Coreye

Is there anyway to turn image verification off? I can't seem to register but would like to so I could test somethings.

Site has an error on profile page after entering code into fields.

Logging in with blank username.

No matter what you input on the "Password Recovery" page you get; .

Same thing with posts.

Nothing big really... But you can see board titles you don't have access to. http://nab.geekrack.net/index.php?act=viewforum&id=2.

This was in a file.

Not sure if this works... but shouldn't be accessible. http://nab.geekrack.net/ip.php.

Add index. http://nab.geekrack.net/sources/admin/

Add an index. http://nab.geekrack.net/functions/

Is it just me or are all the captchas the same? 6JFK and 6JFKW8. Maybe I need to clear my cache.

Still can't register. Just says http://nab.geekrack.net/index.php?act=viewforum&id=4&p=' http://nab.geekrack.net/index.php?act=viewforum&id=4&p=00 http://nab.geekrack.net/index.php?act=viewforum&id=b

Doesn't actually ban you. http://youcade.net/nab/index.php?act=viewforum&id=1%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null%20FROM%20blah

Hey, The captcha on the registration page doesn't seem to be working.

Hey, Thanks for the comments and suggestions. We could do drop down menus, but I really don't like those that much. I'm thinking of removing "Requested Features" from the main navigation and adding it to a smaller navigation under "Feature Request" like the image below.

Hey guys, I need opinions and suggestions on a open source user system website the I have been helping make. It's not all the way completed yet, but I would rather get suggestions and opinions now so we can add what's needed. What needs to be changed? What needs to be added? Is it easy to navigate? The link is; http://us.scriptscribes.net/site:Home. http://us.scriptscribes.net/ is NOT the website we are using. But http://us.scriptscribes.net/site:Home is. The site was designed to work best in FireFox and Internet Explorer 7.0. Thanks, Corey

Cross Site Scripting: http://us.scriptscribes.net/_<marquee>vulnerable User Enumeration: http://www.scriptscribes.net/~root/ User Enumeration: http://www.scriptscribes.net/~scriptsc/ User Enumeration http://www.scriptscribes.net/~nobody/ The full path disclosure for the acp is fixed. The cross site scripting flaw will be fixed once we add our new site and user enumeration will be fixed sometime tomorrow. Any one else find anymore security holes or vulnerabilities for the actual user system script it self? Thanks, Corey

Yeah every time I tried to access to the site today I got these errors;

Yeah that's the default account. It's not a bug. The admin account is for later use once we make the admin panel.

Hey, Basically I need you guys to find any security holes or vulnerabilities you can in an open source user system that I have been working on with another person. Right now it's just registration and login. Heres the demo link; http://www.scriptscribes.net/projects/us/user_system.php. Username: demo Password: demo Also, if you would like to download the actual script itself to test the installation feature for holes and/or to view the code you can get it at http://us.scriptscribes.net/demo.zip or http://us.scriptscribes.net/demo.rar. The script works best in FireFox. Thanks, Corey

Not really a security flaw, but when you type <?php and press enter it will show up blank, BUT then you enter something else and that will show up on the same line. You can login as <?php and it will be a blank username.

