Jump to content

Check out my social networking site.


Recommended Posts

Link: http://www.thebuddyfolder.com

 

Basically it's a social networking site coded in PHP with help from these forums :) Rather then what MySpace/Facebook do, which is connecting users by real life times, Buddy Folder allows users to list the usernames they use in MMORPGs, Instant Messengers, Skype, Forums etc... and then allows others to search and friend them based on that info. Tested mainly in IE8 and Chrome.

 

Would definitely appreciate any feedback. Especially those of you who create profiles and mess around with features. PHPFreaks is available to list your username under the communities section to get you started :)

Link to comment
Share on other sites

Cross Site Scripting (XSS):

You can submit "code in the user variable for profiles.

http://www.thebuddyfolder.com/profile.php?user="><marquee><h1>test

 

Cross Site Scripting (XSS):

You can submit ">code when adding picture captions.

http://www.thebuddyfolder.com/viewgallery.php?user=testing&cid=30&pid=34

 

SQL Error when sending PMs that include a '.

Could not send the message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'','0')' at line 1

 

You can view profiles don't exist:

http://www.thebuddyfolder.com/profile.php?user=1gygahjgajhgu615gajhg

 

The pagination for search doesn't work. It doesn't keep the search variable in the URL.

 

Link to comment
Share on other sites

  • 1 month later...

Just a suggestion to the OP but you could upgrade to Red hat Server Edition 5 which comes standard with SSL 3.0 and PHP 5.6  ;)

 

which is more up to date. if you don't have access to the servers , try contacting your web host see if they have a package or upgrade plan which includes an updated version of red hat.

 

 

also some of the files in

 

/polls

 

have blind SQL injection in them

 

when you have super global variables like script_uri/php_self etc please make sure you filter them with htmlspecialchars()

 

 

 

 

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • 3 months later...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.