thedarkwinter Posted October 16, 2007 Share Posted October 16, 2007 He guys Can you check out my site i'm working on at http://www.best-nights-out.com. I'm looking for any constructive criticism on design etc... but also security. Account security isn't really important cos i dont keep any personal details, but things like SQL injection.. (im backing up the DB now, so hack away ) cheers, tdw Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/ Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 ... sorry, you dont need to set up an account username: testuser password: testpass Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-370688 Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 ... and, sorry, i keep posting on my own post, i don't have I.E. does the js etc i've used work in IE, or is it messing it up? Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-370732 Share on other sites More sharing options...
brent123456 Posted October 16, 2007 Share Posted October 16, 2007 When you sign up with a username with code look in the sidebar... http://www.best-nights-out.com/index.php?page=login Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-370760 Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 hehe, nice one!!! anything else? Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-370768 Share on other sites More sharing options...
agentsteal Posted October 17, 2007 Share Posted October 17, 2007 Array: http://www.best-nights-out.com/index.php?page[] Cross Site Scripting: There is Cross Site Scripting if the genre field contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains '>code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the add drop down menus. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contains '>code. Directory Transversal: http://www.best-nights-out.com/index.php?page=src/mailer Drop Down Menu: If you edit the drop down menus in the header you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the add page you can submit arbitrary values. Drop Down Menu: If you edit the Favorite Music drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.best-nights-out.com/index.php?page=browse Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Full Path Disclosure: http://www.best-nights-out.com/browse.php Fatal error: Call to undefined function db_lookup() in /home/michael/dev/bestnightsout/public_html/browse.php on line 5 Full Path Disclosure: http://www.best-nights-out.com/src/common.php Warning: include(./src/dbcommon.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 4 Warning: include() [function.include]: Failed opening './src/dbcommon.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 4 Warning: include(./src/htmldata.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 5 Warning: include() [function.include]: Failed opening './src/htmldata.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 5 Warning: include(./src/mailer.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 6 Warning: include() [function.include]: Failed opening './src/mailer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 6 Fatal error: Call to undefined function db_connect() in /home/michael/dev/bestnightsout/public_html/src/common.php on line 23 Full Path Disclosure: http://www.best-nights-out.com/home.php Fatal error: Call to undefined function db_select() in /home/michael/dev/bestnightsout/public_html/home.php on line 4 Full Path Disclosure: http://www.best-nights-out.com/index.php?page=a Warning: include_once(a.php) [function.include-once]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/index.php on line 15 Warning: include_once() [function.include]: Failed opening 'a.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/index.php on line 15 Full Path Disclosure: http://www.best-nights-out.com/logout.php Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/michael/dev/bestnightsout/public_html/logout.php on line 5 Warning: Cannot modify header information - headers already sent by (output started at /home/michael/dev/bestnightsout/public_html/logout.php:5) in /home/michael/dev/bestnightsout/public_html/logout.php on line 7 Full Path Disclosure: There is Full Path Disclosure if you submit an invalid value in the Country drop down menu in the header. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 104 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 108 Include Directory: http://www.best-nights-out.com/src/ PHP Source Code Disclosure: http://www.best-nights-out.com/src/common.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/contact.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/dbcommon.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/htmldata.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/java.js~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/any/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/alternative/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/dance_club/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/emo/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/goth/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/jazz/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/metal/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/pop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/punk/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/r&b_hip-hop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/reggae/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/rock/Style.css~ SQL Error: There is an SQL Error if you submit invalid values in the add drop down menus. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',0,0,'3','\'','\'','\'' at line 1 SQL Error: There is an SQL Error if you submit an invalid value in the Favorite Music field. there was an error updating the databaseYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',23373)' at line 1 Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-371181 Share on other sites More sharing options...
thedarkwinter Posted October 17, 2007 Author Share Posted October 17, 2007 Thanks agentsteal A bit later i will try to figure out what all this means - but i can see that my site isn't very secure Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-371365 Share on other sites More sharing options...
thedarkwinter Posted October 17, 2007 Author Share Posted October 17, 2007 Okay, so i reckon i've fixed all (or hopefully most) of that, you want to have another crack at it? cheers, tdw Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-371960 Share on other sites More sharing options...
davidg80 Posted October 24, 2007 Share Posted October 24, 2007 Full Path Disclosure: http://www.best-nights-out.com/index.php?page=place&placeid=a Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 160 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 182 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 202 Link to comment https://forums.phpfreaks.com/topic/73480-pub-cataloging-site-im-working/#findComment-376840 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.