Jump to content

Coreye

Members
  • Posts

    537
  • Joined

  • Last visited

Everything posted by Coreye

  1. Cross Site Scripting (XSS): http://asimpleforum.co.uk/f/%3Ch1%3Etest The top right says I have 3 alerts, but http://asimpleforum.co.uk/user_centre#uc_alerts says "You have no alerts to display". When you click "Mark Read" for alerts you get this error: When you click "Delete" for alerts you get this error: You get the following error when you click "Board Settings": You get the following error when you click "Alert Settings": When I like a post it says "doddsey_65 likes this post". If I refresh it then says my username. Using certain characters in the title messes up the post: http://asimpleforum.co.uk/t/%26amp%3B+Test. Profiles do not save.
  2. Doesn't your hosting provider do monthly/weekly back ups?
  3. Cross Site Scripting (XSS): The "Messengers" fields in user profiles are vulnerable to XSS attacks. Error when reviewing requests: http://www.asimpleforum.co.uk/forum/user_center.php?m=requests Error when accepting friend requests: The icons next to thread titles are erroring: Error when you try to edit your profile: Profiles have an error when you select "AIM" as your messenger. Advance search has errors: http://www.asimpleforum.co.uk/forum/search.php When I try to login using the correct password on Chrome it just refreshes the page. If I register with the username I was trying to login with it'll log me in. http://www.asimpleforum.co.uk/forum/templates/default/icons/close.png is missing. http://www.asimpleforum.co.uk/forum/templates/default/icons/error.png is missing. Quick reply doesn't do anything in Chrome. Quick topic just keeps loading in Chrome. Pressing 'Post Feed' in user profiles doesn't do anything in Chrome.
  4. Cross Site Scripting (XSS): "Quick Reply" is vulnerable to XSS. Cross Site Scripting (XSS): The "Real name" field in user profiles is vulnerable to XSS. I get the below error when replying to threads: When you post on a profile feed it just keeps loading. I get the below error when using search:
  5. I get the blow error when trying to verify my email and when I go back to the index only the error appears.
  6. Cross Site Scripting Vulnerability: You don't sanitize usernames. I was able to include HTML in mine and it executes on the index. I get the below error when trying to post:
  7. Registration is broke. Same with login. http://www.asimpleforum.co.uk/forum/?view=ribbons Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://www.asimpleforum.co.uk/forum/?view=test
  8. SQL Error: If you're not logged in and you try to post on a user profile you get this error: Column 'post' cannot be null. SQL Error: http://www.ryanweekly.com/user/?p='
  9. Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://www.mafia-warriors.net/profiles.php?id[] The "Quote" field in preferences is vulnerable to XSS injections.
  10. Full Path Disclosure: (http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm) http://beckerfamily1.com/testing/forum/topics.php?f[]
  11. Your site is vulnerable to XSS injections.
  12. What have you tried and what exactly are you having trouble with?
  13. Full Path Disclosure: http://snow-report.us/somename/operations/account_created.php?passkey[]
  14. Cross Site Scripting (XSS): You can submit ">code in the subject field on the forum and it executes when viewing the forum index and the post. http://65.75.244.181/lolgaem/forum/forum.php?board=clint Cross Site Scripting (XSS): When viewing the chats messages file directly code executes. http://65.75.244.181/lolgaem/show-messages.php
  15. Merry Christmas and Happy New Year everyone.
  16. Not sure if you guys are aware of this or not... but when you use search you get an error.
  17. I thought this was pretty cool... Google renamed themselves to Topeka. http://googleblog.blogspot.com/2010/04/different-kind-of-company-name.html
  18. I tried that exact code and it echoed the submitted text for me.
  19. Change: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; To: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $message = $_POST['message']; $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $ip = $_SEVER['REMOTE_ADDR'];
  20. Full Path Disclosure: http://demo.media-script.com/index.php?action=game&id[] The activation email contains no link to click on.
  21. Full Path Disclosure: http://www.krazypickem.com/new_kp/core/includes/wide-variables.php Full Path Disclosure: http://www.krazypickem.com/new_kp/core/main.php
  22. You can still reply as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=9. SQL Error: http://dannyluked.comze.com/forum/view_topic.php?id=33 $_POST and $_GET variables can be edited easily.
  23. You can make topics as other users. Example: http://dannyluked.comze.com/forum/view_topic.php?id=21. You can reply to topics as other users. http://dannyluked.comze.com/forum/view_topic.php?id=5. Cross Site Scripting (XSS): http://dannyluked.comze.com/forum/view_topic.php?id=21. You can edit other users threads. Example: http://dannyluked.comze.com/forum/view_topic.php?id=8. You can make blank threads. You can make blank replies.
  24. I tried your code with special characters and it worked fine. What problems are you having with it?
  25. What problems are you having? Is the script erroring? Does it echo any thing out?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.