source

wrong. "If you're changing a variable name thats... pointless?"

I was not trying bash your work you attacked me first by calling me an "ass"... asking a question and getting called an ass and attacked shows something about you.

anyone with any programming skill will be able to figure out what the variable is for.

again: whats the point of this, instead of linking me to wikipedia which means NOTHING. because it still doesn't answer my question. WHAT IS THE POINT OF THIS: CHANGING A VARIABLE NAME?

I dont understand.. how would this be useful? If you're changing a variable name thats... pointless?

I know that I am not the first person to find this, because when I went to test my suspicsion, i realized someone added in echo "I hacked"; or w/e But incase they haven't told you: when logged in you can edit any page you want.

"Aquarium filtered 0 words in 0.01 seconds and found 0 bad words. Stats: 0 words per second, Warning: Division by zero in /home/groups/a/aq/aquarium-filter/htdocs/process.php on line 18 0% bad words. Filtered Text:" when I enter <"

secure your download file thing, make it so it checks what dir the file/s being downloaded from (as in, if they are downloading a file not from that dir die;)

strip_tags jagguy: what I meant is exactly what I said I can download any file off of your server. Does this look firmiliar? <?php error_reporting(E_ALL); // some basic sanity checks //connect to the db $link = mysql_connect("localhost", "jagguy_***edited****", "")or die("Could not connect: " . mysql_error()); // select our database mysql_select_db("jagguy_school") or die(mysql_error()); ?> ?? wow, running mysql with no password. as I said I can download any file off of your server ANY FILE. admin.php login2.php login.php sviewOutbox.php

roflmao @ agentsteal being marquee'd acrost stude_files!!!

uhh turn off JS and send a message, the code shows. I don't have time to mess with it that much becuase I know when I view the source I see the tag <small> and <marquee> in there.

1) Messages are vulnerable to code... while you think you're smart because you check it, you check it with javascript. which is teh ultimate fail. http://jagguy.ej.am/school/test/download2.php?file=../&path=files download any file on the site eh?

ok 1) the biggest security vuln you have without me looking at anything is putting our password in the url.... Please, use SESSIONS, NOT cookies, but SESSIONS AND NEVER, NEVER put VALUABLE INFO in the URL

I didnt find anything (tho I didnt look very hard this time, I will again later, busy with my own site)... One of the MOST annoying things was the "real" email thing, you lose all data if you dont enter a real email... and have to re-type to test it.

we can not test it 401 error (We need the password and username you have it protected.)

http://speaker219.ath.cx:8080/pastebin/paste.php?post=admin.php you're opening anything that is there, rfi. I can sign up with "><script>alert(1);</script> and it will xss... also, I can include any text file http://speaker219.ath.cx:8080/message/admin.php?hand=admin.php&view=true also, sending a message can contain anycode. I do not need to register, and I can login as anyone simply by changing http://speaker219.ath.cx:8080/message/admin.php?hand=source&view=true the value of $_GET['hand']; deleting all from IP I entered 1.1.1.1 and I got these errors Warning: file(<?php echo $h; ?>.txt) [function.file]: failed to open stream: No such file or directory in /opt/lampp/htdocs/message/test.php on line 12 Warning: Invalid argument supplied for foreach() in /opt/lampp/htdocs/message/test.php on line 20 It may be because I tried to change my hand=<?php echo "Shit"; ?> And somehow it fucked it all up. you're using txt files to store the data, :/ also,i can registere the same id over and over. " excuse me 74.******.*****.****** but can you stop trying to hack me " well what the "heck" do you want me to do? let someone else abuse your system?

http://speaker219.ath.cx:8080/message/admin.php?hand=%22%3E%3Cscript%3Ealert(1);%3C/script%3E xss

btw: I just tried to register the username Tester and p/w password and it said it worked... (Yeah I know you not to, but I couldn't resist.) roflmao now no one can login with tester cause I need to validate the account (but the email I used to reg was "password") xD

http://dreamshowstudios.net/forums/index.php?topic[] "Notice: Array to string conversion in /home/dreamsh/public_html/forums/Sources/QueryString.php on line 224" interesting.

wait a sec...... WHY the heck are you md5ing passwords and setting them to a cookie? that's dangerous... cookie stealer could have been made and stolen your cookie, then I would have cracked it and had your password.

Well using something like: $usern=stripslashes($usern); $usern=strip_tags($usern); $usern=mysql_real_escape_string($usern); etc (make it a function if you use it a lot) will filter the input and make it hard to xss/sql inject... Making an array and using str_replace($arrayvariable, " ", "$whattofilter") and also help if you dont want a couple different characters/words allowed (but can by bypassed) EDIT: goodnight.

Meh, you need to use stip tags... p.s. you deleted teh tester account :'( *source tears Agentsteal roflmao @ the iframe. xD

http://dreamshowstudios.net/members.php?&pg=-1

http://dreamshowstudios.net/h2/mod.php

your registeration system is BUGGED... it gave me email failed (or some error like that) yet the user still appears in the userlist, same thing with <script>alert("xss");</script> so limit the username length with php (server side) not something client side (htmL)