Coreye Posted November 16, 2007 Share Posted November 16, 2007 Hey Guys, I need you to try and exploit this comment form. Username: demo Password: demo http://us.scriptscribes.net/site:Downloads/comments/1 Report Comment and Report User do not work yet. Thanks, Corey Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/ Share on other sites More sharing options...
Guardian-Mage Posted November 18, 2007 Share Posted November 18, 2007 I'm no expert, but it seems fairly secure to me Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/#findComment-394113 Share on other sites More sharing options...
Coreye Posted November 19, 2007 Author Share Posted November 19, 2007 I'm no expert, but it seems fairly secure to me Thanks. It looks like one of the things that's going to have to be added is word wrap to stop users from posting really long strings causing the text to leave the content area. Other then word wrap does anyone one have another suggestion that would help stop that? If any one finds any vulnerabilities let me know by posting here. Also if you have any suggestions on ways to improve the security of the form, or ways to improve the form in any way let me know. We plan on limiting how many times a user can leave comments, so that should stop flooding. Thanks, Corey Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/#findComment-394496 Share on other sites More sharing options...
Demonic Posted November 20, 2007 Share Posted November 20, 2007 then again you need to watch out for word tags when using word wrap. . Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/#findComment-395156 Share on other sites More sharing options...
Azu Posted November 20, 2007 Share Posted November 20, 2007 Don't limit the number of comments. Just make mandatory wait periods between comments. Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/#findComment-395192 Share on other sites More sharing options...
Guardian-Mage Posted November 21, 2007 Share Posted November 21, 2007 instead of using word wrap, try style="overflow:scroll" that works on divs why not on textareas? Link to comment https://forums.phpfreaks.com/topic/77586-comment-form-vulnerability-test/#findComment-396213 Share on other sites More sharing options...
Recommended Posts