eaglelegend Posted April 4, 2008 Share Posted April 4, 2008 Hey, My site is open for you to help me try it out and let me know of problems. I AM trying to have the site XHTML valid (was HTML) but in the process the site has gone from center, to the left of the page, any ideas? have a look here! Thanks, Mark Link to comment Share on other sites More sharing options...
Coreye Posted April 4, 2008 Share Posted April 4, 2008 Cross Site Scripting: You can submit ">code when registering. Full Path Disclosure: http://www.eaglelegend.com/arcade.php Warning: Cannot modify header information - headers already sent by (output started at /misc/39/000/171/334/2/user/web/eaglelegend.com/header.php:3) in /misc/39/000/171/334/2/user/web/eaglelegend.com/members.php on line 3 Full Path Disclosure: http://www.eaglelegend.com/bank/login.php Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /misc/39/000/171/334/2/user/web/eaglelegend.com/bank/login.php:3) in /misc/39/000/171/334/2/user/web/eaglelegend.com/bank/login.php on line 4 Warning: Cannot modify header information - headers already sent by (output started at /misc/39/000/171/334/2/user/web/eaglelegend.com/bank/login.php:3) in /misc/39/000/171/334/2/user/web/eagleleg Full Path Disclosure: http://www.eaglelegend.com/adopt.php Warning: Cannot modify header information - headers already sent by (output started at /misc/39/000/171/334/2/user/web/eaglelegend.com/header.php:3) in /misc/39/000/171/334/2/user/web/eaglelegend.com/members.php on line 3 Warning: Cannot modify header information - headers already sent by (output started at /misc/39/000/171/334/2/user/web/eaglelegend.com/header.php:3) in /misc/39/000/171/334/2/user/web/eaglelegend.com/adopt.php on line 64 Link to comment Share on other sites More sharing options...
eaglelegend Posted April 5, 2008 Author Share Posted April 5, 2008 ok, so anyone know anyway I can protect myself against XSS? Link to comment Share on other sites More sharing options...
unsider Posted April 6, 2008 Share Posted April 6, 2008 Read up on some security tutorials. Nice google search should get you all the info you need. Link to comment Share on other sites More sharing options...
eaglelegend Posted April 9, 2008 Author Share Posted April 9, 2008 Ok, I have fixed alot of problems it looks better and works/easier to understand. ok please feel free to carry on BETA testing thanks! Link to comment Share on other sites More sharing options...
phpcodec Posted April 10, 2008 Share Posted April 10, 2008 your site looks very much like this site http://www.kawaiipets.com/ and kawaii pets site is powered by iPetSite Pro Link to comment Share on other sites More sharing options...
eaglelegend Posted April 11, 2008 Author Share Posted April 11, 2008 yeah, their both from the man who I bought it from >_< never again, you dont get any help and half of the code was broken anyway, it was up to me to fix it, and greatfully the stuff thatI couldnt fix, guys here hadhelped me fix it thanks guys! Link to comment Share on other sites More sharing options...
MiCR0 Posted April 11, 2008 Share Posted April 11, 2008 function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; } Link to comment Share on other sites More sharing options...
eaglelegend Posted April 11, 2008 Author Share Posted April 11, 2008 errm can I help you? o.O Link to comment Share on other sites More sharing options...
MiCR0 Posted April 11, 2008 Share Posted April 11, 2008 ok, so anyone know anyway I can protect myself against XSS? Link to comment Share on other sites More sharing options...
eaglelegend Posted April 11, 2008 Author Share Posted April 11, 2008 ok thanks its an old topic sorry... Link to comment Share on other sites More sharing options...
Recommended Posts