Jump to content

Recommended Posts

Cross Site Scripting:

You can submit ">code when adding comments.

 

Cross Site Scripting:

You can submit ">code when creating a PM.

 

SQL:

http://mberanek.dyndns.org:8204/premess.php

Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL:

http://mberanek.dyndns.org:8204/delmess.php

Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL:

http://mberanek.dyndns.org:8204/delout.php

Error in query: SELECT fromuser FROM bsc_msg_sent WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

You can send blank comments

Cross Site Scripting:

You can submit ">code when adding comments.

 

Cross Site Scripting:

You can submit ">code when creating a PM.

 

 

How can I fix this

 

 

 

I will have to look into the comments, there is supposed to be a javascript to not allow empty fields.

 

$_SESSION['messid'] = empty(htmlspecialchars($_GET['id'])) ? die ("<b class=red>Enter a message to delete</b>") : htmlspecialchars(mysql_real_escape_string(strip_tags($_GET['id'])));

 

Will that work for the SQL part.

 

Thanks for the replies.

I believe the SQL is fixed.

 

how do I check to see if there is anything in the post other than spaces.  I see that you put spaces in, so it shows up blank.

 

Also the cross site scripting, how is that fixed.

 

This is my check for for the PM and comments

//Check the form submission for errors
function checkForm() {
        var subject = document.editform.subject;
        var post = document.editform.post;

        //Check to make sure post lengths are sensible

        if (subject.value.length < 2 && post.value.length < 2) {
                alert("This is a short post!" + " \n \n " +
                                "We require that each post (and subject) \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                return false;
        }
        else { if (subject.value.length < 2) {
                        alert("We require that the subject  \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                                return false;
                                }
                        else { if (post.value.length < 2) {
                        alert("We require that each post  \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                                return false;
                                }
                                else {
                                        return true;
                                }
                        }
        }
}

 

this is the code for PHP for empty strings.

 

// Escape strings, and make sure they are filled in
$subject = empty($_POST['subject']) ? die ("<b class=red>ERROR: Enter Subject</b>") : mysql_real_escape_string(strip_tags($_POST['subject']));
$comment = empty($_POST['post']) ? die ("<b class=red>ERROR: Enter a Comment</b>") : mysql_real_escape_string($_POST['post']);

When you use http://www.mberanek.dyndns.org:8204/resetpass.php?u=' it logs you in as the username ' .

 

SQL Error:

http://www.mberanek.dyndns.org:8204/resetpass.php?u=/

Error in query: INSERT INTO bsc_pagevis (uservis, pagevis, ipadd, userbrows, date, time) VALUES ('\', '/resetpass.php', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12', '2008-03-01', '01:38:03'). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.1' at line 1

 

SQL:

When your username contains ' it errors when you logout.

Error in query: UPDATE bsc_users SET loggedin='NO' WHERE username = '''. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

The forgot email page comes in like this, The HTML doesn't render:

Your password reset link <BR><BR>Click on the following link to reset

your password

<BR>http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683<BR><BR>Please do

not reply to this email.

 

For the other things you should ask for PHP support on that board.

Ok, I believe that all of Coreye's problems are fixed.  Is there anything else.

 

I see that you created a user with ">cor, is this a problem, or not.  All HTML is stripped from the registration page.

 

I'm pretty sure it won't let you reset passwords when you have special characters in your username. If I registered using "><marquee>Corey my username becomes ">Corey. So when you do the forgot password page you get:

 

Your password reset link

 

Click on the following link to reset your password

http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683db

 

Please do not reply to this email.

 

But you get an error saying: You have entered an invalid uniqueid and username.

$rtags = array("<", ">", "'", '"', "?", "/", ":", ";", "{", "}", "[", "]", "(", ")");

 

I stripped out all these from the user name on registration and login, so your user name will not work again.  I didnt take it out of password, since they are hashed anyway.

 

Took < > " ' out of PM, and comments

 

 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.