Hello, I was wondering if anyone can help me fix an error for PHPMyChat. The error happens in FireFox, it works fine in IE but many of my users use FireFox and many users are switching to FireFox. The error is this: Parse error: syntax error, unexpected T_CASE in /home/bestpre/public_html/chats/druw/messagesL.php3 on line 119 If any one could help me please I would greatly Appreciate it. The code is this: <?php // Get the names and values for vars sent by index.lib.php3 if (isset($HTTP_GET_VARS)) { while(list($name,$value) = each($HTTP_GET_VARS)) { $$name = $value; }; }; // Fix a security hole if (isset($L) && !is_dir('./localization/'.$L)) exit(); require("./config/config.lib.php3"); require("./localization/".$L."/localized.chat.php3"); require("./lib/database/".C_DB_TYPE.".lib.php3"); require("./lib/clean.lib.php3"); // Special cache instructions for IE5+ $CachePlus = ""; if (ereg("MSIE [56789]", (isset($HTTP_USER_AGENT)) ? $HTTP_USER_AGENT : getenv("HTTP_USER_AGENT"))) $CachePlus = ", pre-check=0, post-check=0, max-age=0"; $now = gmdate('D, d M Y H:i:s') . ' GMT'; header("Expires: $now"); header("Last-Modified: $now"); header("Cache-Control: no-cache, must-revalidate".$CachePlus); header("Pragma: no-cache"); header("Content-Type: text/html; charset=${Charset}"); // Avoid server configuration for magic quotes set_magic_quotes_runtime(0); // Translate to html special characters, and entities if message was sent with a latin 1 charset $Latin1 = ($Charset == "iso-8859-1"); function special_char($str,$lang,$slash_on) { $str = ($lang ? htmlentities(stripslashes($str)) : htmlspecialchars(stripslashes($str))); return ($slash_on ? addslashes($str) : $str); }; $DbLink = new DB; // ** Updates user info in connected users tables ** $DbLink->query("SELECT room,status FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1"); if($DbLink->num_rows() != 0) { // There is a row for the user in the users table list($room,$status) = $DbLink->next_record(); $DbLink->clean_results(); $kicked = 0; if ($room != stripslashes($R)) // Same nick in another room { $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1,1)."\")')"); $kicked = 3; } elseif ($status == "k") // Kicked by a moderator or the admin. { $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_KICKED, \"".special_char($U,$Latin1,1)."\")')"); $kicked = 1; } elseif ($status == "d") // The admin just deleted the room { $kicked = 2; } elseif ($status == "b") // Banished by a moderator or the admin. { $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1,1)."\")')"); $kicked = 4; }; if ($kicked > 0) { // Kick the user from the current room ?> <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript"> <!-- window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&E=$R&KICKED=${kicked}"); ?>'; // --> </SCRIPT> <?php $DbLink->close(); exit; }; // Updates the time to ensure the user won't be cleaned from the users table $DbLink->query("UPDATE ".C_USR_TBL." SET u_time = ".time()." WHERE room = '$R' AND username = '$U'"); } else { // User hasn't been found in the users table -> add a row $DbLink->clean_results(); $DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1"); $reguser = ($DbLink->num_rows() != 0); if ($reguser) list($perms, $rooms) = $DbLink->next_record(); $DbLink->clean_results(); // Get user status $status = "u"; if ($reguser) { switch ($perms) { case 'admin': $status = "a"; break; case 'admin': $status = "o"; break; case 'moderator': $roomsTab = explode(",",$rooms); for (reset($roomsTab); $room_name=current($roomsTab); next($roomsTab)) { if (strcasecmp(stripslashes($R), $room_name) == 0) { $status = "m"; break; case 'fmod': $roomsTab = explode(",",$rooms); for (reset($roomsTab); $room_name=current($roomsTab); next($roomsTab)) { if (strcasecmp(stripslashes($R), $room_name) == 0) { $status = "f"; break; case 'supermod': $roomsTab = explode(",",$rooms); for (reset($roomsTab); $room_name=current($roomsTab); next($roomsTab)) { if (strcasecmp(stripslashes($R), $room_name) == 0) { $status = "s"; break; }; }; default: $status = "r"; }; }; // Get IP address include("./lib/get_IP.lib.php3"); // Set the $IP var $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', ".time().", '$status', '$IP')"); }; // Text direction $textDirection = ($Charset == "windows-1256") ? "RTL" : "LTR"; // For translations with an explicit charset (not the 'x-user-defined' one) if (!isset($FontName)) $FontName = ""; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML dir="<?php echo($textDirection); ?