thedarkwinter Posted October 16, 2007 Share Posted October 16, 2007 He guys Can you check out my site i'm working on at http://www.best-nights-out.com. I'm looking for any constructive criticism on design etc... but also security. Account security isn't really important cos i dont keep any personal details, but things like SQL injection.. (im backing up the DB now, so hack away ) cheers, tdw Link to comment Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 ... sorry, you dont need to set up an account username: testuser password: testpass Link to comment Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 ... and, sorry, i keep posting on my own post, i don't have I.E. does the js etc i've used work in IE, or is it messing it up? Link to comment Share on other sites More sharing options...
brent123456 Posted October 16, 2007 Share Posted October 16, 2007 When you sign up with a username with code look in the sidebar... http://www.best-nights-out.com/index.php?page=login Link to comment Share on other sites More sharing options...
thedarkwinter Posted October 16, 2007 Author Share Posted October 16, 2007 hehe, nice one!!! anything else? Link to comment Share on other sites More sharing options...
agentsteal Posted October 17, 2007 Share Posted October 17, 2007 Array: http://www.best-nights-out.com/index.php?page[] Cross Site Scripting: There is Cross Site Scripting if the genre field contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains '>code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the add drop down menus. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contains '>code. Directory Transversal: http://www.best-nights-out.com/index.php?page=src/mailer Drop Down Menu: If you edit the drop down menus in the header you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the add page you can submit arbitrary values. Drop Down Menu: If you edit the Favorite Music drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.best-nights-out.com/index.php?page=browse Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 67 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 73 Full Path Disclosure: http://www.best-nights-out.com/browse.php Fatal error: Call to undefined function db_lookup() in /home/michael/dev/bestnightsout/public_html/browse.php on line 5 Full Path Disclosure: http://www.best-nights-out.com/src/common.php Warning: include(./src/dbcommon.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 4 Warning: include() [function.include]: Failed opening './src/dbcommon.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 4 Warning: include(./src/htmldata.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 5 Warning: include() [function.include]: Failed opening './src/htmldata.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 5 Warning: include(./src/mailer.php) [function.include]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/src/common.php on line 6 Warning: include() [function.include]: Failed opening './src/mailer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/src/common.php on line 6 Fatal error: Call to undefined function db_connect() in /home/michael/dev/bestnightsout/public_html/src/common.php on line 23 Full Path Disclosure: http://www.best-nights-out.com/home.php Fatal error: Call to undefined function db_select() in /home/michael/dev/bestnightsout/public_html/home.php on line 4 Full Path Disclosure: http://www.best-nights-out.com/index.php?page=a Warning: include_once(a.php) [function.include-once]: failed to open stream: No such file or directory in /home/michael/dev/bestnightsout/public_html/index.php on line 15 Warning: include_once() [function.include]: Failed opening 'a.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/michael/dev/bestnightsout/public_html/index.php on line 15 Full Path Disclosure: http://www.best-nights-out.com/logout.php Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/michael/dev/bestnightsout/public_html/logout.php on line 5 Warning: Cannot modify header information - headers already sent by (output started at /home/michael/dev/bestnightsout/public_html/logout.php:5) in /home/michael/dev/bestnightsout/public_html/logout.php on line 7 Full Path Disclosure: There is Full Path Disclosure if you submit an invalid value in the Country drop down menu in the header. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 104 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/browse.php on line 108 Include Directory: http://www.best-nights-out.com/src/ PHP Source Code Disclosure: http://www.best-nights-out.com/src/common.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/contact.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/dbcommon.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/htmldata.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/java.js~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/any/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/alternative/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/dance_club/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/emo/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/goth/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/jazz/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/metal/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/pop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/punk/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/r&b_hip-hop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/reggae/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/rock/Style.css~ SQL Error: There is an SQL Error if you submit invalid values in the add drop down menus. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',0,0,'3','\'','\'','\'' at line 1 SQL Error: There is an SQL Error if you submit an invalid value in the Favorite Music field. there was an error updating the databaseYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',23373)' at line 1 Link to comment Share on other sites More sharing options...
thedarkwinter Posted October 17, 2007 Author Share Posted October 17, 2007 Thanks agentsteal A bit later i will try to figure out what all this means - but i can see that my site isn't very secure Link to comment Share on other sites More sharing options...
thedarkwinter Posted October 17, 2007 Author Share Posted October 17, 2007 Okay, so i reckon i've fixed all (or hopefully most) of that, you want to have another crack at it? cheers, tdw Link to comment Share on other sites More sharing options...
davidg80 Posted October 24, 2007 Share Posted October 24, 2007 Full Path Disclosure: http://www.best-nights-out.com/index.php?page=place&placeid=a Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 160 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 182 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/michael/dev/bestnightsout/public_html/place.php on line 202 Link to comment Share on other sites More sharing options...
Recommended Posts