JustinMs66@hotmail.com Posted March 15, 2008 Share Posted March 15, 2008 FragPegs.com has officially been released into a public beta. It has been through 9 months of coding by myself and a parter. It can be best described as a video game videos website :-). trailers, gameplay...etc. I would appreciate any feedback for it! Thanks, Justin http://FragPegs.com Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/ Share on other sites More sharing options...
Coreye Posted March 15, 2008 Share Posted March 15, 2008 Cross Site Scripting (XSS): http://fragpegs.com/search.php?s="><marquee><h1>test Cross Site Scripting (XSS): You can submit ">code when adding posts to the forum. Cross Site Scripting (XSS): You can submit ">code when adding comments to the forum. Cross Site Scripting (XSS): You can submit ">code when adding comments to the games. Cross Site Scripting (XSS): You can submit ">code when adding comments to user profiles. Cross Site Scripting (XSS): You can submit ">code when adding games. Cross Site Scripting (XSS): You can submit ">code when adding a AIM screen name to your profile. Cross Site Scripting (XSS): You can submit ">code when adding a MSN screen name to your profile. Cross Site Scripting (XSS): You can submit ">code when adding a YIM screen name to your profile. SQL: http://fragpegs.com/members/?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1 Full Path Disclosure: http://fragpegs.com/members/?page[] Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733 Full Path Disclosure: http://fragpegs.com/videos?page[] Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733 Full Path Disclosure: http://fragpegs.com/categories?page[] Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733 SQL: http://fragpegs.com/categories?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-14,7' at line 1 SQL: http://fragpegs.com/videos?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1 You can add blank forum posts. You can add blank comments. Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493005 Share on other sites More sharing options...
Coreye Posted March 15, 2008 Share Posted March 15, 2008 Full Path Disclosure and Table Information: http://fragpegs.com/posts Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fragpegs/public_html/functions.php on line 734 Table 'fragpegs_FragpegsVideos.0' doesn't exist SQL: http://fragpegs.com/clans?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1 SQL: http://fragpegs.com/notices?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1 Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493018 Share on other sites More sharing options...
JustinMs66@hotmail.com Posted March 15, 2008 Author Share Posted March 15, 2008 wow thanks for that guys! a lot of loopholes! im working on fixing them now, thanks again! also, you cant do '">code in posts. you can however do html code, which i allow, except i filter out <script> tags. maybe you could test that for an exploit? Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493031 Share on other sites More sharing options...
Coreye Posted March 15, 2008 Share Posted March 15, 2008 you can however do html code, which i allow, except i filter out <script> tags. maybe you could test that for an exploit? I would not allow users to do that. That's just bad for security. As you can see I added a redirect script. Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493040 Share on other sites More sharing options...
JustinMs66@hotmail.com Posted March 15, 2008 Author Share Posted March 15, 2008 ok i think i fixed all the bugs you created in your forum topics. i also took out the ability for html and created a new bbcode system, its much more secure. i really appreciate you help! thanks again, Justin. Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493087 Share on other sites More sharing options...
Dysan Posted March 16, 2008 Share Posted March 16, 2008 Good Day! I have just visited your site, and played one of your clan videos. Brilliant!, though the mute button doesn't work. Upon clicking the mute button, the video for some reason gets restarted? All in all. Site is not bad. Keep up the good work. Dysan Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-493673 Share on other sites More sharing options...
john010117 Posted March 19, 2008 Share Posted March 19, 2008 You have way too much scripts going on per page. I suggest you size it down. Link to comment https://forums.phpfreaks.com/topic/96305-fragpegscom-released/#findComment-495952 Share on other sites More sharing options...
Recommended Posts