avillanu Posted September 19, 2007 Share Posted September 19, 2007 Site: http://www.crawfordresearch.com/arcade/ This is one of my first PHP scripts, so please be forgiving. I would also highly appreciate it if you guys had any suggestions. Note: I know that users can vote multiple times, I'm working on a solution for this. Thanks Alex Link to comment https://forums.phpfreaks.com/topic/69951-please-test-the-beta-version-of-my-free-arcade-script/ Share on other sites More sharing options...
avillanu Posted September 19, 2007 Author Share Posted September 19, 2007 I forgot to mention that this script will be released for free and help small-time webmasters, so your contribution will help the good of humanity Link to comment https://forums.phpfreaks.com/topic/69951-please-test-the-beta-version-of-my-free-arcade-script/#findComment-351344 Share on other sites More sharing options...
agentsteal Posted September 20, 2007 Share Posted September 20, 2007 Cross Site Scripting: http://www.crawfordresearch.com/arcade/search.php?term=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains code. Drop Down Menu: If you edit the Rate drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.crawfordresearch.com/arcade/category.php Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/crawford/public_html/arcade/category.php on line 32 Full Path Disclosure: http://www.crawfordresearch.com/arcade/search.php?term[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/crawford/public_html/arcade/search.php on line 15 Null User: You can register a null username. User Enumeration: http://www.crawfordresearch.com/~crawford User Enumeration: http://www.crawfordresearch.com/~root Link to comment https://forums.phpfreaks.com/topic/69951-please-test-the-beta-version-of-my-free-arcade-script/#findComment-351517 Share on other sites More sharing options...
Recommended Posts