Satal Keto Posted September 29, 2008 Share Posted September 29, 2008 I run a small website which deals with programming and one of the things that I have produced is a hackable guestbook (XSS only). Basically you're able to choose the type of php filtering function is performed on the text to be displayed in the guestbook. This is primarily supposed to be for web developers to allow them to get a better understanding of what can be done against different php filtering functions, but obviously it can also be used by hackers who wish to practice their XSS in a safe and legal place where they can see what attack strings work against which functions. The posts made on the guestbook can only be viewed by the person who made the post, so there is no problem with people performing XSS against other people on my site. Anyway to the point of this thread. I have made this and I was wondering whether anyone would be willing to look at it and give feedback on it, whether it just be that they like the idea or something more in depth, like suggestions on ways to improve it. My website is at http://www.SatalKeto.co.uk, unfortunately you will need to create a login to use the XSS Area, but this is mostly to do with having a good method of ensuring that you're only going to view posts which you made. Then you need to click on "Security Areas" in the Navigation bar, then click on "XSS" which as long as you're logged in then you will be able to see a blank guestbook, that you can attack. The php filtering functions available are in a drop down box at the top of the page. Anway thank you to anyone who takes the time to look at it in advance Satal P.S. I know that especially the Security Area where the XSS area is listed, the layout isn't 100%, I do plan on fixing that, but I first want to see if people think that its worth keeping first (which I hope you do) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.