>"> <HEAD> <TITLE>Messages frame</TITLE> <?php if ($D > 0) echo('<meta HTTP-EQUIV="Refresh" CONTENT="' . $D . '; URL=messagesL.php3?' . ((isset($QUERY_STRING)) ? $QUERY_STRING : getenv('QUERY_STRING')) . '">'); ?> <LINK REL="stylesheet" HREF="config/style.css.php3?<?php echo("Charset=${Charset}&medium=${FontSize}&FontName=${FontName}"); ?>" TYPE="text/css"> </HEAD> <BODY CLASS="mainframe" <?php if($O == 1) echo("onLoad=\"this.scrollTo(0,65000);\""); ?>> <?php // ** Get messages ** // Define the SQL query (depends on values for ignored users list and on whether to display // notification messages or not) $CondForQuery = ""; $IgnoreList = ""; if (isset($Ign)) $IgnoreList = "'".str_replace(",","','",addslashes(urldecode($Ign)))."'"; if ($NT == "0") $IgnoreList .= ($IgnoreList != "" ? ",":"")."'SYS enter','SYS exit'"; if ($IgnoreList != "") $CondForQuery = "username NOT IN (${IgnoreList}) AND "; $CondForQuery .= "(address = ' *' OR (address = '$U' AND (room = '$R' OR username = 'SYS inviteTo')) OR (room = '$R' AND (address = '' OR username = '$U')))"; $DbLink->query("SELECT m_time, username, latin1, address, message FROM ".C_MSG_TBL." WHERE ".$CondForQuery." ORDER BY m_time DESC LIMIT $N"); // Format and display new messages if($DbLink->num_rows() > 0) { $i = "1"; $today = date('j', time() + C_TMZ_OFFSET*60*60); $MessagesString = ""; while(list($Time, $User, $Latin1, $Dest, $Message) = $DbLink->next_record()) { // Skip the oldest message if the day seperator has been added if (isset($day_separator) && $i == $N) continue; $NewMsg = "<P CLASS=\"msg\">"; if ($ST == 1) $NewMsg .= "<SPAN CLASS=\"time\">".date("H:i:s", $Time + C_TMZ_OFFSET*60*60)."</SPAN> "; // "Standard" messages if (substr($User,0,4) != "SYS ") { $User = "<A HREF=\"#\" onClick=\"window.parent.userClick('".special_char($User,$Latin1,1)."',true); return false\" CLASS=\"sender\">".special_char($User,$Latin1,0)."</A>"; if ($Dest != "") $Dest = "]<BDO dir=\"${textDirection}\"></BDO>>[".htmlspecialchars(stripslashes($Dest)); $NewMsg .= "<B>[${User}${Dest}]<BDO dir=\"${textDirection}\"></BDO></B> $Message</P>"; } // "System" messages else { if ($Dest == " *") { $Message = "[".L_ANNOUNCE."]<BDO dir=\"${textDirection}\"></BDO> ".$Message; } else { if ($Dest != "") $NewMsg .= "<B><BDO dir=\"${textDirection}\"></BDO>>[".htmlspecialchars(stripslashes($Dest))."]<BDO dir=\"${textDirection}\"></BDO></B> "; $Message = str_replace("$","\\$",$Message); // avoid '$' chars in nick to be parsed bellow eval("\$Message = $Message;"); }; $NewMsg .= "<SPAN CLASS=\"notify\">".$Message."</SPAN></P>"; }; // Separator between messages sent before today and other ones if (!isset($day_separator) && date("j", $Time + C_TMZ_OFFSET*60*60) != $today) { $day_separator = "<P CLASS=\"msg\"><SPAN CLASS=\"notify\">--------- ".($O == 0 ? L_TODAY_UP : L_TODAY_DWN)." ---------</SPAN></P>"; }; if($O == 0) { $MessagesString .= ((isset($day_separator) && $day_separator != "") ? $day_separator."\n" : "").$NewMsg."\n"; } else { $MessagesString = $NewMsg.((isset($day_separator) && $day_separator != "") ? "\n".$day_separator : "")."\n".$MessagesString; }; if (isset($day_separator)) $day_separator = ""; // Today separator already printed $i++; }; echo($MessagesString); } else { echo("<SPAN CLASS=\"notify\">".L_NO_MSG."</SPAN>"); }; $DbLink->clean_results(); $DbLink->close(); ?> </BODY> </HTML> Thanks, Corey