Jump to content

Please Test, and let me know

peranha

By peranha
in Beta Test Your Stuff!

 Share

Recommended Posts

peranha Regular Member

peranha

Posted
Posted

Test the site for anything that you want, not real good at security, so that is something that i would like tested. 

 

peranha.dyndns.org:8204

 

I am hosting on my home server, so be gentle.

 

user test

pass password

 

Thanks for the help.

Link to comment
Share on other sites
MikeL Newbie

MikeL

Posted
Posted 

<form action="dealer.php" method="post">
<select name="bsc_city" value='1'>City Name</option></select><input type="submit" name="city">
</form>

 

there's no opening option tag on the city select form. if you didn't know that already

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

Cross Site Scripting:

You can submit ">code when adding comments.

 

Cross Site Scripting:

You can submit ">code when creating a PM.

 

SQL:

http://mberanek.dyndns.org:8204/premess.php

Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL:

http://mberanek.dyndns.org:8204/delmess.php

Error in query: SELECT touser FROM bsc_msg_inbox WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL:

http://mberanek.dyndns.org:8204/delout.php

Error in query: SELECT fromuser FROM bsc_msg_sent WHERE boxid = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

You can send blank comments

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
  • Author
Posted

Cross Site Scripting:

You can submit ">code when adding comments.

 

Cross Site Scripting:

You can submit ">code when creating a PM.

 

 

How can I fix this

 

 

 

I will have to look into the comments, there is supposed to be a javascript to not allow empty fields.

 

$_SESSION['messid'] = empty(htmlspecialchars($_GET['id'])) ? die ("<b class=red>Enter a message to delete</b>") : htmlspecialchars(mysql_real_escape_string(strip_tags($_GET['id'])));

 

Will that work for the SQL part.

 

Thanks for the replies.

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
  • Author
Posted

I believe the SQL is fixed.

 

how do I check to see if there is anything in the post other than spaces.  I see that you put spaces in, so it shows up blank.

 

Also the cross site scripting, how is that fixed.

 

This is my check for for the PM and comments

//Check the form submission for errors
function checkForm() {
        var subject = document.editform.subject;
        var post = document.editform.post;

        //Check to make sure post lengths are sensible

        if (subject.value.length < 2 && post.value.length < 2) {
                alert("This is a short post!" + " \n \n " +
                                "We require that each post (and subject) \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                return false;
        }
        else { if (subject.value.length < 2) {
                        alert("We require that the subject  \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                                return false;
                                }
                        else { if (post.value.length < 2) {
                        alert("We require that each post  \n" +
                                "be at least 2 characters long. \n \n" +
                                "Go back and try again.");
                                return false;
                                }
                                else {
                                        return true;
                                }
                        }
        }
}

 

this is the code for PHP for empty strings.

 

// Escape strings, and make sure they are filled in
$subject = empty($_POST['subject']) ? die ("<b class=red>ERROR: Enter Subject</b>") : mysql_real_escape_string(strip_tags($_POST['subject']));
$comment = empty($_POST['post']) ? die ("<b class=red>ERROR: Enter a Comment</b>") : mysql_real_escape_string($_POST['post']);

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

When you use http://www.mberanek.dyndns.org:8204/resetpass.php?u=' it logs you in as the username ' .

 

SQL Error:

http://www.mberanek.dyndns.org:8204/resetpass.php?u=/

Error in query: INSERT INTO bsc_pagevis (uservis, pagevis, ipadd, userbrows, date, time) VALUES ('\', '/resetpass.php', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12', '2008-03-01', '01:38:03'). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'XX.XXX.XXX.XXX', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.1' at line 1

 

SQL:

When your username contains ' it errors when you logout.

Error in query: UPDATE bsc_users SET loggedin='NO' WHERE username = '''. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

The forgot email page comes in like this, The HTML doesn't render:

Your password reset link <BR><BR>Click on the following link to reset

your password

<BR>http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683<BR><BR>Please do

not reply to this email.

 

For the other things you should ask for PHP support on that board.

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

Ok, I believe that all of Coreye's problems are fixed.  Is there anything else.

 

I see that you created a user with ">cor, is this a problem, or not.  All HTML is stripped from the registration page.

 

I'm pretty sure it won't let you reset passwords when you have special characters in your username. If I registered using "><marquee>Corey my username becomes ">Corey. So when you do the forgot password page you get:

 

Your password reset link

 

Click on the following link to reset your password

http://mberanek.dyndns.org:8204/resetpass.php?u=\">Corey&passkey=0d228f524b5e77e54c6ef38b3a5e0831b9e683db

 

Please do not reply to this email.

 

But you get an error saying: You have entered an invalid uniqueid and username.

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
  • Author
Posted 

$rtags = array("<", ">", "'", '"', "?", "/", ":", ";", "{", "}", "[", "]", "(", ")");

 

I stripped out all these from the user name on registration and login, so your user name will not work again.  I didnt take it out of password, since they are hashed anyway.

 

Took < > " ' out of PM, and comments

 

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.