firblazer Posted March 27, 2008 Share Posted March 27, 2008 Please test my site: http://www.blazarwebdesign.com/emart/final/index.php Thanks. Link to comment Share on other sites More sharing options...
Coreye Posted March 28, 2008 Share Posted March 28, 2008 Set up a condition so only admins can see the admin CP link. Payment Overview is vulnerable to XSS. Link to comment Share on other sites More sharing options...
firblazer Posted March 28, 2008 Author Share Posted March 28, 2008 Hi Coreye! Thanks for testing. Could you elaborate XSS? I have googled XSS and it defines it as some form of attack which I don't understand. How do I prevent XSS? Thanks. Link to comment Share on other sites More sharing options...
NikkiLoveGod Posted March 28, 2008 Share Posted March 28, 2008 I don't know how to prevent XSS, as I havent read up on it yet, but your sites layout is kinda horrible. Too simple and "amateurish". And when you go into products, the layout breaks, using firefox 2. But meybe you aren't interested in the layuot but the technical stuff Good going on the valid XHTML and CSS Though. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Password type input with autocomplete The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Link to comment Share on other sites More sharing options...
Recommended Posts