liam1412 Posted April 17, 2007 Share Posted April 17, 2007 Hi My site has recently launched in the testing stages. Please let me know what you think any problems you encounter. www.klubdeutsch.com Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/ Share on other sites More sharing options...
JayLewis Posted April 18, 2007 Share Posted April 18, 2007 cant register Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/klubiyfn/public_html/register_func.php on line 75 Warning: Cannot modify header information - headers already sent by (output started at /home/klubiyfn/public_html/register_func.php:75) in /home/klubiyfn/public_html/register_func.php on line 98 Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-232074 Share on other sites More sharing options...
liam1412 Posted April 18, 2007 Author Share Posted April 18, 2007 SHould be sorted now. That's weird that coz I already fixed that issue once and it seems to have reappeared. You are registered tho. Its just the part where it was checking for existence of the username already but there was no exit so it registered you anyway. ta Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-232680 Share on other sites More sharing options...
obsidian Posted May 4, 2007 Share Posted May 4, 2007 Just an FYI... your forums are wide open to SQL injection... I was able to discover the name of your database and browse through some of your user information. Check your variables that you pass through the URL before you use it in a query!!! Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-245392 Share on other sites More sharing options...
agentsteal Posted May 4, 2007 Share Posted May 4, 2007 Admin Access: The SQL Injection in the forum reveals your password. Full Path Disclosure: http://www.klubdeutsch.com/view_topic.php Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/klubiyfn/public_html/view_topic.php on line 15 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/klubiyfn/public_html/view_topic.php on line 20 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/klubiyfn/public_html/view_topic.php on line 42 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/klubiyfn/public_html/view_topic.php on line 167 SQL injection: http://www.klubdeutsch.com/view_topic.php?topic_id=56 AND 1=1 http://www.klubdeutsch.com/view_topic.php?topic_id=56 AND 1=2 User Enumeration: http://www.klubdeutsch.com/~klubiyfn User Enumeration: http://www.klubdeutsch.com/~root Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-245740 Share on other sites More sharing options...
liam1412 Posted May 17, 2007 Author Share Posted May 17, 2007 Oh sh*t thats not good. Any ideas how I can remedy this. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-255951 Share on other sites More sharing options...
liam1412 Posted May 17, 2007 Author Share Posted May 17, 2007 Check your variables that you pass through the URL before you use it in a query!!! You mean re-clean every variable after it is passed through a url. Wow. thats some work. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-255952 Share on other sites More sharing options...
obsidian Posted May 18, 2007 Share Posted May 18, 2007 You mean re-clean every variable after it is passed through a url. Wow. thats some work. No, just make sure you know what you're expecting to receive through the query and be sure that what you receive actually matches. You need to do some sort of validation on every element that a user may have the ability to modify. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-256037 Share on other sites More sharing options...
john010117 Posted May 18, 2007 Share Posted May 18, 2007 For one, you can get started on mysql_real_escape_string(). But make sure to implement other features. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-256044 Share on other sites More sharing options...
liam1412 Posted May 18, 2007 Author Share Posted May 18, 2007 I see. Cheers obsidian. John - I use mysql_real_escape_string and htmlspecialchars to clean. is that not sufficient. Although I recently found out my host on a shared server has magic quotes on - does that make a difference. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-256101 Share on other sites More sharing options...
afaicb Posted May 18, 2007 Share Posted May 18, 2007 Very nice work. The only thing I found was when you visit a topic, the Reply-link is on the far right - outside everything else Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-256140 Share on other sites More sharing options...
liam1412 Posted May 18, 2007 Author Share Posted May 18, 2007 Very nice work. The only thing I found was when you visit a topic, the Reply-link is on the far right - outside everything else Smiley Hi Thanks for the comment. What browser is it you use. Link to comment https://forums.phpfreaks.com/topic/47323-testing-my-community-site/#findComment-256215 Share on other sites More sharing options...
Recommended Posts