vmavrou Posted September 30, 2009 Share Posted September 30, 2009 Hi there, I was working for a project for my university. It's an electronic announcement board. http://vmavrou.freetzi.com You can check it out, use it , tell me what you think, and any add on that you think that can be usefull anything that should change or remove..any ideas welcome. You can surf as a public user, also you can use : username : beta password : beta and surf at the button E exam where this user is set with admin priviliges so you can try everything there. There some issues in some functions but anything you will notice and you report i will be gratefull. Thank you in advance Link to comment https://forums.phpfreaks.com/topic/176046-please-check-this-out-electonic-announcement-board/ Share on other sites More sharing options...
vmavrou Posted September 30, 2009 Author Share Posted September 30, 2009 proof : http://vmavrou.freetzi.com/id.txt Link to comment https://forums.phpfreaks.com/topic/176046-please-check-this-out-electonic-announcement-board/#findComment-927646 Share on other sites More sharing options...
darkfreaks Posted September 30, 2009 Share Posted September 30, 2009 your site is vunerable to XSS might try using strip_tags,trim to fix this. Link to comment https://forums.phpfreaks.com/topic/176046-please-check-this-out-electonic-announcement-board/#findComment-927695 Share on other sites More sharing options...
vmavrou Posted September 30, 2009 Author Share Posted September 30, 2009 Thanks a lot for the reply. I think i fix it using strip_tags. you can check it out and ensure it if you have time. Any other suggestion is welcome. Link to comment https://forums.phpfreaks.com/topic/176046-please-check-this-out-electonic-announcement-board/#findComment-927800 Share on other sites More sharing options...
darkfreaks Posted September 30, 2009 Share Posted September 30, 2009 i use htmlpurifier from htmlpurifier.org for my application it squelch's most if not all XSS strings also may want to check the Exam variable's they are vunerable. Link to comment https://forums.phpfreaks.com/topic/176046-please-check-this-out-electonic-announcement-board/#findComment-927818 Share on other sites More sharing options...
Recommended Posts