Thread

Hello,

I was wondering if any of you could do me a huge favour and check my new website for security holes such as XSS, SQL Injections, the ability to post Javascript, etc. Basically, being able to do things you shouldn’t.

http://www.ocwars.com/v2/

I’m using CodeIgniter with Rapyd. I’m pretty sure Rapyd puts a cookie on your machine but it doesn’t log you in automatically as I always have to login after I close my browser. This is something I’m going to fix in future.

By the way, the application isn’t 100% finished. I’m coding the challenge area of the competition site at the moment, but I’ll be using the same style of coding I used for the other 80% of the site that is done.

Thanks.

Hi Kemik,

I just tried your site and the following error appeared?

An Error Was Encountered

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘*) as comcount FROM news AS n LEFT JOIN users AS u ON’ at line 1

SELECT n.*, u.user_name, u.country, count(c.*) as comcount FROM news AS n LEFT JOIN users AS u ON n.user_id = u.user_id LEFT JOIN comments AS c ON c.news_id = n.news_id WHERE published = ‘1’ ORDER BY datetime DESC LIMIT 0, 8

 

That is not good…

For production sites you should make sure you set error_reporting(0) - I do this in index.php - and also turn off db_debug in the database config file.  You don’t want users seeing that kind of stuff.

Opps. The topics been on here for a few days and you guys catch me when I make changes to my homepage. I was trying a new query so I can count the comments but couldn’t get it right so I left it over night and would try new queries in the morning.

After all the site isn’t live. EDIT: Fixed 😊