waynewex Posted May 23, 2009 Share Posted May 23, 2009 Building a site for Bebo skin (graphical skin for profile) makers. Need people to test it out and maybe find some vulnerabilities. http://myportfolioww.comli.com/index.php If you get sent back to the homepage when you didn't expect to, it's because my 404 error redirects there. Link to comment Share on other sites More sharing options...
waynewex Posted May 29, 2009 Author Share Posted May 29, 2009 Could somebody test the security? Confirmation that I have permission. Username: email@phpfreaks.com Password: phpfreaks Link to comment Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 you haveXSS injection on: signup.php Might want to use the following functions to escape XSS injection: Trim()- escapes white space before and after a string. strip_tags()- removes unspecified JS/PHP and HTML tags. filter_var($string,FILTER_SANITIZE_STRING)-Removes Html tags and encodes unwanted characters Link to comment Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 might want to check submit.php as well Link to comment Share on other sites More sharing options...
darkfreaks Posted May 29, 2009 Share Posted May 29, 2009 XSS: edit-profile.php Link to comment Share on other sites More sharing options...
Recommended Posts