I need testers

Post by **Gogeta70** » 07 Dec 2009, 04:01

Hey guys. The user interface is nearly complete on my forum system and i'm going to need some testers for the following:

-Ease of use

I'm going to need you guys to comment on the user interface. How easy it is to use, what could be better, and what could be added to make it better.

-Bugs, glitches

I'll need extensive bug and vulnerability testing done. I want you guys to throw everything at it: SQL injections, xss, rfi/lfi, malformed input, etc, etc...
Keep in mind this doesn't mean my computer, it means the forum system only!

And of course, comments are welcome. Criticism, if any, should be polite.

Reply here if you're interested, i should have the user interface done in a week or less.

Edit:

Ok, testing is finally open! Here's the link:
http://g70net.com/forums/

Please register under a normal username, not something like "test" or "user" please. Thanks!

DrVirus · Post by **DrVirus** » 07 Dec 2009, 04:58

Sounds fun ! I wanna help. Though I don't know much about the attacks mentioned above but I would love to try

if anyone gives me a chance.

DrV

leetnigga · Post by **leetnigga** » 07 Dec 2009, 11:56

I can test the user interface. I'll take a shot at those other things too

Post by **Gogeta70** » 07 Dec 2009, 23:00

Ok, i've added a list of what is left to be done before testing begins. Check the main post for details.

P4, i know i'm pretty good about filtering input for xss and mysql, but even i can forget to filter input occasionally ^_^ that's why i have you guys to test it - so i can see what i forgot to filter, or what i didn't even know was vulnerable in the first place.

Post by **Gogeta70** » 08 Dec 2009, 10:31

Ok, testing should be opened later today, if not today, then definitely tomorrow. So far i only have 3 people up for testing this. Anyone else wanna join up?

I'm thinking of tweaking the registration function to allow you all to sign up as moderators so you can test all the moderator functions as well. What do you guys think?

Post by **Gogeta70** » 09 Dec 2009, 07:15

Ok guys, the forums are finally released for testing. The link is in the first post. With that said, give it your best shot guys!

leetnigga · Post by **leetnigga** » 09 Dec 2009, 09:14

Copyright © 2010 Adam Welch (Gogeta70)
This software is released under the GNU General Public License

Where can we find the source code?

When I try to log in with a username but no password I get the logged in user menu while I'm not actually logged in.

When I send a message to myself, I get the message that confirms it was sent, but my Inbox still displays a 0 after it. This is because you're sending the message after you output the menu with the message count. I'd advise separating the code from the layout entirely, but at the very least you'll want to send that message before displaying the HTML.

I can trigger an error that displays the path to your www folder:

http://g70net.com/forums/index.php?page ... le&uid[]=0

Code: Select all

Notice: Array to string conversion in C:\wamp\www\forums\functions.php on line 1782
Invalid user id.

HTML is not filtered from signatures.

Post by **Gogeta70** » 09 Dec 2009, 09:20

Well, i wasn't planning on releasing the source-code until the first official release of the forums (the administration part of the forums is almost non-existent), but i guess i can let you guys take a look

http://g70net.com/forums/src.zip

In the zip file there is also a database dump (dbsetup.sql) that you can import to phpmyadmin.

Feel free to comment on the source ^_^