source

on forgotpass.php I think ' or '1'='1 may send the password to the first user, however I can not check... it does not give errors (so I assume it does)

http://dreamshowstudios.net/viewpic.php?pic=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

1) xss in the soutbox 2) http://dreamshowstudios.net/h2/ 3) messages are vulnerable to xss 4) xss in the edit profile fields.

http://www.php.net/manual/en/function.mysql-escape-string.php

destroy the session is the solution http://www.php.net/manual/en/function.session-destroy.php

you can register with the same email (THis would cause login problems...) you login with the email.

read my 1St post I edited it to include some possible methods. yeah you can just make it if ($something ... $blah blah) { die; }

lol @ agentsteal. i was being sarcastic. XD (Oh, and thanks I've never thought of that, nor knew it was possible)

@agentsteal nah man, you're finding stuff I miss in my tests... $var=strip_tags($var); $var=mysql_real_escape_string($var); using those two functions should alleviate any problems with xss/sql (Not saying that that's all you need.) oh p.s. @AndyB won't happen again... but it wasn't that bad.

http://www.sinisa.milicevici.com/real_estate/admin/admin.php I know you try to be 1337 and re-direct us, but I am 1337'er and use the stop button (or I could have used a program etc..) So what I am saying is the admin area isn't secure. (Oh, and to prove a point I deleted a user.. sorry) To fix this just set a $_SESSION['admin']; or something with they login, and when someone visits the page do a check... for that session == a username, or alterative make it a field in the table "admin" and add yes next to your username.. etc.. also: xss http://www.sinisa.milicevici.com/real_estate/details.php?id=16 p.s. on the front page you have: http://www.sinisa.milicevici.com/real_estate/faq.php a link to that but it does not exist.

also lawl... I saved the source of someone elses send message, edited the form action to send it to myn, and send <script>alert("xss");</script> and it really [pointless expletive deleted], I mean you'll see if you fill that in all fields and click send. (no alert that I could get in the 20 seconds I worked on it... :'( ) @source: explain it properly and politely or not at all, please.

xss vulnerability when I public a pic, multiple fields.' http://www.arteinsania.net/artwork/000064 XSS vuln on edit profile page oy, dude I can cause errors on my profile page by setting values to "> etc.. and when i saved the source and messed with the maxlength vals I was able to fuck around a lot... "lives in none, united states" sure I could make that xss where the none is if I changed it's type to a form...

in the top left corner there is xss vuln (i search for <script>alert("xss");</script>) etc... then it gives mysql errors... I noticed your VBULLETIN also seems to be out of date. There most likely have been security patches/checks/etc... may want to consider upgrading. I go to say http://elitebattles.com/gamelist---1-War.html and do the same search and I get a mysql display "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/burly/public_html/pages/search.php on line 229" http://elitebattles.com/files.html also same errror with same search... http://elitebattles.com/games.html also coding your own stuff is the way to go in the future..

') or ('1'='1 entering that also produces the same error (in the topic id)

I found nothing security wise, good job.

like we said, half of the links are broke how can we mess with it?

agentsteal!!!!! It's source from HTS if you remember me.

http://streamline-creations.co.uk/beta/ p.s.: Most of the links don't work so how can we test them? Tho, your login SEEMS secure from SQL injection

wow: I thought I was done till I registered a site: I registered the account "asshole" password "password" Well I go to messages and there is NO option to send one. 2) I go to edit my page and I click edit and it logges me in as someone else ? WTF 3) Edit page doesn't work? 4) forums I was able to post a topic that was blank.

xss: http://jobspokhara.com.np/display_joblist.php?category=%3Cscript%3Ealert(1);%3C/script%3E p.s. I never got my email when I registered p.s.s. You're image verification was REALLY HARD TO READ

from some simple testing I was not actually able to produce XSS, but you had some errors: for example I could get anything to appaer over the forums link (add to it) etc.. might want to fix that

login is vulnerable to sql injection.

if ($_GET['page' > 0) { do this } Yes you should set a limit to how long their USername can be..

http://layoutsector.com/layouts.php?cat_id=4&page=-1 and I believe I registered with a username that contains javascript Use PHP to check the length of the username so people can't save the source etc... And mysqql. I'll look more in a little

http://www.zwmster.com/users/98?id=98 http://www.zwmster.com/users/99?id=99 Also, while I won't provide the link your search is also vulnerable to xss... either or/ you dont filter the name fiel that is optional upon registering