Review: PirateBB.Net

[-sky-]

Need Review for my site http://piratebb.net (DLE type)

-sky- Reviewed by -sky- on 16th Feb 2012. Review: PirateBB.Net Need Review for my site http://piratebb.net (DLE type) Rating: 5

[ZeloTypia]

The site looks good and clean but there's room for improvement.

First of all the logo, I like it but the big faded letters that says PIRATE was unnecessary in my opinion. Also the glow isn't vital and it isn't aligned with the rest of the containers.

Second is the navigation menu, I like the effects but on the section 'Category Menu' the list pops up above the actual icon so it becomes a bit annoying. It could just be because of my small screen.

Apart from that it looks good

[-sky-]

Thanks dude for the review

[dpain1]

I like the layout. Seems quick and the content looks great! Good luck with it!

dpain1

[NordicNode]

Code: 

The web application sent a persistent cookie.
The following scripts are vulnerable to a trivial form of XSRF:
- http://piratebb.net/
The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):
- The URL: http://piratebb.net/ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
An unidentified vulnerability was found at: "http://piratebb.net/", using HTTP method GET. The sent data was: "do=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&story=8710&subaction=3015". The modified parameter was "do".
An unidentified vulnerability was found at: "http://piratebb.net/", using HTTP method GET. The sent data was: "do=ZcqDelm&story=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&subaction=8182". The modified parameter was "story".
An unidentified vulnerability was found at: "http://piratebb.net/", using HTTP method GET. The sent data was: "do=kYvtSME&story=3125&subaction=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)". The modified parameter was "subaction".
The URL: http://piratebb.net/ is vulnerable to cross site request forgery.
The URL "http://piratebb.net/" has the following allowed methods, which include DAV methods: *, ACL, BASELINE_CONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL, POST, PROPFIND, PROPPATCH, REPLY, REPORT, RMDIR, SEARCH, SHOWMETHOD, SPACEJUMP, SUBSCRIBE, SUBSCRIPTIONS, TEXTSEARCH, TRACE, TRACK, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, VERSION_CONTROL.

Fixeth.