Please test my forum!

[dannyluked]

Hi,

I have been working on a forum for a while now (2 months). I have only been doing it slowly and the main reason I have done it is so that it is simple and easy for me to edit. Please test the forum for all practical things and security flaws. Anyway enough blab, have a look and please give me constructive critasism on the forum either via;

- [email protected]

- through my forum

- or through this forum!

 

Log in with;

Username = test

Password = test

http://dannyluked.comze.com/forum

 

This is the link to my profile: Here

 

Thanks,

PS. I only want you to test the forum, not the whole site!

[Coreye]

You can make topics as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=21.

 

You can reply to topics as other users. http://dannyluked.comze.com/forum/view_topic.php?id=5.

 

Cross Site Scripting (XSS):  http://dannyluked.comze.com/forum/view_topic.php?id=21.

 

You can edit other users threads. Example: http://dannyluked.comze.com/forum/view_topic.php?id=8.

 

You can make blank threads.

 

You can make blank replies.

 

 

[dannyluked]

Thanks for the testing. But could you please tell me how you have done these things and what file you can xss into?

Thanks again!

[dannyluked]

Hi again,

I think I have stopped the XSS (resulting in not being able to do any of the things you commented on) and I have also stopped the ability to post blank comments/topics.

 

Please tell me if you find any other security threats!

Thanks

[Coreye]

You can still reply as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=9.

 

SQL Error:

http://dannyluked.comze.com/forum/view_topic.php?id=33

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Corey from PHPFreaks.');</script>'' at line 1

 

$_POST and $_GET variables can be edited easily.

[dannyluked]

Again, thanks for the testing but could you ellaborate on how you are doing that! Also could you tell me of any ways to stop it.

 

EDIT: I have now added code so hopefully you can't now XSS into a reply...

[cags]

To prevent XSS in a reply you should simply have to pass the text entered through htmlentities (which it looks like you have now done). I did a bit of messing with various things. At one point I got a message saying something along the lines of "Don't try and xss my site", whilst this is good what I was trying had nothing to-do with XSS, I was simply playing with the POST values.

[dannyluked]

Thanks, I have changed the message and hopefully I have stopped any xss into the forum! The forum will only be used by simple computer users anyway but I may use the code again, when I'm older if I go into PHP coding. Could someone please comment on the functionality of the forum and design please but I am still willing to hear of any other security threats...

[dannyluked]

The forum is now finished! I need it testing again as code has been changed and added. Also tell me what you think of the 'statistics' and 'who is online' in the index of the site.

 

Thanks

[runnerjp]

Hey,

 

Just thought i would add a few suggestions rather then security flaws- of which myself cant find any.

 

When posting a reply, instead of showing the screen saying

 

Your Reply was added to test

View the topic or go to all forums?

 

why not just jump them to this page http://dannyluked.comze.com/forum/view_forum.php?id=??

 

just because it keeps it all looking clean!

[oni-kun]

The following failed the test to be encoded:

 

 

You're allowing roughly 9 XSS strings to be passed, not excluding:

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(document.cookie);>