Http://www.rhmun.com

This is a site I made for RHMUN, please give any comments or concerns you have towards the site.

http://www.rhmun.com

You need to implement better input validation on the "Register.asp" page. It's Cross-Site Scriptable.

Lol I just got mass registered by someone....

By the way, is there anyway for me to set the page to only accept POSTs from my website? So cut off remote POSTs...

Yes, you can reduce the chance of remote POSTs by checking the Referrer header and making sure the value is from your site, but that won't prevent it completely as the Referrer header can be manipulated...I was the one that did the mass register and it was remote and I modified the referrer header...

Evil... xD
Anyway, try again, I researched a lot on the safety of the site. Took me a lot of work, I think it's safer now, even if there's still leaks, the page now records every ip that visits it...

Nope, the page is still vulnerable to an XSS attack.

If I were doing the site I would whitelist the acceptable input into those fields.

Can you please specify? I Googled "ASP whitelist" and got a bunch of irrelevant results.

It's not "ASP Whitelist" it's just whitelist.
It's basically an input validation technique that ensures only acceptable characters are allowed in the fields.

For example,
You would only allow characters a-z in the first name field.
You would only allow characters a-z, ' (apostrophe), and - (hyphen) in the last name field.
For a basic zip code you would only allow 5 digits in the zip code field.

This is whitelisting.

And the validation should be done on both the client and the server.

Hmmm great I worked on that. Any comments for the design?

Sorry, I don't do design, only security.

Hi;

I have visited your site and I think it look good.

Good luck to you.

Thank you. xD

in your Contact Us page, the mail addresses are n