Jump to content

Is my site secure for users to register.

ryanfilard

By ryanfilard
in Beta Test Your Stuff!

 Share

Recommended Posts

  • 2 weeks later...
cssfreakie Regular Member

cssfreakie

Posted
Posted

as far as i can tell, you allow very odd passwords usernames and emailaddresses. Also the script to verify the emailadress is not working correctly since anything is valid.

 

Also i have a strong feeling (which i am happy to email you) that some other form is allowing pretty bad things.

 

ryanfilard Advanced Member

ryanfilard

Posted
  • Author
Posted

as far as i can tell, you allow very odd passwords usernames and emailaddresses. Also the script to verify the emailadress is not working correctly since anything is valid.

 

Also i have a strong feeling (which i am happy to email you) that some other form is allowing pretty bad things.

 

I fixed everything but the Verify Script I don't think there are any more issues beside SQL Injection

cssfreakie Regular Member

cssfreakie

Posted
Posted

well make sure you fixed that sql injection vulnerability, because otherwise someone could walk off with your database. And i assume you don't want to end up (ryan)weekly in the papers like sony does ;)

 

btw are you using:  

action="<?php echo $_SERVER['PHP_SELF'];?>"

in your forms?

 

right now some forms are vulnerable for cross side scripting. Have a read here how to prevent it: http://seancoates.com/blogs/xss-woes

 

  • 3 weeks later...
thewooleymammoth Advanced Member

thewooleymammoth

Posted
Posted

well make sure you fixed that sql injection vulnerability, because otherwise someone could walk off with your database. And i assume you don't want to end up (ryan)weekly in the papers like sony does ;)

 

btw are you using:  

action="<?php echo $_SERVER['PHP_SELF'];?>"

in your forms?

 

right now some forms are vulnerable for cross side scripting. Have a read here how to prevent it: http://seancoates.com/blogs/xss-woes

 

If you want to post to the same page your at, 

action=''
//or
action='?this=works&also='

[/code] is all you need. Problem solved.

  • 2 weeks later...
Coreye Member

Coreye

Posted
Posted

SQL Error:

If you're not logged in and you try to post on a user profile you get this error: Column 'post' cannot be null.

 

SQL Error:

http://www.ryanweekly.com/user/?p='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' ORDER BY id DESC LIMIT 0, 6' at line 1
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.