please test my site for security issues and bugs

[OkiAGr]

The site is online for 3 weeks now and I'm concerned about security, about any kind of injections or cross site scripting.

http://www.publidom.ro

Thank you

[Daniel0]

Well, your site doesn't work without Javascript. It just says

... ... Pagina se incarca ... ...

I don't know what that means.

 

It's a little hard navigating your site because I don't speak Romanian (well, I suppose it is Romanian since your site has the .ro TLD).

[OkiAGr]

oh yes "pagina se incarca" = loading

          adauga anunt = add your bargain

          cauta anunt  = search for bargain

          pagina de start = homepage.

 

I don't know how tot test it myself about injections. there are 4 forms with some strip unwanted char but I don't know if the code really works.

Thank you and sorry for requesting a review for a site in romanian but I can't have an opinion from a romanian because there are not such good forums around here.

[agentsteal]

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /hsphere/local/home/publidom/publidom.ro/crypt/cryptographp.fct.php on line 14

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /hsphere/local/home/publidom/publidom.ro/crypt/cryptographp.fct.php:14) in /hsphere/local/home/publidom/publidom.ro/crypt/cryptographp.fct.php on line 14

 

Full Path Disclosure:

There is Full Path Disclosure on multiple pages in http://www.publidom.ro/pages/.

 

Includes Directory:

http://www.publidom.ro/pages/

 

Log:

http://www.publidom.ro/error_log

[OkiAGr]

directory and files: blocked. full path disclosure fixed with ini_set('display_errors', 0).  (hope)  Thank you!