quick guestbook script I wrote

interpim · January 15, 2008

Hi all... can anyone shoot through my code and give me some pointers on how to improve this guestbook script?

interpim · January 15, 2008

well... it wouldn't let me edit my post, but I wanted to clarify that the blue line to the left of the input boxes etc. is the CSS block where my navigation to the rest of my site is held... I left it out on purpose for the test script.

agentsteal · January 15, 2008

Cross Site Scripting:

http://www.interpim.com/testme/index.php?page=<marquee><h1>vulnerable</marquee>

Cross Site Scripting:

There is Cross Site Scripting when you sign the guestbook if the fields contain code.

interpim · January 15, 2008

ok... how do i prevent that?

tibberous · January 15, 2008

It only let me make one post, but if you are not using wordwrap you should. That captcha is one of the worst I've ever seen - the background makes it very hard to read, while adding no security.

See, differentiating between colors is something that only gives people trouble - all it would take to strip out the background is a simple black and white filter with 0 tolerance.

Sign In

quick guestbook script I wrote

Recommended Posts

interpim

Link to comment

Share on other sites

interpim

Link to comment

Share on other sites

agentsteal

Link to comment

Share on other sites

interpim

Link to comment

Share on other sites

tibberous

Link to comment

Share on other sites

Browse

Activity

Important Information