clanstyles Posted January 5, 2008 Share Posted January 5, 2008 http://www.DebateATopic.com is now live as of 8:45 tonight! Test it out guys find bugs! Thanks! Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/ Share on other sites More sharing options...
john010117 Posted January 5, 2008 Share Posted January 5, 2008 The only bug I could find is vulnerability in the search engine. Enter this code: "><script>alert('hi')</script> into the engine, and it'll alert saying "hi". Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-430975 Share on other sites More sharing options...
clanstyles Posted January 5, 2008 Author Share Posted January 5, 2008 Not happening for me ... XD Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-430989 Share on other sites More sharing options...
stelthius Posted January 5, 2008 Share Posted January 5, 2008 Yup he is right i enterd it to and it braught it up, Enter this in the search : "><script>alert('hi')</script> Results Found: 1 "><script>alert('hi')</script> then click the result and you get this : Opinions Username: test Date: Jan 4, 2008 "><script>alert('hi')</script>, So what ever you did with your test user thats were your problem lies.. bit of bad coding maybe ? Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-431101 Share on other sites More sharing options...
agentsteal Posted January 5, 2008 Share Posted January 5, 2008 Cross Site Scripting: There is Cross Site Scripting if a debate's title contains code. Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-431169 Share on other sites More sharing options...
clanstyles Posted January 5, 2008 Author Share Posted January 5, 2008 Thanks agent steel. Anything else you can find? Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-431300 Share on other sites More sharing options...
Coreye Posted January 5, 2008 Share Posted January 5, 2008 You can submit blank entries on the contact form. Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-431367 Share on other sites More sharing options...
clanstyles Posted January 5, 2008 Author Share Posted January 5, 2008 Thx Corey, fixed I hate this contact form it has caused me so many problems.. Link to comment https://forums.phpfreaks.com/topic/84575-httpwwwdebateatopiccom-now-live/#findComment-431415 Share on other sites More sharing options...
Recommended Posts