Coreye

Includes Directory: http://tune.pk/includes/ Full Path Disclosure: http://tune.pk/includes/active.php Full Path Disclosure: http://tune.pk/includes/defined_links.php Full Path Disclosure: http://tune.pk/includes/modules.php Full Path Disclosure: http://tune.pk/includes/playerconfig/config.xml.php Full Path Disclosure: http://tune.pk/includes/templatelib/Template_Compiler.class.php Full Path Disclosure: http://tune.pk/includes/classes/TFile.php

Full Path Disclosure: http://www2.winmastergames.com:82/youdownload/yonderdowntest.php?url=http://www.youtube.com&site=youtube

Full Path Disclosure: http://www.trenttompkins.com/cap/ Use wordwrap so long single line posts don't stretch your pages.

SQL Error: http://www.wiuartinny.com/account.php?page Full Path Disclosure: http://www.wiuartinny.com/account.php?page[]

Cross Site Scripting: http://comfypage.com/index.php?content_id=ERROR&postback=Mailing+List&fsbb_key=47.7.6.25.85.24.311.8.38.7.861.25&1943d881309c75c136b9fe9a2=6b9fe9a2&d965bb3e18525b3a5f0c0d5b5=MTIwMDExMDU3OQ%3D%3D&mail=&list_email=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable&action=Subscribe#abc Array: http://comfypage.com/index.php?content_id=ERROR&postback=Mailing+List&fsbb_key=47.7.6.25.85.24.311.8.38.7.861.25&1943d881309c75c136b9fe9a2=6b9fe9a2&d965bb3e18525b3a5f0c0d5b5=MTIwMDExMDU3OQ%3D%3D&mail=&list_email[]

Cross Site Scripting: You can submit code when adding a new week. Cross Site Scripting: You can submit code in the email field and admin notes when registering. You can send blank emails using the contact form. Full Path Disclosure when registering with ' in the fields.

"If you want us to rate the script then you should post it on the critique forum." is what I said. You were not looking for help on the actual script and were looking for someone to to test your code. The beta test board is the correct board for that, I just didn't know what you were wanting because all you did was show the code.

Do you want us to test it? If so, you should add it to a website and post the link. If you want us to rate the script then you should post it on the critique forum.

Block this directory: http://vampirecity.cx-music.com/includes/ Block this directory: http://vampirecity.cx-music.com/games/ Block this directory: http://vampirecity.cx-music.com/games/includes/ Block this directory: http://vampirecity.cx-music.com/forum/includes/ Block this directory: http://vampirecity.cx-music.com/inc/ Full Path Disclosure: http://vampirecity.cx-music.com/games/includes/footer.php Full Path Disclosure: http://vampirecity.cx-music.com/includes/footer.php Cross Site Scripting: You can submit code in the subject and content when creating threads on the forum. Cross Site Scripting: You can submit code in the subject and content when creating posts on the forum. Cross Site Scripting: You can submit code in the subject and content when creating private messages. Cross Site Scripting: You can submit code in all fields when editing your profile. http://vampirecity.cx-music.com/profile/lol Cross Site Scripting: You can submit code when creating a coven. http://vampirecity.cx-music.com/coven/covensearch.php http://vampirecity.cx-music.com/covensimwith.php?u=lol Array: http://vampirecity.cx-music.com/covensimwith.php?u[] Array: http://vampirecity.cx-music.com/friendswith.php?u[] Array: http://vampirecity.cx-music.com/contest.php?contest[] You can read other users private messages when forwarding the message by changing the ID. http://vampirecity.cx-music.com/journalview.php?j=154 - Easy to flood by pressing refresh. Cross Site Scripting: You can submit code in the content when adding comments http://vampirecity.cx-music.com/journalview.php?j=154 Full Path Disclosure: http://vampirecity.cx-music.com/ShoppingCart.php SQL Error - Full Path Disclosure: http://vampirecity.cx-music.com/newusers.php?page=' Cross Site Scripting: You can submit code in both fields when adding a journal. http://vampirecity.cx-music.com/journal/lol

Thanks agentsteal. But yes please put XXXX for the links as I requested. Thanks again, Corey

You should post this on the "PHP Help" board. http://www.phpfreaks.com/forums/index.php/board,1.0.html

Hey guys, I need you to try and find vulnerabilities on this site; http://tinyurl.com/2tgrbe. Theirs many forms and other features to test. Let me know if you find anything. If you do find anything, please do XXXXX for the links. If you don't want to register you can use these. I would prefer you register and test that form for vulnerabilities as well as the rest of the site. Username: Demo Password: Demo Thanks, Corey

Theirs not much to test. If you want a "Website Critique" then you should post on this board; http://www.phpfreaks.com/forums/index.php/board,10.0.html.

You can submit blank entries on the contact form.

Yes.. Read this; http://www.securityspace.com/smysecure/catid.html?id=10766.

Remove and maybe someone will test it. That just gets annoying.

Block This directory; http://blconline.co.uk/inc/ Full Path Disclosure: http://blconline.co.uk/login/userinfo.blc Full Path Disclosure: http://blconline.co.uk/inc/right.blc Full Ptah Disclosure: http://blconline.co.uk/inc/footer.blc Full Ptah Disclosure: http://blconline.co.uk/inc/footer.blc

Full Path Disclosure: http://blconline.co.uk/adsys/banner.blc Block this directory; http://blconline.co.uk/adsys/.

Cross Site Scripting: When editing your profile you can submit code and it executes. http://blconline.co.uk/login/userinfo.blc?user=123456 Cross Site Scripting: http://blconline.co.uk/whois/index.blc?domain=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable&lookup=%3E%3E

Cross Site Scripting: You can use code in your name and it executes. Block your Admin directory. Also add some validation, any one can ban/unban. Your Admin CP has Cross Site Scripting vulnerabilities Block your includes directory. Your Admin CP is vulnerable to SQL injection.

It's easy to flood by pressing refresh. Might think about a new host. That one loads pretty slow.

You can delete and users still if you are not an admin. http://www.debianbox.net/sms/admin/deluser.php and http://www.debianbox.net/sms/admin/moduser.php. You also still need to block this directory; http://www.debianbox.net/sms/admin/. Theirs Cross Site Scripting when creating a new employee. Theirs Cross Site Scripting when searching for an Invoice Number.

Loads pretty fast here. Some images seem not to work though.

Read this; http://www.securityspace.com/smysecure/catid.html?id=10766.

What would cause this error; The line is: $core['XML'] = simplexml_load_file('./core/xml.php'); Heres the xml.php file: http://www.scriptscribes.net/projects/us/beta_1/user_system/core/xml.phps. Thanks, Corey