steviez Posted January 1, 2008 Share Posted January 1, 2008 Hi, I am developing a new file hosting script for my site and i need it beta tested so far please, It is no where near complete yet but i would like some feedback on the workings of the script and any errors you think are there. PLEASE DO NOT post any reference to the site url here as i don't want Google picking it up (looks unprofessional) Site Here: http://tinyurl.com/257xvg Thanks Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/ Share on other sites More sharing options...
trq Posted January 1, 2008 Share Posted January 1, 2008 When validating with w3c I get 67 errors, and basically the pge doesn't display at all well in opera. Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-427482 Share on other sites More sharing options...
Coreye Posted January 1, 2008 Share Posted January 1, 2008 Cross Site Scripting: You can use code in your name and it executes. Block your Admin directory. Also add some validation, any one can ban/unban. Your Admin CP has Cross Site Scripting vulnerabilities Block your includes directory. Your Admin CP is vulnerable to SQL injection. Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-427498 Share on other sites More sharing options...
steviez Posted January 1, 2008 Author Share Posted January 1, 2008 Has anyone messed with the system? after you guys beta testing my server wont respond? Thanks Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-427636 Share on other sites More sharing options...
agentsteal Posted January 2, 2008 Share Posted January 2, 2008 Admin Access: Anyone can access the admin panel. Array: http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php?action=unban&ip[] Cross Site Scripting: There is Cross Site Scripting on http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you register if your username contains </script>code. Directory Transversal: There is Directory Transversal if your username contains ../ Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/success.php.old Warning: main(uu_conlib.php) [function.main]: failed to open stream: No such file or directory in /var/www/html/projects/filehost/success.php.old on line 18 Fatal error: main() [function.require]: Failed opening required 'uu_conlib.php' (include_path='.:/usr/lib/php') in /var/www/html/projects/filehost/success.php.old on line 18 Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php /var/www/html/projects/fileho Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/admin/settings.php /var/www/html/projects/filehost/ Includes Directory: http://www.xxxxxxx.co.uk/projects/filehost/includes/ Insecure Cookie: You shouldn't put the username in the cookie. SQL Error: There is an SQL Error if you log in if the username contains ' Could not match data because You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd41d8cd98f00b204e9800998ecf8427e'' at line 1 If your username contains ' when you log in the page contains an MD5 of your password. Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-427681 Share on other sites More sharing options...
steviez Posted January 2, 2008 Author Share Posted January 2, 2008 Thanks for the info,please could you remove the site url from your posts, as i said in my first post i dont want google to index it Thanks Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-427723 Share on other sites More sharing options...
steviez Posted January 5, 2008 Author Share Posted January 5, 2008 Hi, I have fixed some of the problems mentioned to me, please could i ask you guys to re-check. Please do not post any reference to my site url on here Thanks Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-430864 Share on other sites More sharing options...
serverman Posted January 5, 2008 Share Posted January 5, 2008 i dont know if you are aware but all the pics other than logo are broken Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-430974 Share on other sites More sharing options...
steviez Posted January 5, 2008 Author Share Posted January 5, 2008 i dont know if you are aware but all the pics other than logo are broken Thanks for that, let me know if you find anymore Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-431131 Share on other sites More sharing options...
steviez Posted January 7, 2008 Author Share Posted January 7, 2008 Anymore bugs/suggestions? Link to comment https://forums.phpfreaks.com/topic/83999-please-test-for-bugs-so-far/#findComment-432960 Share on other sites More sharing options...
Recommended Posts