clanstyles Posted November 19, 2007 Share Posted November 19, 2007 My site http://debateatopic.com has the login system finished. I was wondering if you guys could beta test what I have so far. I don't think there are any bugs but, if there are Please, let me know! I will do the "Posting" next. Thanks. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/ Share on other sites More sharing options...
jbingman Posted November 19, 2007 Share Posted November 19, 2007 theres a spelling error during registration...it says "youw will be redirected..." the login and verification seem to work fine...the code is pretty much instant. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394310 Share on other sites More sharing options...
agentsteal Posted November 19, 2007 Share Posted November 19, 2007 Cross Site Scripting: http://www.debateatopic.com/verification/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the Contact Us page if the drop down menu contains ">code. Cross Site Scripting: There is Cross Site Scripting on the Contact Us page if the fields contain ">code. Drop Down Menu: If you edit the drop down menu on the Contact Us page you can submit arbitrary values. Full Path Disclosure: http://www.debateatopic.com/?module=categories&cat[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.query.php on line 297 Full Path Disclosure: http://www.debateatopic.com/?module=verification&vid[] Warning: htmlentities() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/pages/page.verification.php on line 86 Full Path Disclosure: http://www.debateatopic.com/download Warning: include(includes/pages/page.error.php) [function.include]: failed to open stream: Permission denied in /home/.beowulf/debateatopic/debateatopic.com/index.php on line 71 Warning: include() [function.include]: Failed opening 'includes/pages/page.error.php' for inclusion (include_path='.:/usr/local/php5/lib/php:/usr/local/lib/php') in /home/.beowulf/debateatopic/debateatopic.com/index.php on line 71 Full Path Disclosure: There is Full Path Disclosure if the login cookie is an array. Warning: unserialize() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.user.php on line 35 Warning: unserialize() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.user.php on line 35 Warning: unserialize() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.user.php on line 35 Warning: unserialize() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.user.php on line 35 Warning: unserialize() expects parameter 1 to be string, array given in /home/.beowulf/debateatopic/debateatopic.com/includes/class.user.php on line 35 Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is an array. Warning: mysql_real_escape_string(): 8 is not a valid MySQL-Link resource in /home/.beowulf/debateatopic/debateatopic.com/includes/class.query.php on line 297 Warning: mysql_real_escape_string(): 8 is not a valid MySQL-Link resource in /home/.beowulf/debateatopic/debateatopic.com/includes/class.query.php on line 297 Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/.beowulf/debateatopic/debateatopic.com/index.php on line 3 Includes Directory: http://www.debateatopic.com/includes/pages/ Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394627 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 Yeah I wasn't finished completely with this page lol. Dropdown's you shouldn't be able to edit though.. I checked there values with in_array. Ill finish that now. But agent steel, what ever you did on the verify page, changed something in the database, All the users Verification ID's are now the same. What did you do? -- Nice wow great find on verify page. How can I block that? As of right now i have html_entities going. But it still prints it out as you see and allows you to run it.. Thank You Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394634 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 I think I fixed them all. Please test again. Thank You Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394636 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 Why? Whats not fixed sir? Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394639 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 Go agent steel! Dam ! Download is geting removed , it was temporary. Its just a site im geting made. I was bored and wanted to make that lol. Hum how do you stop arrays? and if!(is_array($value)) ?? And that permission error was me setting the new permissions for pages and all the files in it. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394644 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 Okay I got ALL the errors so far! Common bring more at me Agent Steel! <3 Agent! Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394646 Share on other sites More sharing options...
clanstyles Posted November 19, 2007 Author Share Posted November 19, 2007 The Contact Us page still isn't fixed if one of the fields is left blank. Okay now try please lol Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-394649 Share on other sites More sharing options...
clanstyles Posted November 20, 2007 Author Share Posted November 20, 2007 Hey, could you please test it now. I don't think I have anything left vaulnerable. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-395297 Share on other sites More sharing options...
Coreye Posted November 20, 2007 Share Posted November 20, 2007 This isn't a vulnerability just a bug, but when you have 6 characters for your password when registering it says you don't. It also says "click here>" on the redirect link after registering. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-395308 Share on other sites More sharing options...
clanstyles Posted November 20, 2007 Author Share Posted November 20, 2007 Ahh Thank You for that ill fix that now. And I dont know if you guys can help me with this but, on Internet Exploerer 7 ( new one ). The Register Page and Login Page's <h3 class-"heading">headinginfo</h3> and then the div layer that makes etha tcool box are differn't there is a big space between them. But, on the contact page it showse up 100% fine. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-395311 Share on other sites More sharing options...
Coreye Posted November 20, 2007 Share Posted November 20, 2007 You can still send blank comments on the contact form. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-395338 Share on other sites More sharing options...
clanstyles Posted November 21, 2007 Author Share Posted November 21, 2007 Ahh! I think I got it now lol Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-395591 Share on other sites More sharing options...
clanstyles Posted December 7, 2007 Author Share Posted December 7, 2007 hey! its been a while. I've added a lot more security precautions and added some features. Please check it for bugs. thank you Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-408665 Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability Vulnerability description This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. Attack details Current version is mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2 Unknown How to fix this vulnerability Upgrade mod_ssl to the latest version. Link to comment https://forums.phpfreaks.com/topic/77898-please-beta-test-this/#findComment-585818 Share on other sites More sharing options...
Recommended Posts