More things I found:
All accounts are created:
1. Before I thought you would just get that error and would not be registered. However, if you go back to the site, and login with the user/pass combo you registered with before the error, it will log you in. Leading me to believe that there was an error in the redirection/automatic loging in portion of the PHP code.
Possible XSS:
1. If you register with a name, like <script> alert("t") </script>, you'll get the error, but if you follow the steps I talked about above, it works. Though it doesn't show your name, the CSS is all off a bit, and at the top left there is a (" ';} "). (Note: I signed up with this account, so you can login with the username "<script> alert("t") </script>" and password "jill" if you'd like (without quotes, of course).)
2. On further inspection, in the source code, there is a welcome section in the HTML. It looks like this:
- Code: Select all
<td>
Welcome <b>Username</b>
</td>
However, when using the above username (<script> alert("t") </script>), the script tags will be added to the HTML, thus, making it look like this:
- Code: Select all
<td>
Welcome <b><script> alert("t") </script></b>
</td>
But, no message box ever appears, making it appear as if the Javascript isn't executed.
3. After realizing this, I got the idea to try to make a username with an <a href> tag, to see if I could use it as a link, it worked. (Username: <a href="www.asdf.com">t</a> Pass: jill). In fact, I could click on the link as well. However, it then attempted to take me to "
Edited out", kinda messing it up, but the fact that with some fancy coding XSS is still possible remains. But, they did implement a way to stop XSS... Sort of. You're only allowed to use 30 characters, making longer injections/possible links harder. And, every link is appended to "
Edited out", so it ruins that option too. I am certain though, that someone, with much more knowledge than me, could find a way around this.