brent123456 Posted October 11, 2007 Share Posted October 11, 2007 I have finished the first draft of my site and I was hoping to have some members test it for me and report errors and such. My site is a site for garden seed trading with friends. It has quite a few features that need to be tested. The forums have not been added. I have added a "help & howtos" under the "About" menu if you need help using the site then you can check this page out for expected outputs for the site. It has help pictures and good information on how the site works. This is just the temp server that I have the site on and it will be moved to the permanent server after testing. Could you just test for errors and problems in the directory that the site is in and all files and folders within that directory. You can register a user and please test it out. If you have any suggestions feel free to offer them here. If you notice any layout issues I would like to hear about these as well. I am still pretty new to PHP so I am sure there will be errors/issues and I thank you for testing it out. If my server is slow I am sorry it is pretty crappy and I will be moving the site after testing. http://www.seedswaps.com Thanks. Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/ Share on other sites More sharing options...
agentsteal Posted October 11, 2007 Share Posted October 11, 2007 Cross Site Scripting: There is Cross Site Scripting on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=seedsofinterest if the Number of Seeds of Interest field contains code. Drop Down Menu: If you edit the Seed drop down menu on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest you can submit arbitrary values. Full Path Disclosure: There is Full Path Disclosure if you upload an invalid image. Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 207 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'uploaded_images/seed_images//1155c83c954a5752bd94b04cbc3f8a54.jpg' is not a valid JPEG file in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 207 Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 208 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 256 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'uploaded_images/seed_images//1155c83c954a5752bd94b04cbc3f8a54.jpg' is not a valid JPEG file in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 256 Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 257 Full Path Disclosure: There is Full Path Disclosure on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest if you set the Seed drop down menu to a negative number. Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processtrade.php on line 47 User Enumeration: http://www.brentmorine.com/~brentmor User Enumeration: http://www.brentmorine.com/~nobody User Enumeration: http://www.brentmorine.com/~root User Enumeration: http://www.seedswaps.com/~brentmor User Enumeration: http://www.seedswaps.com/~nobody User Enumeration: http://www.seedswaps.com/~root Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-366712 Share on other sites More sharing options...
Lukela Posted October 11, 2007 Share Posted October 11, 2007 ON the front page under the doggie picture you see this ""><marquee>test" both doggies =] Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-366879 Share on other sites More sharing options...
brent123456 Posted October 11, 2007 Author Share Posted October 11, 2007 Thanks steal. I am fixing some of the errors I am not sure how to edit a drop down box to change the values or how to fend against "User Enumeration" I will have to get some help. Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-367129 Share on other sites More sharing options...
brent123456 Posted October 11, 2007 Author Share Posted October 11, 2007 You can submit arbitrary values by editing the drop down menu on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest Fixed Full Path Disclosure if you upload an invalid image: Fixed Full Path Disclosure: If you request a trade and change the seed to a negative number by editing the drop down menu. Quote Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processtrade.php on line 47 Fixed Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-367396 Share on other sites More sharing options...
brent123456 Posted October 11, 2007 Author Share Posted October 11, 2007 http://www.brentmorine.com/seedswaps/site_pages/index.php?do=seedsofinterest is vulnerable to Cross Site Scripting if you submit code in the "Number of Seeds of Interest" field. Fixed Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-367480 Share on other sites More sharing options...
brent123456 Posted October 11, 2007 Author Share Posted October 11, 2007 I'm not sure what to do about the User Enumeration some of the links go to "Not Acceptable", some just to "Forbidden" and the others just load the page? I am not sure what it is that I need to fix? Please Help?? Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-367497 Share on other sites More sharing options...
d.shankar Posted October 14, 2007 Share Posted October 14, 2007 Full Path Disclosure http://www.seedswaps.com/serverpage.php?id=4 Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-369129 Share on other sites More sharing options...
brent123456 Posted October 14, 2007 Author Share Posted October 14, 2007 thanks man i will look into that Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-369458 Share on other sites More sharing options...
d.shankar Posted October 15, 2007 Share Posted October 15, 2007 I'm not sure what to do about the User Enumeration some of the links go to "Not Acceptable", some just to "Forbidden" and the others just load the page? I am not sure what it is that I need to fix? Please Help?? Me too very much curious about this. Hope agentsteal would help us. Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-369702 Share on other sites More sharing options...
d.shankar Posted October 15, 2007 Share Posted October 15, 2007 Thanks AS !! Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-369716 Share on other sites More sharing options...
brent123456 Posted October 15, 2007 Author Share Posted October 15, 2007 I guess if you don't have access to your httpd.conf file you have to contact your web hosting provider. Thanks for your help Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-369997 Share on other sites More sharing options...
phpSensei Posted October 20, 2007 Share Posted October 20, 2007 whats the username and password. Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-374226 Share on other sites More sharing options...
davidg80 Posted October 24, 2007 Share Posted October 24, 2007 from: Neohapsis You can compile Apache without UserDir, you can totally disable UserDir, or you can enable UserDir only for specific users e.g. UserDir public_html UserDir disabled UserDir enable 11a But since most users only have control of their websites through something like cPanel for the "Remote Username Enumeration Vulnerability" you make a custom 403 error page by copying your 404 error page. This will only seem to generate 404 errors and will only allow users with valid index pages to be identified. Link to comment https://forums.phpfreaks.com/topic/72704-need-site-testers-please/#findComment-376830 Share on other sites More sharing options...
Recommended Posts