My new site

[ethangk]

Hey,

I just finnished my site, its a pretty cool idea, i have a finnished version out, it just got out of beta, there might still be bugs though, there is room for improvement, i need to know all these thing  .

 

The URL is http://www.ekraze.co.uk/interlaced. Everything seems to be working fine on it, if its not, post on here or on it. Also, the reason its on a folder on another site, all the interlaced domains are taken so i need to think of a way around that, enjoy and thanks for your time.

 

Ethan

[reddavis999]

may i suggest you have a section on the site, preferably the first page, that explains what the site is, what it does and things like that. As a first time visitor to your site i was wondering, what the site is about? What am i signing up for? And what will a get from signing up.

 

Red

[ethangk]

Of course, gimme a min to do that, i probably should have done that before, its understandably confusing.

[ethangk]

Done

[source]

I found nothing security wise, good job.

[agentsteal]

Array:

http://www.ekraze.co.uk/interlaced/compose.php?title[]

 

Array:

http://www.ekraze.co.uk/interlaced/compose.php?to[]

 

Cross Site Scripting:

http://www.ekraze.co.uk/~divorce4/test.php?sub=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.ekraze.co.uk/~divorce4/test.php?t=<marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.ekraze.co.uk/interlaced/members.php?page=99999999999999999999

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/divorce4/public_html/ekraze.co.uk/interlaced/control.php on line 97

Sorry, our user base doesnt go that far

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/divorce4/public_html/ekraze.co.uk/interlaced/control.php on line 97

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/divorce4/public_html/ekraze.co.uk/interlaced/control.php on line 97

 

User Enumeration:

http://www.ekraze.co.uk/~divorce4

 

User Enumeration:

http://www.ekraze.co.uk/~root

[ethangk]

Woa, thanks for helping me find those holes, im suprised you found test.php, it wasnt on the same diretory and i had compeltely forgot about it.

 

Ethan

[ethangk]

Seemed to have fixed all those bugs and some others you didnt notice.

 

Thanks

 

Ethan

[SharkBait]

This is more of a nittpick thing but your site says:

It just came out of beta and is still undergoing development but is working fine.

 

So if it's out of beta. then why is it still undergoing development?

[ethangk]

Woopsie, thought i deleted the file with the XSS on, thanks. Also, its out of beta but still undergoing development because its complete, it all works but i keep adding new features to it, like yesterday i added a cool ajax topic subscription/ favourite system. Im gonna keep adding new features to it.

[JasonLewis]

can i just suggest defining the gaps between the users messages a bit more. bit more style to it cuz i really had to think where the message began and stuff. and it was really confusing. but other then that, it all looks nice.

[brent123456]

You may want to run a check to make sure that someone can't register with the same username and password I registered username:brent and password as the same.

[ethangk]

Umm, i dunno if i should do the check, its up to the user if they want to use the same username/password, its their account, i dont really wanna add too many restrictions to people, i want it to be their site. I didnt even code admin features, apart from a query debugger, to make everything fair between everyone. @ProjectFear, i have been making it darker, i dont want to make it too dark but i might add a <hr /> because a few people have complained. Ideally, i want people to be able to choose their own forum colours, like stuck topics colour, the alternating colours and the colours of topics, its all to come, i have some good plans for the site.