Coreye
Members-
Posts
537 -
Joined
-
Last visited
Everything posted by Coreye
-
Test for Custom Member System for Exploits! :)
Coreye replied to Lukeidiot's topic in Beta Test Your Stuff!
Cross Site Scripting (XSS): You can submit ">code when editing your profile and it will execute on the members list and when viewing profiles. -
Any body else getting redirected there when on the forums? <META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://xsaimex.net"> is in the code like 7 times...
-
What's the error they are getting?
-
You could do something like if(!is_numeric($_GET['id'])) { $_GET['id'] = '1'; /* Set the default ID to 1 if a non-numeric character is used. */ } or if(!is_numeric($id)) { $id = '1'; /* Set the default ID to 1 if a non-numeric character is used. */ } depending on the method you use. I also PMed you another security issue.
-
Cross Site Scripting (XSS): The 'Name' field is vulnerable to XSS attacks when editing a user's profile. Cross Site Scripting (XSS): The 'Website' field is vulnerable to XSS attacks when editing a user's profile. Cross Site Scripting (XSS): http://www.futurehost.org/search.php?q="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/index.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?action=compose&name="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?action=compose&subject="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/editprofile.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/main.php?note="><marquee><h1>test Full Path Disclosure: http://www.futurehost.org/profile.php?id=a
-
I don't see it. Do we have to login to see it? I viewed the source and there is no PHPFreaks.com profile link. It would be best if it was on the index.
-
Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/down.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/getartists.php?cat=Pop&sort[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/profile.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/befriend.php?friend[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/deletecomment.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/comments.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/friends.php?page[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/manageuploads.php?action[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/gallery.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/report.php?id[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/listfriends.php?view[] Full Path Disclosure: http://www.mybbmultiforums.com/mvinstall2/pages.php?page[]
-
Where?
-
Here's some information about it: http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html.
-
Seems to work now... it worked for a little bit earlier though also... then it started not working again.
-
I'm getting the same thing :/. It just started a few minutes ago. When you visit the "Google's Safe Browsing diagnostic page" from the link they give it says
-
People to test for security issues =)
Coreye replied to Twister1004's topic in Beta Test Your Stuff!
Cross Site Scripting(XSS): You can submit ">code in the username when registering and it executes after you login. Full Path Disclosure: http://twistablepie.servegame.com/cype/?cype=main&page=ranking&order=&job[] Full Path Disclosure: http://twistablepie.servegame.com/cype/sources/public/ranking.php Full Path Disclosure: http://twistablepie.servegame.com/cype/sources/public/news.php Full Path Disclosure: http://twistablepie.servegame.com/cype/sources/public/events.php Full Path Disclosure: When you press submit on http://twistablepie.servegame.com/cype/sources/public/register.php Full Path Disclosure: When you press submit on http://twistablepie.servegame.com/cype/sources/public/login.php Full Path Disclosure: http://twistablepie.servegame.com/cype/sources/public/members.php Full Path Disclosure: http://twistablepie.servegame.com/cype/?cype=main&page=members&name[] Full Path Disclosure: http://twistablepie.servegame.com/cype/?cype=main&page=news&id[] Full Path Disclosure: http://twistablepie.servegame.com/cype/sources/public/banned.php -
People to test for security issues =)
Coreye replied to Twister1004's topic in Beta Test Your Stuff!
Is the forum down on purpose or are you going to use third party software for it? -
When I made that post I didn't see any link to your profile on there. Either way, the above link is no longer active so this post can be marked as solved and locked.
-
Please read this thread: http://www.phpfreaks.com/forums/index.php/topic,232470.0.html.
-
It's kind of hard to critique a website when we don't know the link of the website you want us to look at.
-
Full Path Disclosure: http://testing.scriptingsource.com/admin/active.php?user[] Full Path Disclosure: http://testing.scriptingsource.com/admin/active.php?user=blocked&check[]
-
I use http://www.hyperspin.com and http://www.siteuptime.com. Both are pretty good.
-
From: http://www.phpfreaks.com/forums/index.php/topic,232470.0.html.
-
Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html. Thanks, Corey.
-
Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html. Thanks, Corey.
-
Cross Site Scripting(XSS): You can submit ">code when you register and and it will execute after you login. Cross Site Scripting(XSS): http://websiteconstructionteam.com/phptesting/mobile-social-networking/profile.php?user="><marquee><h1>test Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/newblog.php Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/newmsg.php?to= Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/inbox.php
-
Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html. Thanks, Corey.
-
Please test my site for problems I have missed
Coreye replied to ezyauctionz.co.nz's topic in Beta Test Your Stuff!
Do you have a test account we could use for testing purposes? -
Security Test. Test my Web Application.
Coreye replied to jandrox_ox's topic in Beta Test Your Stuff!
Please follow this post: http://www.phpfreaks.com/forums/index.php/topic,231599.0.html. Thanks, Corey.