Operation Sports Forums - View Single Post - I built this website to export and view your league data on, suggestions?

XxYyZz · 04-08-2017, 07:42 PM

I was testing this and thought I check for vulns and put javascript in the name of a league, and it seems to have broke the league listing page, sorry! I tried to fix it by overwriting the alert function in another league name but it didn't help because its listed in the html as oldest to newest.

So if you delete the leagues starting with the empty name and up to the one called "TGM" you should fix it.

But you need to sanitize output for XSS vulnerability. Also your api domain is making developer stack trace exceptions exposing some details about the site (e.g. php framework type, web root).

again sorry I meant to test and report privately but it won't let me send a private msg to you on here with a new account.

04-08-2017, 07:42 PM	#76
XxYyZz Just started! OVR: 0 Join Date: Apr 2017	Re: I built this website to export and view your league data on, suggestions? I was testing this and thought I check for vulns and put javascript in the name of a league, and it seems to have broke the league listing page, sorry! I tried to fix it by overwriting the alert function in another league name but it didn't help because its listed in the html as oldest to newest. So if you delete the leagues starting with the empty name and up to the one called "TGM" you should fix it. But you need to sanitize output for XSS vulnerability. Also your api domain is making developer stack trace exceptions exposing some details about the site (e.g. php framework type, web root). again sorry I meant to test and report privately but it won't let me send a private msg to you on here with a new account.