tutorial site check

[tutorialstuff]

Hello,

 

I just beta launched my new site www.tutorialstuff.com/ and would love if people would test it out and tell me what they think.

 

This is pretty much a PHP/MySQL driven site that I will be creating a custom CMS for soon.

 

Questions/comments on coding, speed, design are all appreciated.

 

 

[V34]

I did login using <marquee>

You could use htmlentities here.

Here you've forgot to change the font.

 

I get two different error messages in "Broken Link" - This and This.

 

Otherwise I think it's a very nice website. Like the look of it.

Good work.

 

 

[tutorialstuff]

Wow. You brought to my attention a couple things I've never seen before.

 

When you say you logged in using <marquee>, what does that mean? Is this a potential security risk?

 

Same question for htmlentities?

 

I will research both of these myself but I would like to hear what you have to say about it.

 

Thanks very much! - Mike

[V34]

Well I made a user called <marquee> which kind of spoiled up the Userbox in top-right corner. But none of the things I've mentioned have any security risk at all, otherwise I wouldn't have posted it in public.

 

When you print out $_GET[category] you should use: $gategory = htmlentities($_GET[category]);

This way < > are made to < > - But as said it doesn't have any security risk.

 

 

 

 

 

[tutorialstuff]

Thanks for the tips! I'm lacking in these little details!

 

Also, I checked out your website/blog and it looked pretty good, unfortunately I only speak English right now. I know I know.....stupid Americans!

[agentsteal]

Cross Site Scripting:

http://www.tutorialstuff.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.tutorialstuff.com/tutorial_category.php?category=<marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.tutorialstuff.com/cgi-sys/scgiwrap/

 

Full Path Disclosure:

http://www.tutorialstuff.com/?s

 

SQL Injection:

http://www.tutorialstuff.com/tutorial_display.php?id=100 AND 1=1

http://www.tutorialstuff.com/tutorial_display.php?id=100 AND 1=2

 

User Enumeration:

http://www.tutorialstuff.com/~tinymike

[tutorialstuff]

Any advice on preventing/fixing these kind of errors/attacks? I really appreciate the info you guys have been providing me. It's a developers worst nightmare to see their hard work tampered with.

 

-Mike

[tutorialstuff]

Am I in a whole world of security hurt with these issues? If so,what are some things I can do to fix these and or read up on these? I'm really freaking out now!!!!

[tutorialstuff]

What I've done for the time being is ad:

 

error_reporting(0);

 

is this a good idea or just a temporary fix to some of the problems?

[tutorialstuff]

hmmm I'm unable to find that directory/page in my remote directory view. Any idea on how to access it/block it?

[tutorialstuff]

Thanks! You really were freaking me out. I saw your IP addy of 67.81.3x.xxx in some of my stats logs and I thought I was getting hacked big time!

 

Any advice on how to fix the blind SQL injection? I ahven't found any useful info on that yet.

 

Also, do oyuh ave a site or portfolio of your work? I would be really interested to see what a person with your talent is capable of!

 

Thanks again - Mike

[tutorialstuff]

Any advice on how to fix the blind SQL injection? I ahven't found any useful info on that yet.

 

You could fix it by filtering the id to only allow numbers.

 

Do you mean in the Database?

[tutorialstuff]

I understand the theory I just don't understand where to implement it.

 

Should this be implemented in the database, server side, some where in the form or just create some sort of php function that checks this?

 

Thanks - Mike