Jump to content

Gift Pathways -- Track your family's gift exchange

benn600

By benn600
in Beta Test Your Stuff!

 Share

Recommended Posts

benn600 Member

benn600

Posted
Posted

Well, I created a PHP/MySQL site that I would like to tell everyone about.  It's called Gift Pathways:

http://giftpathways.com/

 

It lets users signup and create a group for their entire family/group.  Everyone then signs up and joins the same group.  Each person then has a wish list and can mark other people's items as purchased (secretly).  Plus, you can generate printable shopping lists, comment on items, add secret surprises, and much more.  Please let me know what you think!

 

I would appreciate help spreading the word because everyone I have personally told about it loves it.  My family is using it, too.  I told my co-worker and just a couple days later, his wife said it would be so cool if there was a site where you could put a wish list --- just like my site!  Well, honey, there is!  lol

 

I made two versions over about 2-3 weeks.  The first was just for my family and the second added public registration with groups to contain events.  I'm constantly expanding it but will even be more motivated with more users.  I want it to be USED!  Please tell your friends!

Coreye Member

Coreye

Posted
Posted

It sounds to me like you are advertising your website and you want people to critique it instead of testing the code. You should do that here; http://www.phpfreaks.com/forums/index.php/board,10.0.html.

 

Anyways some flaws are...

 

Your registration is vulnerable to cross site scripting.

 

Cross Site Scripting:

http://giftpathways.com/login.php/"><marquee><h1>vulnerable

 

SQL:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '>

vulnerable",0,0,0)' at line 1

 

Cross Site Scripting:

http://giftpathways.com/contact.php/"><marquee><h1>vulnerable

Coreye Member

Coreye

Posted
Posted

Theirs Cross Site Scripting when creating a group. You can submit "><marquee><h1>vulnerable into the fields and it will execute the code.

 

Cross Site Scripting:

http://giftpathways.com/item.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/message.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/profile.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/print.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/food.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/statistics.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/lockmembership.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/activity.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/invite.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://giftpathways.com/spread.php/"><marquee><h1>vulnerable

 

agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.giftpathways.com/wishlist.php?u[]

 

Cross Site Scripting:

http://www.giftpathways.com/wishlist.php?u=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/wishlist.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/spread.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/login.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

There is Cross Site Scripting if a group ID contains ">code.

 

Cross Site Scripting:

http://www.giftpathways.com/profile.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/item.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/print.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/statistics.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/groups.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/food.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/activity.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/spread.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/invite.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/lockmembership.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/contact.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain ">code.

 

Cross Site Scripting:

There is Cross Site Scripting if your username contains ">code.

 

Drop Down Menu:

If you edit the drop down menus on the group creation page you can submit arbitrary values.

 

SQL Error:

http://www.giftpathways.com/login.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"login"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/contact.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"contact"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/groups.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"groups"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/profile.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"contact"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/index.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/item.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"item"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/print.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"print"",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/statistics.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/food.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/lockmembership.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/activity.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/spread.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/invite.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""",0,0,0)' at line 1

 

SQL Error:

There is a SQL Error if the drop down menus on the group creation page contain invalid values.

Incorrect date value: 'a-a-a' for column 'groupEventDate' at row 1

 

SQL Error:

http://www.giftpathways.com/spread.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '",0,0,0)' at line 1

 

SQL Error:

http://www.giftpathways.com/wishlist.php?u='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',0)' at line 1

 

SQL Error:

http://www.giftpathways.com/wishlist.php?u=a

Unknown column 'a' in 'field list'

 

SQL Error:

http://www.giftpathways.com/wishlist.php/"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"wishlist"",40 AND 1=2,0,0)' at line 1
benn600 Member

benn600

Posted
  • Author
Posted

This is unbelievable and I'm outraged that Gift Pathways is so broken.

 

What can I do to help fix it?  It seems like there are two main problems:

 

1. Apache is accepting a connection to a specific file (index.php) even when there is a slash after the filename.

2. The quotes need to be replaced with &quote;

 

Would these two things fix most of these problems?  How can I remedy the first?  It seems very standard for you guys to tell me about all these problems so surely you have a moderately simple remedy for fixing them all!  Do you have a bot that collects all this information?

 

As far as "a" going to the date field on the group creation page, is it bad that I don't care that it gives a mysql error?  Honestly, that is only for the hackers.  What is the easiest way to check anyway in PHP?  How can I check to see if a date is valid in PHP?  Why should I?  The only advantage would be that if users enter an invalid date (Feburary 31).  So I wouldn't mind adding code here.  How do I see if a date is valid?  I have a good error scheme and it would be easy to add that in.

  • 6 months later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

User credentials are sent in clear text

 

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

Password type input with autocomplete enabled

 

 

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.