Coreye
Members-
Posts
537 -
Joined
-
Last visited
Everything posted by Coreye
-
Cross Site Scripting (XSS): http://asimpleforum.co.uk/f/%3Ch1%3Etest The top right says I have 3 alerts, but http://asimpleforum.co.uk/user_centre#uc_alerts says "You have no alerts to display". When you click "Mark Read" for alerts you get this error: When you click "Delete" for alerts you get this error: You get the following error when you click "Board Settings": You get the following error when you click "Alert Settings": When I like a post it says "doddsey_65 likes this post". If I refresh it then says my username. Using certain characters in the title messes up the post: http://asimpleforum.co.uk/t/%26amp%3B+Test. Profiles do not save.
-
Doesn't your hosting provider do monthly/weekly back ups?
-
Cross Site Scripting (XSS): The "Messengers" fields in user profiles are vulnerable to XSS attacks. Error when reviewing requests: http://www.asimpleforum.co.uk/forum/user_center.php?m=requests Error when accepting friend requests: The icons next to thread titles are erroring: Error when you try to edit your profile: Profiles have an error when you select "AIM" as your messenger. Advance search has errors: http://www.asimpleforum.co.uk/forum/search.php When I try to login using the correct password on Chrome it just refreshes the page. If I register with the username I was trying to login with it'll log me in. http://www.asimpleforum.co.uk/forum/templates/default/icons/close.png is missing. http://www.asimpleforum.co.uk/forum/templates/default/icons/error.png is missing. Quick reply doesn't do anything in Chrome. Quick topic just keeps loading in Chrome. Pressing 'Post Feed' in user profiles doesn't do anything in Chrome.
-
Cross Site Scripting (XSS): "Quick Reply" is vulnerable to XSS. Cross Site Scripting (XSS): The "Real name" field in user profiles is vulnerable to XSS. I get the below error when replying to threads: When you post on a profile feed it just keeps loading. I get the below error when using search:
-
I get the blow error when trying to verify my email and when I go back to the index only the error appears.
-
Cross Site Scripting Vulnerability: You don't sanitize usernames. I was able to include HTML in mine and it executes on the index. I get the below error when trying to post:
-
Registration is broke. Same with login. http://www.asimpleforum.co.uk/forum/?view=ribbons Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://www.asimpleforum.co.uk/forum/?view=test
-
Is my site secure for users to register.
Coreye replied to ryanfilard's topic in Beta Test Your Stuff!
SQL Error: If you're not logged in and you try to post on a user profile you get this error: Column 'post' cannot be null. SQL Error: http://www.ryanweekly.com/user/?p=' -
Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://www.mafia-warriors.net/profiles.php?id[] The "Quote" field in preferences is vulnerable to XSS injections.
-
Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://beckerfamily1.com/testing/forum/topics.php?f[]
-
Your site is vulnerable to XSS injections.
-
What have you tried and what exactly are you having trouble with?
-
Hack my site and tell me my security holes.
Coreye replied to condoravenue's topic in Beta Test Your Stuff!
Full Path Disclosure: http://snow-report.us/somename/operations/account_created.php?passkey[] -
Cross Site Scripting (XSS): You can submit ">code in the subject field on the forum and it executes when viewing the forum index and the post. http://65.75.244.181/lolgaem/forum/forum.php?board=clint Cross Site Scripting (XSS): When viewing the chats messages file directly code executes. http://65.75.244.181/lolgaem/show-messages.php
-
Merry Christmas and Happy New Year everyone.
-
Not sure if you guys are aware of this or not... but when you use search you get an error.
-
I thought this was pretty cool... Google renamed themselves to Topeka. http://googleblog.blogspot.com/2010/04/different-kind-of-company-name.html
-
I tried that exact code and it echoed the submitted text for me.
-
Change: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; To: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $message = $_POST['message']; $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $ip = $_SEVER['REMOTE_ADDR'];
-
Full Path Disclosure: http://demo.media-script.com/index.php?action=game&id[] The activation email contains no link to click on.
-
Full Path Disclosure: http://www.krazypickem.com/new_kp/core/includes/wide-variables.php Full Path Disclosure: http://www.krazypickem.com/new_kp/core/main.php
-
You can still reply as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=9. SQL Error: http://dannyluked.comze.com/forum/view_topic.php?id=33 $_POST and $_GET variables can be edited easily.
-
You can make topics as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=21. You can reply to topics as other users. http://dannyluked.comze.com/forum/view_topic.php?id=5. Cross Site Scripting (XSS): http://dannyluked.comze.com/forum/view_topic.php?id=21. You can edit other users threads. Example: http://dannyluked.comze.com/forum/view_topic.php?id=8. You can make blank threads. You can make blank replies.
-
I tried your code with special characters and it worked fine. What problems are you having with it?
-
What problems are you having? Is the script erroring? Does it echo any thing out?