Gamebu

[doddsey_65]

http://gamebu.co.uk/phpfreaks.txt

 

Hi,

 

I have recently created http://www.gamebu.co.uk and would like some testing done before I add more features.

 

Gamebu is a site where you can play online games for free. Game types include Flash, Unity3D and HTML5.

 

I have a collection of over 1000 games so far from sites such as MochiGames, FreeOnlineGames and FlashGamesDistribution.

 

I would like to know if there are any security vulnerabilities and if everything works as expected (ie no dead links).

 

Thanks

Carl

[White_Lily]

Slight design flaw:

 

On the home page, at the bottom row of games you hover over them and a description for each game appears, however if you hover over the last one in the row you may notice (depending on screen size) that it gets partially cut off. my current screen size is 1366px in width and 768px in height.

[darkfreaks]

you have SQL Injection in  your input

 

 

suggest looking into  PHP PDO  to squash this.

[doddsey_65]

Care to mention which input?

[doddsey_65]

Just an update for you guys.

 

I have a few new features that have been implemented on the staging subdomain http://staging.gamebu.co.uk

 

The features include:

 

• User profiles
• Adding friends (from profiles)
• Activity timeline (of your friends)
• Internal comment system
• Session tracking (number of active users and guests)
• Newest users indicator (under "logo")
• Profile completion percentage (visit your profile for info)

 

If you could test these out and make sure everything is working I can begin deploying them to the live site.

 

Thanks

[Coreye]

Full Path Disclosure and Possible Database Field Leaks:

http://staging.gamebu.co.uk/user/test/

in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Template.php line 365

at Twig_Template->getAttribute(array('gender' => 'Unspecified'), 'username') in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Environment.php(320) : eval()'d code line 71

array(), 'users' => '0', 'guests' => '1', 'bots' => '0', 'newest_users' => array('data' => array(array('id' => '6', 'username' => 'Scott', 'location' => null, 'dob' => null, 'gender' => null), array(*DEEP NESTED ARRAY*)), 'pagination' => array('numbers' => array(*DEEP NESTED ARRAY*), 'total' => '1', 'pages' => '1')), 'app' => object(Application), 'currentPath' => '/user/test/'), array('javascript' => array(object(__TwigTemplate_7aa7a13f2a9aafd00efaae7720e1b51f), 'block_javascript'))) in /var/www/staging.gamebu.co.uk/releases/20130710194420/vendor/twig/twig/lib/Twig/Template.php line 133

I clicked the link given in the activation email and received this error:

Sorry, we could not find an account associated with that activation code.

I tested this with two different email accounts and received the same message.

[doddsey_65]

I should mention that the staging subdomain will reveal the errors as it is set as a development subdomain. This is just so people can be more descriptive if things do break. But the user error just refers to a missing variable assignment since the user doesn't exist.

 

As for the activation, those with a keen eye will notice the email points to the main website even if you registered on staging

I never planned to stage this project so never considered that.

 

Thanks