Jump to content

Is my site secure for users to register.


Recommended Posts

  • 2 weeks later...

as far as i can tell, you allow very odd passwords usernames and emailaddresses. Also the script to verify the emailadress is not working correctly since anything is valid.

 

Also i have a strong feeling (which i am happy to email you) that some other form is allowing pretty bad things.

 

Link to comment
Share on other sites

as far as i can tell, you allow very odd passwords usernames and emailaddresses. Also the script to verify the emailadress is not working correctly since anything is valid.

 

Also i have a strong feeling (which i am happy to email you) that some other form is allowing pretty bad things.

 

I fixed everything but the Verify Script I don't think there are any more issues beside SQL Injection

Link to comment
Share on other sites

well make sure you fixed that sql injection vulnerability, because otherwise someone could walk off with your database. And i assume you don't want to end up (ryan)weekly in the papers like sony does ;)

 

btw are you using: 

action="<?php echo $_SERVER['PHP_SELF'];?>"

in your forms?

 

right now some forms are vulnerable for cross side scripting. Have a read here how to prevent it: http://seancoates.com/blogs/xss-woes

 

Link to comment
Share on other sites

  • 3 weeks later...

well make sure you fixed that sql injection vulnerability, because otherwise someone could walk off with your database. And i assume you don't want to end up (ryan)weekly in the papers like sony does ;)

 

btw are you using: 

action="<?php echo $_SERVER['PHP_SELF'];?>"

in your forms?

 

right now some forms are vulnerable for cross side scripting. Have a read here how to prevent it: http://seancoates.com/blogs/xss-woes

 

If you want to post to the same page your at,

action=''
//or
action='?this=works&also='

[/code] is all you need. Problem solved.

Link to comment
Share on other sites

  • 2 weeks later...

SQL Error:

If you're not logged in and you try to post on a user profile you get this error: Column 'post' cannot be null.

 

SQL Error:

http://www.ryanweekly.com/user/?p='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' ORDER BY id DESC LIMIT 0, 6' at line 1
Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.