Jump to content

Please test my forum!


dannyluked

Recommended Posts

Hi,

I have been working on a forum for a while now (2 months). I have only been doing it slowly and the main reason I have done it is so that it is simple and easy for me to edit. Please test the forum for all practical things and security flaws. Anyway enough blab, have a look and please give me constructive critasism on the forum either via;

- dannyluked@blueyonder.co.uk

- through my forum

- or through this forum!

 

Log in with;

Username = test

Password = test

http://dannyluked.comze.com/forum

 

This is the link to my profile: Here

 

Thanks,

PS. I only want you to test the forum, not the whole site!

Link to comment
Share on other sites

You can make topics as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=21.

 

You can reply to topics as other users. http://dannyluked.comze.com/forum/view_topic.php?id=5.

 

Cross Site Scripting (XSS):  http://dannyluked.comze.com/forum/view_topic.php?id=21.

 

You can edit other users threads. Example: http://dannyluked.comze.com/forum/view_topic.php?id=8.

 

You can make blank threads.

 

You can make blank replies.

 

 

Link to comment
Share on other sites

You can still reply as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=9.

 

SQL Error:

http://dannyluked.comze.com/forum/view_topic.php?id=33

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Corey from PHPFreaks.');</script>'' at line 1

 

$_POST and $_GET variables can be edited easily.

Link to comment
Share on other sites

To prevent XSS in a reply you should simply have to pass the text entered through htmlentities (which it looks like you have now done). I did a bit of messing with various things. At one point I got a message saying something along the lines of "Don't try and xss my site", whilst this is good what I was trying had nothing to-do with XSS, I was simply playing with the POST values.

Link to comment
Share on other sites

Thanks, I have changed the message and hopefully I have stopped any xss into the forum! The forum will only be used by simple computer users anyway but I may use the code again, when I'm older if I go into PHP coding. Could someone please comment on the functionality of the forum and design please but I am still willing to hear of any other security threats...

Link to comment
Share on other sites

  • 3 weeks later...
  • 3 weeks later...

Hey,

 

Just thought i would add a few suggestions rather then security flaws- of which myself cant find any.

 

When posting a reply, instead of showing the screen saying

 

Your Reply was added to test

View the topic or go to all forums?

 

why not just jump them to this page http://dannyluked.comze.com/forum/view_forum.php?id=??

 

just because it keeps it all looking clean!

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.