WeBid Bug Tracking

Changesets: Import 2015-04-01 09:08:10 Search ] Browse ] Back to Index ]
master 267b4ac6
Timestamp: 2014-03-28 14:41:40
Author: Bushstar
Details ] Diff ]
Fix XSS flaw in friend.php

To test this flaw enter the following for the friend's email. Then when it returns the error on the email address move the mouse over the email address field to activate.

sample%40email.tst" onmouseover=prompt(971889) bad="
mod - friend.php Diff ] File ]
master 9833d3fb
Timestamp: 2014-03-26 18:14:14
Author: Chris Dickenson
Details ] Diff ]
Merge pull request 0000047 from Bushstar/patch-1

Fix XSS bug
mod - browse.php Diff ] File ]
master 1e66c869
Timestamp: 2014-03-26 12:40:55
Author: Bushstar
Details ] Diff ]
Fix XSS bug

To test use the following on browse.php. I used Firefox to test without any anti script software.

browse.php?id=1&PAGE=3'%22()%26%25<ScRiPt%20>prompt(984815)</ScRiPt>
mod - browse.php Diff ] File ]
master a330cf61
Timestamp: 2014-03-16 10:03:55
Author: Chris Dickenson
Details ] Diff ]
Trying to get PDO to work

Not 100% sure these fixes work I know some dont, will update when we
have a solution
mod - admin/editadminuser.php Diff ] File ]
mod - admin/edituser.php Diff ] File ]
mod - admin/login.php Diff ] File ]
mod - adsearch.php Diff ] File ]
mod - bid.php Diff ] File ]
mod - browse.php Diff ] File ]
mod - cron.php Diff ] File ]
mod - edit_active_auction.php Diff ] File ]
mod - edit_data.php Diff ] File ]
mod - forgotpasswd.php Diff ] File ]
mod - includes/class_db_handle.php Diff ] File ]
mod - includes/functions_sell.php Diff ] File ]
mod - search.php Diff ] File ]
mod - sell.php Diff ] File ]
mod - sellsimilar.php Diff ] File ]
mod - user_login.php Diff ] File ]
master 88e5857a
Timestamp: 2014-03-12 20:58:55
Author: Chris Dickenson
Details ] Diff ]
Fixed logins
mod - admin/login.php Diff ] File ]
mod - bid.php Diff ] File ]
mod - buy_now.php Diff ] File ]
mod - feedback.php Diff ] File ]
mod - sell.php Diff ] File ]
mod - user_login.php Diff ] File ]
master c18f29ab
Timestamp: 2014-03-12 17:45:01
Author: Chris Dickenson
Details ] Diff ]
Added captcha audio files
add - inc/captcha/audio/.htaccess Diff ] File ]
add - inc/captcha/audio/EN/0.wav Diff ] File ]
add - inc/captcha/audio/EN/1.wav Diff ] File ]
add - inc/captcha/audio/EN/10.wav Diff ] File ]
add - inc/captcha/audio/EN/11.wav Diff ] File ]
add - inc/captcha/audio/EN/12.wav Diff ] File ]
add - inc/captcha/audio/EN/13.wav Diff ] File ]
add - inc/captcha/audio/EN/14.wav Diff ] File ]
add - inc/captcha/audio/EN/15.wav Diff ] File ]
add - inc/captcha/audio/EN/16.wav Diff ] File ]
add - inc/captcha/audio/EN/17.wav Diff ] File ]
add - inc/captcha/audio/EN/18.wav Diff ] File ]
add - inc/captcha/audio/EN/19.wav Diff ] File ]
add - inc/captcha/audio/EN/2.wav Diff ] File ]
add - inc/captcha/audio/EN/20.wav Diff ] File ]
add - inc/captcha/audio/EN/3.wav Diff ] File ]
add - inc/captcha/audio/EN/4.wav Diff ] File ]
add - inc/captcha/audio/EN/5.wav Diff ] File ]
add - inc/captcha/audio/EN/6.wav Diff ] File ]
add - inc/captcha/audio/EN/7.wav Diff ] File ]
add - inc/captcha/audio/EN/8.wav Diff ] File ]
add - inc/captcha/audio/EN/9.wav Diff ] File ]
add - inc/captcha/audio/EN/A.wav Diff ] File ]
add - inc/captcha/audio/EN/B.wav Diff ] File ]
add - inc/captcha/audio/EN/C.wav Diff ] File ]
add - inc/captcha/audio/EN/D.wav Diff ] File ]
add - inc/captcha/audio/EN/E.wav Diff ] File ]
add - inc/captcha/audio/EN/F.wav Diff ] File ]
add - inc/captcha/audio/EN/G.wav Diff ] File ]
add - inc/captcha/audio/EN/H.wav Diff ] File ]
add - inc/captcha/audio/EN/I.wav Diff ] File ]
add - inc/captcha/audio/EN/J.wav Diff ] File ]
add - inc/captcha/audio/EN/K.wav Diff ] File ]
add - inc/captcha/audio/EN/L.wav Diff ] File ]
add - inc/captcha/audio/EN/M.wav Diff ] File ]
add - inc/captcha/audio/EN/MINUS.wav Diff ] File ]
add - inc/captcha/audio/EN/N.wav Diff ] File ]
add - inc/captcha/audio/EN/O.wav Diff ] File ]
add - inc/captcha/audio/EN/P.wav Diff ] File ]
add - inc/captcha/audio/EN/PLUS.wav Diff ] File ]
add - inc/captcha/audio/EN/Q.wav Diff ] File ]
add - inc/captcha/audio/EN/R.wav Diff ] File ]
add - inc/captcha/audio/EN/S.wav Diff ] File ]
add - inc/captcha/audio/EN/T.wav Diff ] File ]
add - inc/captcha/audio/EN/TIMES.wav Diff ] File ]
add - inc/captcha/audio/EN/U.wav Diff ] File ]
add - inc/captcha/audio/EN/V.wav Diff ] File ]
add - inc/captcha/audio/EN/W.wav Diff ] File ]
add - inc/captcha/audio/EN/X.wav Diff ] File ]
add - inc/captcha/audio/EN/Y.wav Diff ] File ]
add - inc/captcha/audio/EN/Z.wav Diff ] File ]
add - inc/captcha/audio/EN/error.wav Diff ] File ]
mod - inc/captcha/securimage.php Diff ] File ]
<<  1 2 3


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker