comment https://forums.phpfreaks.com/topic/159385-mini-social-network/ Share on other sites More sharing options...
waynew Posted May 29, 2009 Author Share Posted May 29, 2009 Could somebody test the security? Confirmation that I have permission. Username: [email protected] Password: phpfreaks Link to comment https://forums.phpfreaks.com/topic/159385-mini-social-network/#findComment-844809 Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 you haveXSS injection on: signup.php Might want to use the following functions to escape XSS injection: Trim()- escapes white space before and after a string. strip_tags()- removes unspecified JS/PHP and HTML tags. filter_var($string,FILTER_SANITIZE_STRING)-Removes Html tags and encodes unwanted characters Link to comment https://forums.phpfreaks.com/topic/159385-mini-social-network/#findComment-845055 Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 might want to check submit.php as well Link to comment https://forums.phpfreaks.com/topic/159385-mini-social-network/#findComment-845121 Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 XSS: edit-profile.php Link to comment https://forums.phpfreaks.com/topic/159385-mini-social-network/#findComment-845169 Share on other sites More sharing options...
Recommended Posts