miniport_owner Posted July 16, 2007 Share Posted July 16, 2007 Ok, so I've been making my own forum from scratch in PHP, Ive posted it lots of other places but I thought it was time to post it here. Note: forum is being rewriten because of people hacking Note2: Yu cannot login/register now as I am making the security on thos ebetter. but you can still post, etc. Hackers: Try your hardest to hack this please, and tell me if you do and how you did it. Now to the post. *Click Here For Beta Forum* Forum still being rewriten but you can still check out beta! ___Features___ ]Post ]Categories ]Create Topic ]Log in ]Register ]User List ]ACP (Admin Control Panel) ]User Panel ]5 Smiley's ]BB Code ]Avatars ]Sigy's ]Nice looking clickable smiley List ___Features To Come___ ]PM's - 50% ]MySql transition (switching from files to MySql) - 1% ]Need Suggestions! Some wip features may be on forum for testing. Please give criticism! Feature suggestions Please! History 12/7/7 - Released 12/7/7 - Added topic creation 12/7/7 - Added log in 12/7/7 - Fix some small bugs 12/7/7 - Added User List 12/7/7 - Added ACP 12/7/7 - Added User Panel 12/7/7 - Added smiley 12/7/7 - Added code 12/7/7 - Added Auto Line Break 12/7/7 - Added avatar function 12/7/7 - Made posts more neat 12/7/7 - Added more codes 12/7/7 - Fixed minor glitch 13/7/7 - Fixed major error 13/7/7 - Added sigy's 13/7/7 - Added demo acount 13/7/7 - Added grafix 16/7/7 - Added Clickable smiley list 16/7/7 - Made the clickable smiley list look better Please hack! ~MiniPort_Owner Aka: mini Link to comment Share on other sites More sharing options...
agentsteal Posted July 16, 2007 Share Posted July 16, 2007 Array: http://blokdudez.110mb.com/forum/show_cat.php?cat[] Array: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP[] Array: http://blokdudez.110mb.com/topic.php?topic[] Cross Site Scripting: http://blokdudez.110mb.com/forum/do_post.php?path=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/make_topic.php?path='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_cat.php?cat=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/topic.php?topic=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you post a topic that contains "code. Full Path Disclosure: http://blokdudez.110mb.com/forum/make_topic.php Warning: copy(/Topic/index.htm) [function.copy]: failed to open stream: No such file or directory in /www/110mb.com/b/l/o/k/d/u/d/e/blokdudez/htdocs/forum/bin/make_topic.php on line 19 Link to comment Share on other sites More sharing options...
miniport_owner Posted July 16, 2007 Author Share Posted July 16, 2007 Also XSS: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=<marquee> I know how to fix that, thanx http://blokdudez.110mb.com/forum/show_cat.php?cat[]=Test%20Forum%20Stuff%20Here Category Array does not exist or has been removed. I have no clue why it did that Did any1 notice any problem with security though? Link to comment Share on other sites More sharing options...
miniport_owner Posted July 17, 2007 Author Share Posted July 17, 2007 OK, sum1 hacked the forum and spammed it bad so I had to delete it and now I have to wait for my webhost to delete the spam! kk? Link to comment Share on other sites More sharing options...
miniport_owner Posted July 18, 2007 Author Share Posted July 18, 2007 Ok! Spam deleted! Plz try still to hack but dont totaly destroy it. Oh, and Iv added: -Encrypted passwords! -PMs! -Site statistics(bottom page)! -SESSIOn instead of Cookies! ~Miniport_owner Link to comment Share on other sites More sharing options...
source Posted July 19, 2007 Share Posted July 19, 2007 I registered the nick "<marquee>shit" and it works... http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=\%22%3E%3Cmarquee%3Eownd%20bitch omfg tooo many xss/holes... http://blokdudez.110mb.com/forum/make_topic.php?path=../../ path disclosure. messages == xssable... fix the holes then try again, and use DB instead of w/e you are currently doing. http://blokdudez.110mb.com/forum/show_post.php?cat=../../ Link to comment Share on other sites More sharing options...
LiamProductions Posted July 21, 2007 Share Posted July 21, 2007 Your forum would be too easy to spam. Link to comment Share on other sites More sharing options...
Recommended Posts