Catching routing errors

[VacantStare]

This is for someone who works on coding this site. Please check this out.

User profile actions use different controller routes, which is ok, but routing errors inside each controller are not properly controlled and this can cause vulnerabilities.

For example, following a simple MVC pattern:

/Vacantstare

Something like

/defaultController/indexAction($username)

It goes to my profile, album section.

/Vacantstare/

This is not correctly routed. It logically will try to fetch

/vacantstareController/indexAction

Which obviously doesn't exist. This request should throw a 404, page not found, but the error is not catched, and throws a 500 server error because it can't find the controller.

The user id in the profile actions goes through an url variable, in two flavors:

/u/userid

/username

And the actions that exist in one, go 500 in the other, instead of at least a 404.

Any questions welcome if I didn't explain myself properly.

[VacantStare]

Hello? 3 days? Nobody from the tech team?

Does anyone here know what SQL injection is?

[pimp]

Hello, Our guys will look into it if anything needs to be done it will be applied, thanks for your report

[VacantStare]

I understand this issue is technical, and people want the site to have more features.

Let me be clear, pimp. Let's say I've been working on these things for quite a long time.

The underlaying application that makes this entire site work is badly designed, badly implemented and not tested at all. It plainly crashes the server in which it is running. It shouldn't even be in production.

Without any more info, as I can't read the server logs, it could be a critical bug. And "your guys" are not reading those logs either, probably because the app runs on an outsourced server noone oversees.

Thanks for the answer. Hope it is not a big issue.