miniport_owner Posted July 16, 2007 Share Posted July 16, 2007 Ok, so I've been making my own forum from scratch in PHP, Ive posted it lots of other places but I thought it was time to post it here. Note: forum is being rewriten because of people hacking Note2: Yu cannot login/register now as I am making the security on thos ebetter. but you can still post, etc. Hackers: Try your hardest to hack this please, and tell me if you do and how you did it. Now to the post. *Click Here For Beta Forum* Forum still being rewriten but you can still check out beta! ___Features___ ]Post ]Categories ]Create Topic ]Log in ]Register ]User List ]ACP (Admin Control Panel) ]User Panel ]5 Smiley's ]BB Code ]Avatars ]Sigy's ]Nice looking clickable smiley List ___Features To Come___ ]PM's - 50% ]MySql transition (switching from files to MySql) - 1% ]Need Suggestions! Some wip features may be on forum for testing. Please give criticism! Feature suggestions Please! History 12/7/7 - Released 12/7/7 - Added topic creation 12/7/7 - Added log in 12/7/7 - Fix some small bugs 12/7/7 - Added User List 12/7/7 - Added ACP 12/7/7 - Added User Panel 12/7/7 - Added smiley 12/7/7 - Added code 12/7/7 - Added Auto Line Break 12/7/7 - Added avatar function 12/7/7 - Made posts more neat 12/7/7 - Added more codes 12/7/7 - Fixed minor glitch 13/7/7 - Fixed major error 13/7/7 - Added sigy's 13/7/7 - Added demo acount 13/7/7 - Added grafix 16/7/7 - Added Clickable smiley list 16/7/7 - Made the clickable smiley list look better Please hack! ~MiniPort_Owner Aka: mini Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/ Share on other sites More sharing options...
agentsteal Posted July 16, 2007 Share Posted July 16, 2007 Array: http://blokdudez.110mb.com/forum/show_cat.php?cat[] Array: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP[] Array: http://blokdudez.110mb.com/topic.php?topic[] Cross Site Scripting: http://blokdudez.110mb.com/forum/do_post.php?path=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/make_topic.php?path='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_cat.php?cat=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/topic.php?topic=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you post a topic that contains "code. Full Path Disclosure: http://blokdudez.110mb.com/forum/make_topic.php Warning: copy(/Topic/index.htm) [function.copy]: failed to open stream: No such file or directory in /www/110mb.com/b/l/o/k/d/u/d/e/blokdudez/htdocs/forum/bin/make_topic.php on line 19 Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-299701 Share on other sites More sharing options...
miniport_owner Posted July 16, 2007 Author Share Posted July 16, 2007 Also XSS: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=<marquee> I know how to fix that, thanx http://blokdudez.110mb.com/forum/show_cat.php?cat[]=Test%20Forum%20Stuff%20Here Category Array does not exist or has been removed. I have no clue why it did that Did any1 notice any problem with security though? Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-299710 Share on other sites More sharing options...
miniport_owner Posted July 17, 2007 Author Share Posted July 17, 2007 OK, sum1 hacked the forum and spammed it bad so I had to delete it and now I have to wait for my webhost to delete the spam! kk? Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-299946 Share on other sites More sharing options...
miniport_owner Posted July 18, 2007 Author Share Posted July 18, 2007 Ok! Spam deleted! Plz try still to hack but dont totaly destroy it. Oh, and Iv added: -Encrypted passwords! -PMs! -Site statistics(bottom page)! -SESSIOn instead of Cookies! ~Miniport_owner Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-301680 Share on other sites More sharing options...
source Posted July 19, 2007 Share Posted July 19, 2007 I registered the nick "<marquee>shit" and it works... http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=\%22%3E%3Cmarquee%3Eownd%20bitch omfg tooo many xss/holes... http://blokdudez.110mb.com/forum/make_topic.php?path=../../ path disclosure. messages == xssable... fix the holes then try again, and use DB instead of w/e you are currently doing. http://blokdudez.110mb.com/forum/show_post.php?cat=../../ Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-302062 Share on other sites More sharing options...
LiamProductions Posted July 21, 2007 Share Posted July 21, 2007 Your forum would be too easy to spam. Link to comment https://forums.phpfreaks.com/topic/60237-my-forum-from-scratch/#findComment-304321 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.