peranha Posted March 1, 2008 Share Posted March 1, 2008 Test the site for anything that you want, not real good at security, so that is something that i would like tested. peranha.dyndns.org:8204 I am hosting on my home server, so be gentle. user test pass password Thanks for the help. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/ Share on other sites More sharing options...
MikeL Posted March 1, 2008 Share Posted March 1, 2008 <form action="dealer.php" method="post"> <select name="bsc_city" value='1'>City Name</option></select><input type="submit" name="city"> </form> there's no opening option tag on the city select form. if you didn't know that already Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480612 Share on other sites More sharing options...
peranha Posted March 1, 2008 Author Share Posted March 1, 2008 No, did not realize that, but got it fixed. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480620 Share on other sites More sharing options...
Coreye Posted March 1, 2008 Share Posted March 1, 2008 Cross Site Scripting: You can submit ">code when adding comments. Cross Site Scripting: You can submit ">code when creating a PM. SQL: http://mberanek.dyndns.org:8204/premess.php Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL: http://mberanek.dyndns.org:8204/delmess.php Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL: http://mberanek.dyndns.org:8204/delout.php Error in query: SELECT fromuser FROM bsc_msg_sent WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 You can send blank comments Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480622 Share on other sites More sharing options...
peranha Posted March 1, 2008 Author Share Posted March 1, 2008 Cross Site Scripting: You can submit ">code when adding comments. Cross Site Scripting: You can submit ">code when creating a PM. How can I fix this I will have to look into the comments, there is supposed to be a javascript to not allow empty fields. $_SESSION['messid'] = empty(htmlspecialchars($_GET['id'])) ? die ("<b class=red>Enter a message to delete</b>") : htmlspecialchars(mysql_real_escape_string(strip_tags($_GET['id']))); Will that work for the SQL part. Thanks for the replies. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480651 Share on other sites More sharing options...
peranha Posted March 1, 2008 Author Share Posted March 1, 2008 I believe the SQL is fixed. how do I check to see if there is anything in the post other than spaces. I see that you put spaces in, so it shows up blank. Also the cross site scripting, how is that fixed. This is my check for for the PM and comments //Check the form submission for errors function checkForm() { var subject = document.editform.subject; var post = document.editform.post; //Check to make sure post lengths are sensible if (subject.value.length < 2 && post.value.length < 2) { alert("This is a short post!" + " \n \n " + "We require that each post (and subject) \n" + "be at least 2 characters long. \n \n" + "Go back and try again."); return false; } else { if (subject.value.length < 2) { alert("We require that the subject \n" + "be at least 2 characters long. \n \n" + "Go back and try again."); return false; } else { if (post.value.length < 2) { alert("We require that each post \n" + "be at least 2 characters long. \n \n" + "Go back and try again."); return false; } else { return true; } } } } this is the code for PHP for empty strings. // Escape strings, and make sure they are filled in $subject = empty($_POST['subject']) ? die ("<b class=red>ERROR: Enter Subject</b>") : mysql_real_escape_string(strip_tags($_POST['subject'])); $comment = empty($_POST['post']) ? die ("<b class=red>ERROR: Enter a Comment</b>") : mysql_real_escape_string($_POST['post']); Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480673 Share on other sites More sharing options...
Coreye Posted March 1, 2008 Share Posted March 1, 2008 When you use http://www.mberanek.dyndns.org:8204/resetpass.php?u=' it logs you in as the username ' . SQL Error: http://www.mberanek.dyndns.org:8204/resetpass.php?u=/ Error in query: INSERT INTO bsc_pagevis (uservis, pagevis, ipadd, userbrows, date, time) VALUES ('\', '/resetpass.php', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12', '2008-03-01', '01:38:03'). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.1' at line 1 SQL: When your username contains ' it errors when you logout. Error in query: UPDATE bsc_users SET loggedin='NO' WHERE username = '''. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 The forgot email page comes in like this, The HTML doesn't render: Your password reset link <BR><BR>Click on the following link to reset your password <BR>http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683<BR><BR>Please do not reply to this email. For the other things you should ask for PHP support on that board. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-480768 Share on other sites More sharing options...
peranha Posted March 2, 2008 Author Share Posted March 2, 2008 Ok, I believe that all of Coreye's problems are fixed. Is there anything else. I see that you created a user with ">cor, is this a problem, or not. All HTML is stripped from the registration page. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-481410 Share on other sites More sharing options...
Coreye Posted March 2, 2008 Share Posted March 2, 2008 Ok, I believe that all of Coreye's problems are fixed. Is there anything else. I see that you created a user with ">cor, is this a problem, or not. All HTML is stripped from the registration page. I'm pretty sure it won't let you reset passwords when you have special characters in your username. If I registered using "><marquee>Corey my username becomes ">Corey. So when you do the forgot password page you get: Your password reset link Click on the following link to reset your password http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683db Please do not reply to this email. But you get an error saying: You have entered an invalid uniqueid and username. Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-481457 Share on other sites More sharing options...
peranha Posted March 3, 2008 Author Share Posted March 3, 2008 $rtags = array("<", ">", "'", '"', "?", "/", ":", ";", "{", "}", "[", "]", "(", ")"); I stripped out all these from the user name on registration and login, so your user name will not work again. I didnt take it out of password, since they are hashed anyway. Took < > " ' out of PM, and comments Link to comment https://forums.phpfreaks.com/topic/93787-please-test-and-let-me-know/#findComment-482070 Share on other sites More sharing options...
Recommended Posts