Jump to content


Photo

Gamebu

flash unity html5 games free

  • This topic is locked This topic is locked
6 replies to this topic

#1 doddsey_65

doddsey_65
  • Members
  • PipPipPip
  • Advanced Member
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 18 June 2013 - 12:06 AM

*
POPULAR

http://gamebu.co.uk/phpfreaks.txt

 

Hi,

 

I have recently created http://www.gamebu.co.uk and would like some testing done before I add more features.

 

Gamebu is a site where you can play online games for free. Game types include Flash, Unity3D and HTML5.

 

I have a collection of over 1000 games so far from sites such as MochiGames, FreeOnlineGames and FlashGamesDistribution.

 

I would like to know if there are any security vulnerabilities and if everything works as expected (ie no dead links).

 

Thanks

Carl


Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#2 White_Lily

White_Lily
  • Members
  • PipPipPip
  • Advanced Member
  • 531 posts

Posted 19 June 2013 - 07:46 AM

Slight design flaw:

 

On the home page, at the bottom row of games you hover over them and a description for each game appears, however if you hover over the last one in the row you may notice (depending on screen size) that it gets partially cut off. my current screen size is 1366px in width and 768px in height.


"In order to be irreplaceable, one needs to be different from another."


#3 darkfreaks

darkfreaks
  • Members
  • PipPipPip
  • Advanced Member
  • 4,953 posts
  • LocationAustin,Texas

Posted 30 June 2013 - 05:43 AM

you have SQL Injection in  your input

 

 

suggest looking into  PHP PDO  to squash this. :thumb-up:



#4 doddsey_65

doddsey_65
  • Members
  • PipPipPip
  • Advanced Member
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 30 June 2013 - 10:21 PM

Care to mention which input?


Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#5 doddsey_65

doddsey_65
  • Members
  • PipPipPip
  • Advanced Member
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 10 July 2013 - 08:16 PM

Just an update for you guys.

 

I have a few new features that have been implemented on the staging subdomain http://staging.gamebu.co.uk

 

The features include:

 

  • User profiles
  • Adding friends (from profiles)
  • Activity timeline (of your friends)
  • Internal comment system
  • Session tracking (number of active users and guests)
  • Newest users indicator (under "logo")
  • Profile completion percentage (visit your profile for info)

 

If you could test these out and make sure everything is working I can begin deploying them to the live site.

 

Thanks


Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#6 Coreye

Coreye
  • Members
  • PipPipPip
  • PHPHelpCenter.com
  • 539 posts
  • LocationFlorida

Posted 12 July 2013 - 11:07 PM

Full Path Disclosure and Possible Database Field Leaks:
http://staging.gamebu.co.uk/user/test/

in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Template.php line 365
at Twig_Template->getAttribute(array('gender' => 'Unspecified'), 'username') in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Environment.php(320) : eval()'d code line 71


array(), 'users' => '0', 'guests' => '1', 'bots' => '0', 'newest_users' => array('data' => array(array('id' => '6', 'username' => 'Scott', 'location' => null, 'dob' => null, 'gender' => null), array(*DEEP NESTED ARRAY*)), 'pagination' => array('numbers' => array(*DEEP NESTED ARRAY*), 'total' => '1', 'pages' => '1')), 'app' => object(Application), 'currentPath' => '/user/test/'), array('javascript' => array(object(__TwigTemplate_7aa7a13f2a9aafd00efaae7720e1b51f), 'block_javascript'))) in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Template.php line 133


I clicked the link given in the activation email and received this error:

Sorry, we could not find an account associated with that activation code.

I tested this with two different email accounts and received the same message.

PHP Help Center - PHP Help and Security Testing.  :)


#7 doddsey_65

doddsey_65
  • Members
  • PipPipPip
  • Advanced Member
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 13 July 2013 - 01:00 PM

I should mention that the staging subdomain will reveal the errors as it is set as a development subdomain. This is just so people can be more descriptive if things do break. But the user error just refers to a missing variable assignment since the user doesn't exist.

 

As for the activation, those with a keen eye will notice the email points to the main website even if you registered on staging :P

I never planned to stage this project so never considered that.

 

Thanks


Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users