helraizer Posted December 31, 2007 Share Posted December 31, 2007 Hi folks, I think it's pretty secure by now, from what I've learned. www.helraizer.co.uk/guestbook Please test it for me Sam Link to comment https://forums.phpfreaks.com/topic/83833-test-my-new-comments-page/ Share on other sites More sharing options...
agentsteal Posted December 31, 2007 Share Posted December 31, 2007 Cross Site Scripting: http://www.helraizer.co.uk/guestbook/ddgb1.php5/"><marquee><h1>vulnerable Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/config.php if the PHPSESSID cookie contains an invalid value. Warning: session_start() [function.session-start]: The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/ddgb-verify.php if the PHPSESSID cookie contains an invalid value. Warning: session_start() [function.session-start]: The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 37 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 38 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 39 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Link to comment https://forums.phpfreaks.com/topic/83833-test-my-new-comments-page/#findComment-426681 Share on other sites More sharing options...
Coreye Posted December 31, 2007 Share Posted December 31, 2007 It's easy to flood by pressing refresh. Might think about a new host. That one loads pretty slow. Link to comment https://forums.phpfreaks.com/topic/83833-test-my-new-comments-page/#findComment-426685 Share on other sites More sharing options...
helraizer Posted December 31, 2007 Author Share Posted December 31, 2007 Thanks for the replies. I've fixed the XSS problem, I will get working on solutions to the other problems in the new year. Happy New Year, by the way. Sam Link to comment https://forums.phpfreaks.com/topic/83833-test-my-new-comments-page/#findComment-426863 Share on other sites More sharing options...
Recommended Posts