Please test my site.

[firblazer]

Please test my site:

 

http://www.blazarwebdesign.com/emart/final/index.php

 

Thanks.

[Coreye]

Set up a condition so only admins can see the admin CP link.

 

Payment Overview is vulnerable to XSS.

[firblazer]

Hi Coreye! Thanks for testing.

 

Could you elaborate XSS? I have googled XSS and it defines it as some form of attack which I don't understand.

 

How do I prevent XSS?

 

Thanks.

[NikkiLoveGod]

I don't know how to prevent XSS, as I havent read up on it yet, but your sites layout is kinda horrible. Too simple and "amateurish". And when you go into products, the layout breaks, using firefox 2. But meybe you aren't interested in the layuot but the technical stuff

 

Good going on the valid XHTML and CSS Though.

[darkfreaks]

Password type input with autocomplete

 

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.