Security update
Posted: Wed May 05, 2010 2:14 pm
This website is prone to XSS.
for example, if you create an account and go to the box for personal information. and you type there the following
It will add an extra button with javascript code behind it. This means that basically anyone can just create their own forms by using that field and can make them submit things that address the php code on the server side.
so basically what i'm saying is... you can get logins, usernames, passwords, email addresses, all that good stuff by simply writing your own form that runs on the client side, but speaks directly to the server side.
for example, if you create an account and go to the box for personal information. and you type there the following
Code: Select all
</textarea> <input type="button" value="clickme" onclick="javascript:alert('you clicked me');"/><textarea cols="60" rows="4" name="info">
so basically what i'm saying is... you can get logins, usernames, passwords, email addresses, all that good stuff by simply writing your own form that runs on the client side, but speaks directly to the server side.