Coreye
Members-
Posts
537 -
Joined
-
Last visited
Everything posted by Coreye
-
Hi. My name is Corey. Welcome to PHPFreaks .
-
Code still executes. Add <SCRIPT>alert("XSS");</SCRIPT> and it will execute... but to everyone else it's fine. SQL Error: http://michaeld.co.uk/examples/calendar/phpAjax.php?do=GrabMonthEvents
-
It's vulnerable to XSS attacks.
-
Cross Site Scripting(XSS): http://www.kaboochie.com/login.php?game=1&error="><marquee><h1>test Cross Site Scripting(XSS): http://www.kaboochie.com/shops.php?game=1&error="><marquee><h1>test Full Path Disclosure On Submit: http://www.kaboochie.com/lost_pass.php Full path Disclosure: http://www.kaboochie.com/prompt.pro.php Full Path Disclosure: http://www.kaboochie.com/search.php Full Path Disclosure: http://www.kaboochie.com/login.pro.php Full Path Disclosure: http://www.kaboochie.com/feedback.php
-
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
People cannot register: People can also their own values to the drop down menu on the free agents page. You should also use PHP when validating the fields. http://happyhoursports.com/freeagents.php -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
Login doesn't work either. I registered with Username: testing and password: test and it says "Invalid username or password, Try Again!". This was before you deleted the account. I use function clean($str) { $str = stripslashes(strip_tags(htmlspecialchars($str, ENT_QUOTES))); return $str; } Darkfreaks posted some also. http://www.phpfreaks.com/forums/index.php/topic,230194.msg1066598.html#msg1066598 http://www.phpfreaks.com/forums/index.php/topic,230194.msg1066646.html#msg1066646 -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
Free agents doesn't work so you can't test it. Register is vulnerable to XSS attacks in all fields. http://happyhoursports.com/profile.php?userID=1018 -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
Which one? -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
It doesn't add new agents to that page even though it says it did. -
http://www.phpfreaks.com/forums/index.php/topic,215609.0.html.
-
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
Sanitize all user input. Cross Site Scripting(XSS): You can submit ">code when adding new free agents and it executes on the free agents page. http://happyhoursports.com/freeagents.php -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
Cross Site Scripting(XSS): http://happyhoursports.com/index.php?action=results&poll_id="><marquee><h1>test Cross Site Scripting(XSS): http://happyhoursports.com/members.php?psearch="><marquee><h1>test SQL Error: http://happyhoursports.com/index.php?action=results When you vote you get a SQL error. -
Testing and suggestions needed [social network]
Coreye replied to studgate's topic in Beta Test Your Stuff!
SQL error on registration: Full Path Disclosure: http://happyhoursports.com/user_blog.php?blogid=1&userid=1717871 Full Path Disclosure: http://happyhoursports.com/teams.php When you enter an event that doesn't exist you get redirected to http://happyhoursports.com/Eventslist.php which doesn't exist. http://happyhoursports.com/event.php?eventid=a When you enter a sponsor that doesn't exist you get redirected to http://happyhoursports.com/Sponsorlist.php which doesn't exist. http://happyhoursports.com/sponsor.php?sponsorID=a When you vote you get a SQL error. -
$add = "INSERT INTO `news` (`news`, `author`, `title`, `date`, `time`) VALUES ( '$news', '$author', '$title', '$date', '$time')"; Should be $add = "INSERT INTO `news` (`news`, `author`, `title`, `date`, `time`) VALUES ( '$news', '$uName', '$title', '$date', '$time')"; You're no longer defining $auther.
-
Cross Site Scripting(XSS): You can register with ">code in your username and it will execute after logging in. Cross Site Scripting(XSS): You can post news comments with ">code. Cross Site Scripting(XSS): http://www.mzbservices.com/search.php?s="><marquee><h1>Test Cross Site Scripting(XSS): http://www.mzbservices.com/search.php?cat="><marquee><h1>Test
-
Includes Directory: http://www.dealsadmin.co.cc/includes/ I registered but received no activation email.
-
The site doesn't load most of the time. Most likely a server problem though. Cross Site Scripting(XSS): http://www.mswiki.co.cc/index.php?w="><marquee><h1>Test Cross Site Scripting(XSS): http://www.mswiki.co.cc/edit.php?w="><marquee><h1>Test
-
Cross Site Scripting(XSS): You can submit ">code when adding users in the admin panel and it executes on adminusers.php. Cross Site Scripting(XSS): You can submit ">code when registering. Cross Site Scripting(XSS): You can submit ">code when using the forgot password page. Cross Site Scripting(XSS): You can submit ">code when adding the 'Error E-mail Address'. Cross Site Scripting(XSS): http://webid.freehostia.com/csseditor_.php?thestyle=%22%3E%3Cmarquee%3E%3Ch1%3Etest&sel=.container&from=\&color=border You can break files by inputting < into the input fields. http://webid.freehostia.com/admin/defaultcountry.php http://webid.freehostia.com/admin/membertypes.php You can view csseditor_.php with out being logged in as an admin. http://webid.freehostia.com/csseditor_.php?thestyle=themes/default/style.css&sel=.container&from=colors.php&color=border Includes Directory: http://webid.freehostia.com/includes/ When registering it says incorrect date format, even though it's correct. Full Path Disclosure: http://webid.freehostia.com/viewfaqs.php?cat
-
I tried to upload a .png image but it just says "Images can only be jpg,jpeg or png".
-
Use BBCode instead of allowing HTML.
-
Make sure your adding [] instead of just one [ at the end. I just tried them again and I'm getting errors.
-
Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewboard&board[] Full Path Disclosure: http://www.communitycouch.net/index.php?action=viewthread&board=2a&thread[] You can post blank posts and threads. You can reply to threads that don't exist.
-
BattleWall Video Game Social Networking. Beta test please?
Coreye replied to A2xA's topic in Beta Test Your Stuff!
What don't you understand? When you leave comments with a slash they stop appearing. -
BattleWall Video Game Social Networking. Beta test please?
Coreye replied to A2xA's topic in Beta Test Your Stuff!
When you leave comments with '\' it stops the other comments from showing. -
Full Path Disclosure: http://www.websnips.com/sitewidget/index.php/grab/check